We are now in the age where applications are not built to be standalone. Just like their creators, solutions are becoming more and more “social” – for instance Lync enables users to add one another and share information; Exchange enables the sharing of calendar between individuals and even organisations possible without any IT involvement. As simple as it may seem to end users, it takes a lot of security measures to make applications “talk” to each other.
All of these are possible through the use of federation – a way for organisations and systems to form digital alliances and trusts. For customers new to sharing technologies based on federation they can find the various types available somewhat confusing, so I thought I would bring it back to basics with a breakdown of the various federation types.
A core part of federation is the Microsoft Federation Gateway – a cloud-based technology designed to serve as a mediator between services allowing convenient yet secure communication. It mainly serves as a “trust broker” between different Microsoft applications allowing users to connect and access the relevant Microsoft-based services that they want to use.
Using standard authentication methods such as SSL certificates to prove domain ownership; the Microsoft Federation Gateway makes it easy for businesses to create trust relationships with partners. Federation can also be easily controlled by allowing or denying list of users and domains – which guarantees that only appropriate groups or people are given access to protected information.
In the Microsoft world there three key types of federation.
Federation in Active Directory
There are many Microsoft products which run on the foundation of Microsoft Federation Gateway. For instance, Active Directory Federation Services (AD FS) allows secure identity sharing and user authentication in the form of “claims”. Examples of claims are the user’s name, groups or permissions. Once a claim has been authenticated, the user can utilise AD FS for single sign-on (SSO) which provides the ability to use a single user name and password across different applications).
AD FS also lessens administrative overhead by reducing the need for duplicate accounts and other credential management. AD FS streamlines account setup by facilitating SSO across different organisations, platforms and applications. AD FS also makes identity delegation easier which is very useful for distributed applications that may require a series of sequential checks for each application, database or service. Setup authentication is another facet of AD FS through federation which enhances security for authorisation and access in identity partnerships.
Federation in Exchange (Calendar)
Another Microsoft application which utilises federation is Exchange Calendar Federation. With this level of security in Microsoft Exchange Server and Exchange Online, organisations are able to share information with other Exchange Server or Office 365 users. By utilising the Microsoft Federation Gateway, users are able to make an authenticated request to share information like calendars without having to configure Outlook or Outlook Web App settings.
Exchange Calendar Federation is very easy to use and convenient as users can share calendars with external users or even entire external organisations; and since it uses federation, it doesn’t require additional sign-on and credential prompts. Controlling the type of calendar information shared together with the users and their corresponding levels is also very straightforward.
Federation in Lync
With federation, unified communications through Lync is convenient and secure. Once Lync Federation is activated, users within the organisation can easily add external users to their contact list, see presence information and send messages securely. Federation allows users to communicate with other external Lync users (as well as select other messaging systems) through voice, video, instant messaging and even share desktops and documents.
Lync does this by publishing a federation information using DNS. This record allows users to find other external users of Lync by simply adding the remote user to their contact list. Overall, federation enables Lync users to extend the communications capability of Lync to the cloud and give more functionality to customers, suppliers and partners by facilitating more open communication and collaboration.
Federation is just one of the many underpinnings of product architecture that sets Microsoft products apart from its competitors. With federation, not only it is convenient for organisations to integrate with various applications, but it also makes products secure and compliant with various legal and government regulations. Overall, federation brings technology closer to people, as well as people closer to people – all without end user complications.
Discover more from Loryan Strant, Microsoft 365 MVP
Subscribe to get the latest posts sent to your email.
Could federation gateway be used programmatically>
Can you elaborate on what you’re trying to achieve?