# WS-Federation integration

{% hint style="info" %}
**Active Directory Federation Services (AD FS)** is a Windows Server component that provides federated authentication and **Single Sign-On (SSO)**. AD FS enables users to access various applications and services using a single set of credentials.

**Protocols Supported by AD FS for SSO:**

1. **SAML (Security Assertion Markup Language)** – Used for exchanging authentication data between an Identity Provider (IdP) and a Service Provider (SP).
2. **WS-Federation** – Designed for integration with Microsoft products.
3. **OAuth 2.0** – Used for modern mobile and web applications.
4. **OpenID Connect (OIDC)** – Adds authentication capabilities on top of OAuth 2.0 for applications requiring login functionality.
   {% endhint %}

### There are two options for configuring login to **Exchange OWA**: <a href="#there-are-two-options-for-configuring-login-to-exchange-owa" id="there-are-two-options-for-configuring-login-to-exchange-owa"></a>

#### **1. Direct Integration**: <a href="#id-1.-direct-integration" id="id-1.-direct-integration"></a>

Configure login to **Exchange OWA** directly via **Hideez Identity Cloud** as the Identity Provider using the **SAML 2.0** protocol (2-tier architecture: *Exchange OWA → **SAML 2.0** → Hideez Identity Cloud*).

**Advantages:**

{% hint style="success" %}

1. **No AD FS required**: Eliminates the need for setting up and maintaining AD FS, simplifying the architecture and reducing maintenance costs.
2. **Simpler configuration**: Without the additional AD FS component, the setup process is quicker and easier.
3. **Faster access to resources**: Direct integration with Hideez Identity Cloud reduces additional steps in the authentication process, providing quicker access to resources.
4. **Reduced latency**: The direct integration model may lower response times compared to a multi-step architecture involving AD FS.
5. **Easier scalability**: Scaling is simpler, as there’s no need to manage or expand an AD FS infrastructure for new integrations.
   {% endhint %}

#### **2. Through AD FS**: <a href="#id-2.-through-a-d-fs" id="id-2.-through-a-d-fs"></a>

Configure login to **Exchange OWA** using **AD FS** with **Hideez Identity Cloud** as the Identity Provider, utilizing the **WS-Federation** protocol (3-tier architecture: *Exchange OWA → **WS-Federation** → AD FS → Hideez Identity Cloud*).

**Advantages:**

{% hint style="success" %}

1. **Leverages existing AD FS infrastructure**: If **AD FS is already installed and configured**, this option allows you to use the existing infrastructure without additional setup or changes.
2. **Integration with other Microsoft applications**: If the organization already integrates other Microsoft products via AD FS, this option allows centralized authentication management for all applications, including **Exchange OWA** and others.
3. **Centralized access policy management**: With AD FS in place, you can manage access policies and security measures centrally, ensuring consistent enforcement across all integrated services, including **Hideez Identity Cloud**.
4. **Enhanced security**: AD FS can be configured with additional security features like **MFA**, enhancing access protection for all connected resources.
5. **Convenient for organizations already using AD FS**: This option is ideal for organizations with established AD FS configurations, allowing easy integration of **Hideez Identity Cloud** as an external identity provider without major infrastructure changes.
   {% endhint %}

{% hint style="info" %}
**Please see the official Microsoft Documentation about** [**AD FS**](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-overview) **for more details.**
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://enterprise.hideez.com/hideez-server-integration/ws-federation-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.