Wednesday, March 27, 2013

ADFS is a Four Letter Word

ADFS = Active Directory Federation Service

In a recent blog post over at Okta they liken ADFS to be a four letter bad word. You can read the article but for the sake of completeness here are the most relevant parts:

Since its introduction with Windows Server 2008, Active Directory Federation Services (AD FS) 2.0 has been Microsoft’s answer to extending enterprise identity beyond the firewall. However, building an identity management solution with the AD FS toolkit has many hidden costs. While AD FS solves some identity challenges for Microsoft’s product family, as is typical from Microsoft, many more gaps exist when attempting to integrate with cloud or mobile applications from other vendors.

You might be considering implementing AD FS in your company, or maybe you already have.

For those of you considering it: AD FS is rarely free for enterprises. There are many hidden costs that creep up once companies decide to implement AD FS. IT departments must spend their time installing, configuring and maintaining each individual cloud application. That alone can easily cause headaches with IT.

For those of you have already implemented it: What if your company plans to scale from one application today to five, six or more in the next three years? Is your company’s IT department equipped to focus on tedious application installations instead of bigger projects?

Regardless, all the manually configured applications via AD FS require regular maintenance to ensure connectivity remains intact with corporate networks and infrastructure. In addition, there are server requirements and costs to consider and maintain.

The more you investigate @*F$ the more you might be interested in swapping it out for another four-letter word: Okta.
While I am not going to dispute what the author of the post states here I will pass along another four letter word that you can use for ADFS is FREE. Yes, that's right: FREE.

What's the context of that you ask? Well, it's simple. If I were a customer looking to buy a federation product - like the other four letter word Okta - I'd be using ADFS as a word to SAVE (another four letter word) money. How do you do that? Here's the conversation you can have:

You: I'm interested in your federation product. Here's my configuration. Can you give me a quote?

Them: Sure, based on what you've told me our product would cost you $XXX.

You: Are you kidding? Maybe I didn't explain my configuration or need correctly. Let me try again.

Them: No, that's the cost. $XXX.

You: Oh, well, you see, I can use ADFS for FREE.

Them: Well, nothing is free. Here, read this blog post, look at this ROI calculator, etc etc. (add other sales-type huffing and puffing here)

You: Yes, I understand what you are saying but ADFS is FREE. I might as well use ADFS at these prices.

Them: Well, maybe I have a little wiggle room. How about $Y?

Do you get the picture? My suggestion is when you talk to any of these vendors for federation software that you use a bunch of four letter words with them: ADFS, FREE and SAVE. You'll feel better and you won't have had to use a swear word once.