# WS-Federation integration

{% hint style="info" %}
**Active Directory Federation Services (AD FS)** is a Windows Server component that provides federated authentication and **Single Sign-On (SSO)**. AD FS enables users to access various applications and services using a single set of credentials.

**Protocols Supported by AD FS for SSO:**

1. **SAML (Security Assertion Markup Language)** – Used for exchanging authentication data between an Identity Provider (IdP) and a Service Provider (SP).
2. **WS-Federation** – Designed for integration with Microsoft products.
3. **OAuth 2.0** – Used for modern mobile and web applications.
4. **OpenID Connect (OIDC)** – Adds authentication capabilities on top of OAuth 2.0 for applications requiring login functionality.
   {% endhint %}

### There are two options for configuring login to **Exchange OWA**: <a href="#there-are-two-options-for-configuring-login-to-exchange-owa" id="there-are-two-options-for-configuring-login-to-exchange-owa"></a>

#### **1. Direct Integration**: <a href="#id-1.-direct-integration" id="id-1.-direct-integration"></a>

Configure login to **Exchange OWA** directly via **Hideez Identity Cloud** as the Identity Provider using the **SAML 2.0** protocol (2-tier architecture: *Exchange OWA → **SAML 2.0** → Hideez Identity Cloud*).

**Advantages:**

{% hint style="success" %}

1. **No AD FS required**: Eliminates the need for setting up and maintaining AD FS, simplifying the architecture and reducing maintenance costs.
2. **Simpler configuration**: Without the additional AD FS component, the setup process is quicker and easier.
3. **Faster access to resources**: Direct integration with Hideez Identity Cloud reduces additional steps in the authentication process, providing quicker access to resources.
4. **Reduced latency**: The direct integration model may lower response times compared to a multi-step architecture involving AD FS.
5. **Easier scalability**: Scaling is simpler, as there’s no need to manage or expand an AD FS infrastructure for new integrations.
   {% endhint %}

#### **2. Through AD FS**: <a href="#id-2.-through-a-d-fs" id="id-2.-through-a-d-fs"></a>

Configure login to **Exchange OWA** using **AD FS** with **Hideez Identity Cloud** as the Identity Provider, utilizing the **WS-Federation** protocol (3-tier architecture: *Exchange OWA → **WS-Federation** → AD FS → Hideez Identity Cloud*).

**Advantages:**

{% hint style="success" %}

1. **Leverages existing AD FS infrastructure**: If **AD FS is already installed and configured**, this option allows you to use the existing infrastructure without additional setup or changes.
2. **Integration with other Microsoft applications**: If the organization already integrates other Microsoft products via AD FS, this option allows centralized authentication management for all applications, including **Exchange OWA** and others.
3. **Centralized access policy management**: With AD FS in place, you can manage access policies and security measures centrally, ensuring consistent enforcement across all integrated services, including **Hideez Identity Cloud**.
4. **Enhanced security**: AD FS can be configured with additional security features like **MFA**, enhancing access protection for all connected resources.
5. **Convenient for organizations already using AD FS**: This option is ideal for organizations with established AD FS configurations, allowing easy integration of **Hideez Identity Cloud** as an external identity provider without major infrastructure changes.
   {% endhint %}

{% hint style="info" %}
**Please see the official Microsoft Documentation about** [**AD FS**](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-overview) **for more details.**
{% endhint %}