{"id":167,"date":"2017-06-20T15:55:25","date_gmt":"2017-06-20T13:55:25","guid":{"rendered":"https:\/\/msb365.abstergo.ch\/?p=167"},"modified":"2017-06-20T15:55:25","modified_gmt":"2017-06-20T13:55:25","slug":"multi-adfs-forrest","status":"publish","type":"post","link":"https:\/\/www.msb365.blog\/?p=167","title":{"rendered":"Multi ADFS Forrest"},"content":{"rendered":"<p>About the way how you can deploy an ADFS Infrastructure I have already described <a href=\"https:\/\/msb365.abstergo.ch\/2017\/06\/15\/deploy-active-directory-federation-services-ad-fs-3-0\/\">here <\/a>and more about ADFS you can find in the Microsoft Technet Aricles<br \/>\n<a href=\"https:\/\/msdn.microsoft.com\/en-us\/library\/bb897402.aspx\">here<\/a>\u00a0or in the Technet Blog <a href=\"https:\/\/blogs.technet.microsoft.com\/adfs_documentation\/\">here <\/a>.<br \/>\nBut what about a SAAS for your Customers if you don\u2019t want, that they know each other?<br \/>\nNormaly you use a ADFS Infrastructure with a WAP (Proxy) Server. This you can configure with a simple or Multi Domain, the problem after the<br \/>\nLogin is, that you have to chose with which Site you wanna continue. This is so far the Problem because you don\u2019t want that one of your Customers<br \/>\nknows who is the other one.<br \/>\nThe Solution in this case is to deploy a Multi ADFS Infrastructure.<\/p>\n<p>\u00a0<\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-large wp-image-168\" src=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS-805x1024.jpg\" alt=\"\" width=\"805\" height=\"1024\" srcset=\"https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS-805x1024.jpg 805w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS-600x763.jpg 600w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS-236x300.jpg 236w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS-768x976.jpg 768w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS-780x992.jpg 780w, https:\/\/msb365.abstergo.ch\/wp-content\/uploads\/2017\/06\/Multi-ADFS.jpg 1043w\" sizes=\"(max-width: 805px) 100vw, 805px\" \/><\/p>\n<p>\u00a0<\/p>\n<p>As you can see it on the Picture, you deploy a dedicated ADFS Infrastructure with ADFS, WAP and AD \u2013 <strong>Lets call it CORE<\/strong>. After you deploy for each other, Customer<br \/>\nCompanies one more ADFS Infrastructure. Then you configure a Ferderation Trust between the CORE ADFS and all Company Sites.<br \/>\nBy all of your SAAS and Applications you configure the CORE ADFS as entry Point (eg. https:\/\/portal.contoso.com) so you will be routed to the CORE<br \/>\nADFS, after entering your Username \u2013 to be more precise the Customer Company Domain (eg. company1.com) you will be redirected to the 2nd ADFS Infrastructure,<br \/>\nof the Company1. Here your Customer can complete his Login and start using the SAAS or Applications.<\/p>\n<p>After setting up your Customer Portal in this way from the functional Site, you can continue with Customise the Look and feel of the ADFS Webportals.<br \/>\nBy the First ADFS (CORE) as example you can make a Company Branding from you or a white Labeling. On the 2nd Level ADFS Servers you can do it also individual<br \/>\nfor each Company. How to do it you can see <a href=\"https:\/\/msb365.abstergo.ch\/2017\/06\/20\/customizing-adfs-3-0-sign-page\/\">here<\/a>\u00a0in my Blog or in the Technet Article <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows-server\/identity\/ad-fs\/operations\/ad-fs-user-sign-in-customization\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>About the way how you can deploy an ADFS Infrastructure I have already described here and more about ADFS you can find in the Microsoft Technet Aricles here\u00a0or in the Technet Blog here . But what about a SAAS for your Customers if you don\u2019t want, that they know each other? Normaly you use a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-167","post","type-post","status-publish","format-standard","hentry","category-adfs"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=167"}],"version-history":[{"count":2,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":170,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=\/wp\/v2\/posts\/167\/revisions\/170"}],"wp:attachment":[{"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msb365.blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}