Active Directory Federation Services: Private Key Storage and SafeNet Enterprise HSM

Active Directory Federation Services: Private Key Storage and SafeNet Enterprise HSM 

Microsoft Active Directory Federation Services (AD FS) is a tool installed on Windows servers that provides users throughout an enterprise with single sign-on (SSO) access to network and cloud-based resources. AD FS verifies user identities based on an exchange of private and secure information generated from a variety of authentication technologies–including certificate-based authentication, OTP, OOB, and pattern-based authentication–generated from a wide variety of form factors, such as hardware, software, or mobile tokens. When users authenticate to AD FS, they need only sign in once to then receive access to multiple web applications over the life of a single online session.

SafeNet Enterprise HSM (formerly Luna SA) integrates with AD FS to secure the token signing and certificate private keys. Preserving the token signing and certificate keys in SafeNet Enterprise HSM, organizations preserve the integrity of the authentication transaction. Since these materials never leave the hardware appliance, unauthorized users never have access to the materials they would need to steal to impersonate an authorized user. When SafeNet Enterprise HSM serves as the secure root to the SSO infrastructure, organizations can rest assured that identity verification transactions will be uncompromised.