ForgeRock Blog

Demystifying Cloud Bridging: The Truth About Microsoft ADFS

Cloud Bridging” is the word on the street. It’s about providing business enterprises with turnkey software for provisioning, federating, and synching their user identities with cloud applications.

Cloud Bridging is in fact very important  because it drastically reduces the time it takes enterprises to on-board users into cloud services. At the same time, it helps cloud service providers speed-up customer adoption by eliminating IDs and passwords.

When it comes to cloud bridging, however, there is a significant amount of confusion around Microsoft’s Active Directory Federation Services (ADFS). A common question is: “Can’t I just use ADFS to do that already?” The short answer is no.

First, Microsoft ADFS is a “kit of parts” rather than packaged software. You need to go through a weighty configuration process for each cloud service you want to “turn on.” In other words, you need to custom configure each cloud connection. Alternatively, a bridge is pre-packaged to eliminate custom work. You simply deploy it, run a configuration wizard, and you are done. No pain. Immediate results.

Secondly, Microsoft ADFS is for single sign-on only. It does not do provisioning, synchronization, workflow, or reconciliation. A bridge covers single sign-on plus all of these other capabilities. You add a user to AD and the bridge immediately provisions to the cloud service. You change a password in AD and the bridge immediately updates the cloud service. You revoke access to an account in AD and the bridge immediately makes it inaccessible in the cloud service. Essentially, it is a hybrid solution offering both identity management and access management capabilities.

Thirdly, a bridge offers simple mappings between ADFS data and cloud application data. With a bridge, you use a simple GUI to map fields and add custom rules for areas where those mappings are not simple 1:1 relationships. ADFS requires custom configuration for each cloud service you enable. In short, bridge is much simpler and faster.

Finally, a bridge is aimed at providing a simple, repeatable process for on-boarding cloud services without requiring custom development each time. It should make it possible to very quickly tie your enterprise identity infrastructure together with your cloud infrastructure, so you can easily on-board new services without delay—and reap immediate business value.

In the world of Identity Relationship Management, it is essential that customers see benefits immediately. Identity can’t be a major development effort every time a new service is needed. A cloud bridge is essential to speeding and smoothing identity management in every borderless enterprise, and is a necessary complement to ADFS.

Daniel Raskin


More posts by Daniel :