Active Directory Federation Services (ADFS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries.
It uses a claims-based access-control authorization model to maintain application security and to implement federated identity.
A federation server on one side (the accounts side) authenticates the user through the standard means in Active Directory Domain Services and then issues a token containing a series of claims about the user, including their identity.
On the other side, the resources side, another federation server validates the token and issues another token for the local servers to accept the claimed identity.
[citation needed] In practice a user might typically perceive this approach as follows: ADFS integrates with Active Directory Domain Services, using it as an identity provider.