Using Microsoft® Federation Services and Citrix® to Extend Your Business Systems
By: Adam Hensley
In today’s business environment, organizations are being asked to extend fewer operational resources to a greater number of partners, suppliers, and customers Extending systems to business partners, remote and contract employees, and customers can make a company more agile. However, this type of access creates additional administrative difficulties and security risks. Likewise, there can also be a need to give internal users access to systems and resources in other companies’ environments. With these drivers and challenges, many of the security issues IT shops encounter are in the management of a large number of external identities. Consequently, using a third party system to manage these identity related risks is a very attractive prospect.
Enter Federation Services. Federation is a set of standards-based technology and IT processes which allow organizations to establish a loose trust with one another. A user can be authenticated in one organization and be able to access web resources in a different organization. This is similar to an Active Directory forest trust, but takes the ideas further by going outside the boundary of an organization and allowing the sharing of web resources in a completely different organization.
Adopting Federation Services can include many benefits:
- It helps improve the end user experience by allowing single sign-on across networks and organizational boundaries, minimizing the need for users to have multiple accounts to different remote systems
- It increases security and helps simplify account administration in a number of ways:
- heightened identity assurance
- no password management of account partner users
- account deactivation is handled by the resource domain
- account partners can easily be disabled at the organization level
- there is no need to set up a trust domain relationship as the federation services handle the security
- strong authentication such as user certificates or OTP tokens can be layered on top of federation claim for extra security.
Federation standards were designed with web based applications in mind. Citrix® has added Federation support to their Web Interface product to extend the capabilities of Active Directory Federation Services (ADFS), bridging the gap between web applications and Windows® or host-based applications. Citrix® also increases the federation security by providing greater control over data usage, allowing for increased identity insurance, and facilitating access logging and auditing across organizations.
By creating an ADFS enabled Web Interface site, a company can give access to internal applications, web applications, and network files to partner organizations, contractors, customers, etc. through Citrix® Published Applications. If the published application has its own security, using a product like Citrix® Password Manager to provide the username and password will give a complete web based federated single sign-on solution.
If you would like more information on this topic and the services that Vitalize Consulting Solutions, Inc. has to offer, please contact us at our Corporate Offices 610-444-1233 or vcs@getvitalized.com. We are also always available on our website www.getvitalized.com.