Multi ADFS Forrest

About the way how you can deploy an ADFS Infrastructure I have already described here and more about ADFS you can find in the Microsoft Technet Aricles
here or in the Technet Blog here .
But what about a SAAS for your Customers if you don’t want, that they know each other?
Normaly you use a ADFS Infrastructure with a WAP (Proxy) Server. This you can configure with a simple or Multi Domain, the problem after the
Login is, that you have to chose with which Site you wanna continue. This is so far the Problem because you don’t want that one of your Customers
knows who is the other one.
The Solution in this case is to deploy a Multi ADFS Infrastructure.

 

 

As you can see it on the Picture, you deploy a dedicated ADFS Infrastructure with ADFS, WAP and AD – Lets call it CORE. After you deploy for each other, Customer
Companies one more ADFS Infrastructure. Then you configure a Ferderation Trust between the CORE ADFS and all Company Sites.
By all of your SAAS and Applications you configure the CORE ADFS as entry Point (eg. https://portal.contoso.com) so you will be routed to the CORE
ADFS, after entering your Username – to be more precise the Customer Company Domain (eg. company1.com) you will be redirected to the 2nd ADFS Infrastructure,
of the Company1. Here your Customer can complete his Login and start using the SAAS or Applications.

After setting up your Customer Portal in this way from the functional Site, you can continue with Customise the Look and feel of the ADFS Webportals.
By the First ADFS (CORE) as example you can make a Company Branding from you or a white Labeling. On the 2nd Level ADFS Servers you can do it also individual
for each Company. How to do it you can see here in my Blog or in the Technet Article here.

Leave a Reply

Your email address will not be published. Required fields are marked *