May 11 2018
- last edited on
Jul 24 2020
I need to make an ADFS with ADFS available for an application and would like to prepare it on the cloud.
Is there an AD Azure service that I can use with ADFS? If so, how does access to the service work? Is it a public or dynamic IP?
Or for that matter I have to create a virtual server to install Windwos Server and ADFS?
Is access to the AD + ADFS server created in Azure only accessible by a public IP? Is this ip fixed or dynamic? Or can I use it with a VPN Site to Site?
I know ADFS needs a digital certificate. In such cases, if it is service or server in Azure, how would it work?
May 12 2018
Azure AD has native support for SSO for applications that support ADFS: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
I'd recommend using that, it'll keep you away from unneccessary infrastructure and expenses and does not need anything extra like VM's or certificates.
If you do want to use ADFS itself, you'll need to build at least 1 VM with ADFS (component of Server 2016) and configure it with a certificate you buy. You'll need a fixed public IP, this is possible in Azure: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-deploy-static-pip-arm-portal
Site to Site vs public IP depends on where your clients are coming from, site to site is more expensive but also more secure.