Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

AD+ADFS (How to make?)

Copper Contributor

Hello,

 

I need to make an ADFS with ADFS available for an application and would like to prepare it on the cloud.

 

Is there an AD Azure service that I can use with ADFS? If so, how does access to the service work? Is it a public or dynamic IP?

 

Or for that matter I have to create a virtual server to install Windwos Server and ADFS?

Is access to the AD + ADFS server created in Azure only accessible by a public IP? Is this ip fixed or dynamic? Or can I use it with a VPN Site to Site?

 

I know ADFS needs a digital certificate. In such cases, if it is service or server in Azure, how would it work?


Thank you.

1 Reply

Azure AD has native support for SSO for applications that support ADFS: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps

 

I'd recommend using that, it'll keep you away from unneccessary infrastructure and expenses and does not need anything extra like VM's or certificates.

 

If you do want to use ADFS itself, you'll need to build at least 1 VM with ADFS (component of Server 2016) and configure it with a certificate you buy. You'll need a fixed public IP, this is possible in Azure: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-deploy-static-pip-arm-portal

 

Site to Site vs public IP depends on where your clients are coming from, site to site is more expensive but also more secure.