Case Study

State Court System Manages User Identity in Cloud Based Application

Organizational Challenge

Migrating to a hybrid cloud infrastructure meant increased sign-on complexity for users, causing dissatisfaction with the new systems. Additionally, the client had the requirement of only granting access to SharePoint services in Office 365 while also restricting authentication to when they were connected to the state LAN.

Business Situation

C/D/H was in the process of migrating this organization's on premise SharePoint to Office 365. The C/D/H infrastructure team was called in to assist with the Active Directory Federation Services (ADFS) portion as well as the Microsoft Azure Active Directory Sync Services.


The primary goal was to give the users as much of a painless login experience as possible.

High availability, security, and scalability were all requirements of solution as well.

C/D/H recommended a cloud based solution, specifically Microsoft Azure Active Directory Sync Services. The Azure solution would allow on premise user accounts and passwords to be synced to Office 365. Although the Azure AD Sync Services provided the ability for users to authenticate to Office 365, more was to be done to make the client's user experience more convenient. Additionally, there was still the requirement of having restricted access to Office 365 to LAN traffic only that needed to be met.

C/D/H used Active Directory Federation Services (ADFS) to meet these user authentication requirements. ADFS claim rules were set up to only allow LAN IP addresses to authenticate and only allowed SharePoint access to meet the restricted access requirements. C/D/H put a Group Policy Object in place to automatically log in users when ADFS prompted for username and password to make the user experience more convenient.

To address the high availability requirements and security concerns, Microsoft Application Web Proxy servers were installed in the DMZ to proxy traffic from the internet to the ADFS servers on the LAN. Windows Network Load Balancing was installed and configured for the web proxies as well as the ADFS farm to provide high availability and load balancing between servers.

High availability, security, and scalability were all accomplished in addition to a simplified and highly usable solution.


Univercal CTA background.png