Difference between adfs and azure AD

Miss Inquisitive picture Miss Inquisitive · Apr 2, 2019 · Viewed 9.9k times · Source

Differences between ADFS and Azure AD

  1. I understand that ADFS is a STS (Secure Token Service) in the sense that it issues tokens to applications that helps applications establish user identity. At an organization level, our org uses ADFS with WS-Federation protocol to authenticate users across all internal application of organization and also implement SSO.

  2. Also in our organization we have Azure AD account, and I have used Azure AD to register our custom apps, and whenever an unauthenticated user enters our app, the person will redirected to azure ad login page and will have to authenticate himself. After successful authentication Azure AD also issues token(ID Token, access token, Refresh Token)

My question is that can I consider Azure AD also a type of STS (Secure Token Service) just like ADFS because it issues tokens to establish client identity?

Answer

rbrayb picture rbrayb · Apr 2, 2019

ADFS only handles authentication and authorisation. It does not handle user provisioning.

In that sense ADFS is not an Identity provider, It's just a STS.

You need separate instances of ADFS (auth.) and AD (user). AAD combines both.

As its name implies ADFS is a federation layer that sits on top of AD.

Also, ADFS is an R-STS in that it can be in the middle of a federation chain. It can handle upstream and downstream requests . AAD can't - it is always the endpoint.

ADFS has the power of claims rules, AAD has no such concept.