What is ADFS in Azure Cloud? (Active Directory Federation Services)? Azure AD( Azure Active Directory) vs ADFS

ADFS (Active Directory Federation Services) is a Microsoft service that allows organizations to authenticate users against their on-premises Active Directory (AD) and provide single sign-on (SSO) access to cloud-based applications. ADFS is typically used in scenarios where an organization wants to maintain control of their user authentication and authorization process, but wants to provide SSO access to cloud-based resources.

In ADFS, user information is typically stored in the on-premises Active Directory. This includes information such as the user's name, email address, and password hash. ADFS uses this information to authenticate users and provide SSO access to cloud-based applications.

Azure Active Directory (Azure AD) is a separate service provided by Microsoft that allows organizations to authenticate users and manage access to cloud-based resources. Unlike ADFS, Azure AD does not rely on an on-premises Active Directory, and user information is typically stored in the cloud. Azure AD can be used to authenticate users for both cloud-based and on-premises resources.

In Azure AD, user information is typically stored in Azure AD itself, not in ADFS. So, if you're using an external API for username and password authentication, it's likely that you are using Azure AD as the authentication provider. With Azure AD, you can use different flows to authenticate the user like client credentials flow, authorization code flow, hybrid flow, password grant flow etc.

ADFS is typically used in scenarios where an organization wants to maintain control of their user authentication and authorization process, but wants to provide SSO access to cloud-based resources.

ADFS allows organizations to authenticate users against their on-premises Active Directory (AD) and provide SSO access to cloud-based applications. This allows organizations to maintain control over their user authentication process, since the user information and credentials are stored in the on-premises AD, which is under the organization's control.

With ADFS, organizations can set up trust relationships with cloud-based applications, allowing users to access these applications with their on-premises AD credentials. This eliminates the need for users to remember multiple usernames and passwords, and makes it easier for organizations to manage access to cloud-based resources.

Additionally, ADFS allows organizations to implement multi-factor authentication and to implement authorization policies based on attributes of the user, such as group membership or location. This allows organizations to ensure that only authorized users have access to specific resources, and to enforce their security policies for cloud-based resources.

ADFS is typically used in scenarios where an organization wants to maintain control over their user authentication process by authenticating users against their on-premises AD and at the same time providing SSO access to cloud-based applications. This allows organizations to secure and control access to cloud-based resources while providing a seamless and user-friendly experience to end-users.

In Azure Active Directory (Azure AD), user information is typically stored in Azure AD itself, not in ADFS. Azure AD can be used as an identity provider for authenticating users to cloud-based resources, and it does not rely on an on-premises Active Directory.

When using an external API for username and password authentication, it means that the authentication process is not managed by Azure AD.

Instead, the authentication process is managed by the external API, and Azure AD is not aware of the user's credentials. In this scenario, Azure AD would only store information about the application, such as the client ID and secret, which are used to authenticate the application to Azure AD.

It is also possible that you are using client credentials flow for authentication, In this flow, the application authenticates to Azure AD with its own credentials (client ID and secret) and doesn't need user credentials. In this case, Azure AD only stores the application details, such as the client ID and secret, and not the user information.

In summary, Azure AD can be used as an identity provider and store user information, but in the case where you are depending on an external API for username and password authentication, only the application details would be stored in Azure AD, if you are using client credentials flow.

In summary, ADFS is a service that allows organizations to authenticate users against their on-premises Active Directory and provide SSO access to cloud-based applications. User information is stored in on-premises AD. While, Azure AD is a separate service that allows organizations to authenticate users and manage access to cloud-based resources and user information is stored in Azure AD.