In this article, the basic differences between the Vidizmo ID Connector and ADFS SSO are discussed. We will see which one is better in what circumstances and which one do we need and on what scenario.


VIDIZMO can integrate with Microsoft Azure ACS and by using this feature any channel can be integrated with Facebook, Yahoo! ID, Google ID, Windows Live ID, Enterprise Active Directory and several other Identity Providers.


However, for enterprises, this means that they have another option for user authentication. Furthermore, this will provide enterprises with a centrally controlled access to a corporate channel. 


Another option is to use VIDIZMO ID Connector which is providing out of the box access management on per user basis. 


User Synchronization


ADFS SSO with Azure ACS, the users are only authenticated and given access to VIDIZMO Channel on a need basis. It does not come with any synchronization feature that can sync users between Enterprise Active Directory and VIDIZMO channels. However, it is capable of blocking the access for any disabled users since it is relying on Active Directory to do authentication.


VIDIZMO ID Connector, on the other hand, has built-in synchronization tool that provides great control and depth on who gets access to which channel. This automatically creates as well as removes any unwanted user accounts from VIDIZMO Channel.


Domain/OU/Group Mapping


ADFS SSO does not allow defining rules for accessing channel, and it works on flat access management structure. It primarily provides a way to authenticate the user from Enterprise Active Directory.


VIDIZMO ID Connector though has a feature where you could define which Domain, OU or Group in Enterprise AD gets access to which channel. With this feature, IT and businesses can easily control access rights for enterprise users, allowing them having granularity in access management and finer control over user access and their privileges.


Rule Based Access


ADFS SSO does not have this feature.


VIDIZMO ID Connector has a feature in which you can create custom rules that utilize other AD attributes to allow or deny access to VIDIZMO channels as Domain/OU/Group mapping is not enough. For example, you can allow all users who are part of HR department or who have managers designation or who have EmployeeID, etc. In these examples, department, designation, and EmployeeID have to be specific fields in AD that you can use in your rule. These rules, however, apply to all channels and cannot be used for individual channel access.


Support for Multi-Channel


ADFS SSO has to be administered and configured for each channel separately if an organization has multiple channels and wants to use ADFS SSO with Azure ACS.


VIDIZMO ID Connector you can add multiple channels and configure rules as described above at a central place. This allows central configuration as well as management of all enterprise channels across the board.


Security


Security is a big concern for enterprises. The security level of both authentication methods is somewhat similar to one another. Both ADFS SSO and VIDIZMO ID Connector work on the principle of delegated authentication, where one party is a Relying Party, and the other one is the Identity Provider. And both of them do authentication pretty much the same way. ADFS SSO (via Azure ACS), as well as VIDIZMO ID Connector, use NTLM/Kerberos authentication to validate the user, following with an exchange of claims between them and VIDIZMO Channel. These claims are encrypted and therefore cannot be interfered with or modified. So in short, both works the same way.


Installation


ADFS SSO works on ADFS role installed in the on-premise server to authenticate enterprise AD users with Microsoft Azure ACS. So as long as ADFS is installed, published directly or through ADFS Proxy, there is no further installation required to make use of Azure ACS.


VIDIZMO ID Connector, however, is a software that has to be installed on a server machine, which should be part of the Domain/Forest that has the user base you want to allow access to your channel. This software can be installed on an IIS running Windows Server machine with SQL Server and published on the internet.


Configuration


ADFS SSO configuration has to be done in two places. One is on the server on which ADFS role is installed which will be on premise, and another part is at the Azure ACS end. On ADFS, the Relying Party Trust has to be established between ADFS and Azure ACS, with Azure ACS being the Relying Party. On Azure ACS on the other hand, ADFS has to be added as Identity Provider to delegate authentication. ADFS configuration normally is done by the customer, while Azure ACS depending on the Azure account being used, will be done VIDIZMO Support.


VIDIZMO ID Connector requires configuration on the server box where it is installed as well as on the VIDIZMO Channel. This configuration involves setting up a database, sync configuration & global settings, adding channels and defining channel mappings to Domain/OU/Groups. VIDIZMO ID Connector has to be published on the internet as well, preferably on HTTPS. On channel end, an administrator has to set VIDIZMO ID Connector URL for the channel.


Conclusion


To sum it up, the following chart provides the overview of what was discussed above.



VIDIZMO ID Connector
Azure ACS – ADFS
User Synchronization
Available
Not Available
Domain/OU/Group Mapping
Available
Not Available
Rule Based Access
Available
Not Available
Support for Multi-Channel
Available
Available with per Channel ACS/ADFS setup required
Security
NTLM/Kerberos Authentication + Encrypted Claims
NTLM/Kerberos Authentication + Encrypted Claims
Installation
Windows Server + IIS + SQL
Uses existing ADFS
Configuration
Database + Sync + General Configuration + Publishing
Adding Trusted Relying Party in ADFS


As you can see both products have overlapping functionalities with some pros & cons. They both primarily do the same thing but in different ways. Based on business & IT requirements and existing infrastructure, you should go for the product that suits you more.