Active Directory Federation Services (AD FS) can be used to create highly extensible, Internet-scalable, and secure identity access solutions that can operate across multiple platforms, including both Windows and non-Windows environments.

AD FS 2.0 helps simplify access to applications and other systems with an open and interoperable claims-based model. The AD FS 2.0 platform supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols.

AD FS 2.0 is supported only on Forefront Unified Access Gateway (UAG) Service Pack 1.

It is recommended that you use AD FS 2.0 and not AD FS 1.x because AD FS 2.0 supports SAML tokens and claims, but AD FS 1.x supports only NT tokens. In addition, AD FS 2.0 allows you to use AD FS 1.x profiles that support relying parties that are interoperable with AD FS 1.x.

About this guide

This guide is intended for the Forefront UAG and AD FS 2.0 administrators responsible for integrating Forefront UAG with an existing AD FS deployment to provide access to remote and partner employees to applications published through Forefront UAG.

If you are reading this help from the Forefront UAG Management console, the latest version of this guide is available in the Forefront UAG TechNet library

It is not supported to use AD FS 2.0 and AD FS 1.x servers concurrently within your organization. It is recommended that you migrate your AD FS 1.x servers to AD FS 2.0. See Migrating from AD FS 1.x to AD FS 2.0 (

This guide contains the following topics: