Active Directory Federation Services (AD Federation Services) is a feature of the Windows Server operating system that extends end users' single sign-on access to applications and systems outside the corporate firewall.
Microsoft's traditional Active Directory technology stores usernames and passwords and uses them to manage and secure access to computers on a Windows domain. It also provides single sign-on access to corporate applications. AD Federation Services builds upon this functionality to authenticate users on third-party systems, such as another company's extranet or a service hosted by a cloud provider.
Active Directory Federation Services aims to reduce the complexity around password management and guest account provisioning, and it has taken on additional importance as organizations and employees rely more on Software as a Service (SaaS) and Web applications. SaaS and Web apps typically require their own user accounts, and AD Federation Services ties those usernames and passwords to existing identities. Once a user logs in with his or her Windows credentials, AD Federation Services authenticates access to all approved third-party systems.
Active Directory Federation Services was first released with Windows Server 2003 R2.