Active Directory Federation Services

Provides simplified, secured identity federation and Web single sign-on capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud. For Windows Server 2012,the server role includes the same functionality and feature set that is available in AD FS 2.0. It also includes the following list of new functionality that was not available in AD FS 2.0:

Improved installation experience using Server Manager. With AD FS 2.0, you had to download and install the AD FS 2.0 software to deploy your AD FS server infrastructure. In Windows Server 2012, you install the AD FS server role using Server Manager. Server Manager provides improved AD FS configuration wizard pages that perform server validation checks before you continue with the AD FS server role installation and will automatically list and install all the services that AD FS depends on during the AD FS server role installation.

Additional Windows PowerShell cmdlet tools - In addition to the Windows PowerShell based management capabilities provided in AD FS 2.0, AD FS in Windows Server 2012 and Windows Server 2012 R2, includes new cmdlets for installing the AD FS server role and for initial configuration of the federation server and federation server proxy.

AD FS in Windows Server 2012 R2 adds additional practical applications for AD FS, including the following:

Device workplace join for SSO and seamless second factor authentication.

Managing risk with additional multi-factor authentication for sensitive applications. AD FS allows you to control policies to potentially require multi-factor authentication on a per application basis.

Providing authentication and authorization capabilities for accessing web application resources from the extranet that are protected by the Web Application Proxy.