Active Directory Federation Service


UW ADFS is retired as of 2/18/2022. Customers with applications that have WS-* protocol requirements should use Azure Active Directory.
Web applications can be integrated with UW NetIDs and the UW Groups service via a variety of methods, including Entra ID and UW Shibboleth. UW Shibboleth and Entra ID are both generally recommended. Guide to which UW Identity Provider your web application should prefer:
Web app ... UW Entra ID UW Shibboleth
requires use of SAML or OIDC

X

X
requires use of WS-Federation or WS-Trust protocols

X
requires the OAuth protocol

X
requires integration with Office 365 or other Entra ID apps

X
requires user provisioning via the SCIM protocol

X
has an Entra ID application gallery template

X
requires support team access to app sign in logs

X
requires custom terms of use

X
requires Research and Scholarship category support

X
requires custom IdP metadata

X
requires multilateral SAML federation

X
requires support for social identities such as Facebook

X
requires broadest possible set of identity providers

X
requires better user experience via sign in only when required

X
requires group claims for member-private groups

X
requires claims involving confidential data

X
requires simple conditional access controls such as: -group membership -IP address

X

X
requires advanced conditional access controls including: -location (IP, GeoRegion, or GPS) -device platform -client application -client device state -sign in risk -application specific restrictions

X
requires stronger fraud protections such as: -behavior analytics to flag risky signs in such as: atypical travel, unknown/suspect locations, patterns matching known compromised account signatures -detection of publicly leaked credentials -high volume of daily security signals

X