VIDIZMO is integrated with Microsoft Azure ACS (Access Control Service), which allows any Portal in VIDIZMO to be integrated with Facebook, Yahoo, Google, Windows Live, Enterprise Active Directory, and several other Identity Providers. This will provide enterprises with a centrally controlled access to corporate Portal. Another option is to use the VIDIZMO ID Connector, which is providing out-of-the-box access management on per user basis. The difference between VIDIZMO ID Connector and ADFS (Active Directory Federation Service) Single-Sign-On are discussed based on some parameters:


User Synchronization

ADFS SSO: With Azure ACS, the users are only authenticated and given access to VIDIZMO Portal on a need basis. It does not come with any synchronization feature that can sync users between Enterprise Active Directory and VIDIZMO Portals. However, it can block access for any disabled users since it is relying on Active Directory to do the authentication.

VIDIZMO ID Connector: We can define Domain, Users or Groups and their access to which Portal in Enterprise AD using VIDIZMO ID Connector. All unwanted user accounts are removed automatically.


Domain, OU or Group Mapping

ADFS SSO: It does not allow defining any rules for accessing Portal, it works on the normal access management structure where it provides a way to authenticate the user in Enterprise Active Directory.

VIDIZMO ID Connector: It allows which Domain, OU or Group in Enterprise AD gets access to the Portal. It enables organizations to have a centrally controlled management over user access and their privileges.


Rule-Based Access

ADFS SSO: It does not have this feature.

VIDIZMO ID Connector: It allows us to create custom rules that utilize other AD attributes to allow or deny access to VIDIZMO Portals. For example, you can allow all users in the HR department, who have Manager designation, or who have an Employee ID, etc. This department, designation and Employee ID must be specific fields in an AD that you can use in the rulemaking process. The rule is applied to every Portal and cannot be used for individual Portal access.


Support for Multi-Portal

ADFS SSO: It is to be administered and configured for each Portal separately if the organization has multiple Portals and wants to use ADFS SSO with Azure ACS.

VIDIZMO ID Connector: It allows you to add multiple Portals by configuring rules as described in the above section. This provides central configuration and management of all Enterprise Portals across the board.


Security

Security is a big concern for Enterprises. The level of security provided to Enterprises is the same in both ADFS SSO and VIDIZMO ID Connector. Both work on the principle of delegated authentication where one party is a relying party and the other is Identity Provider. They both use NTLM/Kerberos authentication to validate the user, following with an exchange of claims between them and VIDIZMO Portal. These claims are encrypted and therefore, cannot be modified.


Installation

ADFS SSO: Installed in the On-Premise server to authenticate Enterprise AD users with Microsoft Azure ACS. As long as ADFS is installed, published directly or through ADFS Proxy, there is no further installation required to make use of Azure ACS.

VIDIZMO ID Connector: This software can be installed on an IIS running Windows Server Machine with SQL Server and published on the internet.


Configuration

ADFS SSO: Its configuration must be done in two places, one is on the server on which ADFS is installed, and the other is at the Azure ACS end. On ADFS, the relying party trust must be established between ADFS and Azure ACS (with Azure ACS being the relying party). On Azure ACS, ADFS must be added as Identity Provider to delegate authentication. ADFS configuration is normally done by the customer, while Azure ACS depending on the Azure account being used, will be done by VIDIZMO Support.

VIDIZMO ID Connector: It requires configuration on the server-box where it is installed as well as on the VIDIZMO Portal. This configuration involves setting up a database, sync configuration & global settings, adding channels and defining channel mappings to Domain/OU/Group. VIDIZMO ID Connector must be published on the internet, preferably on HTTPS and on the Portal end, an administrator must set VIDIZMO ID Connector URL for the channel.


Conclusion



VIDIZMO ID Connector
Azure ACS – ADFS
User Synchronization  
Available  
Not Available  
Domain/OU/Group Mapping  
Available  
Not Available  
Rule-Based Access  
Available  
Not Available  
Support for Multi-Portal  
Available  
Available with every Portal setup requirement  
Security  
Uses NTLM/Kerberos with encrypted claims  
Uses NTLM/Kerberos with encrypted claims  
Installation  
IIS, SQL Server  
Uses existing ADFS  
Configuration  
Database, Sync, General Configuration, publishing  
Added a trusted relying party in ADFS