Safewhere*Identify and ADFS: a brief comparison

ADFS has long been a popular name for identity, access management and creation of single sign-on. Whilst offering low initial cost, ADFS has many critical limitations on customization, standards support, user provisioning and so forth. With the release of ADFS 3.0 in 2012, it is even more so since ADFS literally becomes a close-wall with such tight integration to the operating system that offers extremely low to no level of customization.

Having said that, Safewhere*Identify and ADFS are not rivals. On the contrary, it is possible for the two to effectively cooperate. When Microsoft’s architecture is involved, ADFS normally functions as a bridge between Kerberos and Safewhere*Identify; despite that fact that Safewhere*Identify fully support AD and Kerberos – just like ADFS . This setup arises since many companies already installed ADFS that comes at no cost under Microsoft CAL licenses. In this article, we briefly indicate a few advantages of Safewhere*Identify over ADFS on some primal areas.

Users: While ADFS only able to authenticates users stored in AD, Safewhere*Identify can work with any external hosted user database, a user can be represented by multiple login accounts.

Adaptability & Flexibility: Safewhere*Identify comes with a lot of options right out of the box, from different login pages per web browser, device types, to the ability to customize and localize text fields and error pages.

Federation Design: unlike ADFS, which only supports one Identity Provider and one Service Provider per server, Safewhere*Identify makes it possible to implement multiple Identity Provider and Service Provider using separate instances whose services and user stores are independent from one another.

Redundancy: The number of servers for Safewhere*Identify will not grow rapidly when multiple Identity Providers and Service Providers are used.

Control console: Safewhere*Identify uses a full-fledge web-based UI that offers many flexibilities over the tradition MMC-based console of ADFS.

User provisioning: This area clearly indicates why Safewhere*Identify is the needed enhancement of ADFS, which offers no support for user provisioning. Safewhere*Identify allows you to provision users and roles to any user databases and directory services.

Extensive support for different login methods: Support for the following login methods:

  • Social login methods like Facebook, Google, Twitter, LiveID, OpenID, and LinkedIn.
  • Two-factor authentication using one time passwords and Device Code authentication.
  • A Generic Provider feature that allows you to easily create your own authentication provider.
  • Federation protocols including SAML 2.0, WS-Federation, OpenID Connect, and OAuth 2.0.

You can find a complete comparison of the two systems by clicking the following link.

Last but not least, running as a .NET web application in IIS, Safewhere*Identify allows you to apply your knowledge in this domain without any hassle, thus reduce the training cost of your company.





Was this helpful ?Good Somewhat Bad