Rhys Goodwin As I’ve mentioned before here at the Force.com blog, single sign-on (SSO) has become a must-have feature for cloud deployments – users love being able to access cloud-based resources without having to juggle another username/password combination, and IT operations love the control it gives them over users’ access to those resources – when an employee leaves the company, marking them as inactive in the enterprise’s identity store also puts associated cloud-based services out of reach.

In practice, the most common enterprise identity store is Microsoft’s Active Directory. Since the release of Active Directory Federation Services (AD FS) version 2.0 about a year ago, it has been possible to configure SSO from an AD domain to Salesforce and customer apps running on Force.com. In researching an article on setting up SSO with AD FS, I came across Rhys Goodwin‘s excellent blog entry on the topic. With Rhys’ kind permission, I extended and adapted the blog entry as a Developer Force article: Single Sign-On with Force.com and Microsoft Active Directory Federation Services. If you’re seeing co-workers furtively referring to password cheat-sheets as you walk around the office, you might want to take a look at it!

tagged Bookmark the permalink. Trackbacks are closed, but you can post a comment.
  • Jake Harris

    I would love to try this out, but under requirements it says we must have Enterprise or Datacenter editions. Are you sure about that? We’re using Windows Server 2008 R2 Standard, and I thought that ADFS 2.0 was supported under that edition, too.
    Thanks!
    -Jake

  • http://blog.superpat.com/ Pat Patterson

    Hi Jake – Microsoft’s ‘Edition Comparison by Server Role’ page lists AD FS for Enterprise and Datacenter only: http://www.microsoft.com/windowsserver2008/en/us/r2-compare-roles.aspx