Active Directory Federation Service

Last updated: February 18, 2022

UW ADFS is retired as of 2/18/2022. Customers with applications that have WS-* protocol requirements should use Azure Active Directory.

Web applications can be integrated with UW NetIDs and the UW Groups service via a variety of methods, including Azure AD. In the past, UW-IT has generally recommended using UW Shibboleth for web application integration. Azure AD is now also generally recommended. 

Guide to which UW Identity Provider your web application should prefer:

Web app … UW Azure AD UW Shibboleth
requires use of SAML or OIDC

X

X

requires use of WS-Federation or WS-Trust protocols

X

requires the OAuth protocol

X

requires integration with Office 365 or other Azure AD apps

X

requires user provisioning via the SCIM protocol

X

has an Azure AD application gallery template

X

requires support team access to app sign in logs

X

requires custom terms of use

X

requires Research and Scholarship category support

X

requires custom IdP metadata

X

requires multilateral SAML federation

X

requires support for social identities such as Facebook

X

requires broadest possible set of identity providers

X

requires better user experience via sign in only when required

X

requires group claims for member-private groups

X

requires claims involving confidential data

X

requires simple conditional access controls such as:

-group membership
-IP address

X

X

requires advanced conditional access controls including:

-location (IP, GeoRegion, or GPS)

-device platform

-client application

-client device state

-sign in risk

-application specific restrictions

X

requires stronger fraud protections such as:

-behavior analytics to flag risky signs in such as: atypical travel, unknown/suspect locations, patterns matching known compromised account signatures

-detection of publicly leaked credentials

-high volume of daily security signals

X