Hey everyone,
I'm part of a large enterprise that has been using Active Directory Federation Services (ADFS) for many years now. We're starting to think about modernizing our authentication methods, but I'm feeling overwhelmed because of how entrenched ADFS is in our systems.
Here's a bit of context:
- We have a thorough ADFS setup integrated with a ton of applications.
- Our infrastructure relies heavily on on-premises systems.
- We've made significant investments in customizing our ADFS.
- Our user base is large, and the current authentication setups are well-established.
I'm reaching out for any experiences shared regarding the migration process:
- If you've done a large-scale ADFS migration, what challenges did you face?
- How did you manage the transition without disrupting user access?
- What lessons did you learn?
I'd also love to compare solutions:
- For those who moved to Microsoft Entra ID, was the cost benefit really as big as Microsoft says?
- How do third-party options like Okta or Auth0 stack up against ADFS in enterprise settings?
- Are there other alternatives we should look into?
Additionally, I'd appreciate insights on:
- Any hidden costs we should plan for?
- How have others tackled legacy application integration during this transition?
- What strategies helped manage change effectively?
- What security and compliance considerations should we keep in mind?
I'm eager for recommendations, warnings, or any helpful tales from those who've been through this. Thanks a ton!
5 Answers
I only have one application left that’s still tied to ADFS. The developers are hesitant to switch to Entra, so I’m in a tough spot managing the existing ADFS setup just for that one app. It's frustrating!
Compliance is key! Secureframe can help you integrate with Azure and Microsoft Entra ID, which might assist with adhering to various IT security standards.
Watch out if you have on-prem Dynamics! I moved many clients from ADFS to Entra ID without user downtime. If you set up both ADFS and Entra ID simultaneously, you can deactivate ADFS once everything’s running smoothly, making the transition easier. The sign-in experience improves significantly with Entra ID too!
What are some specific reasons you prefer Entra ID over ADFS?
Are you planning to handle the migration in-house or hiring a contractor to assist?
I'm still figuring that out! This conversation is helping me weigh my options.
If you’re a big enterprise still using ADFS, your Microsoft reps might be surprised! They can provide support to help transition away from ADFS.
Could you explain why they might be stunned? Are we really that behind?
Absolutely! ADFS is becoming outdated, so any guidance from Microsoft could be invaluable.
The user experience is far better with Entra ID, especially on shared devices!