Be Proactive About Authentication Issues in ADFS
Originally posted on gsx.com
Active Directory Federation Services (AD Federation Services) is a feature of the Windows Server operating system that extends end users’ single sign-on access to applications and systems outside the corporate firewall.
Martello for ADFS provides live monitoring and reporting for CPU, Memory, and Average Disk time. Martello also monitors the performance of ADFS through critical performance counters, which helps troubleshoot issues quickly in any organization during congestion or performance load issues.
- Token Requests/Sec
- Token Requests
- Federation Metadata requests/sec
- Artifact resolution requests/sec
- Extranet Account Lockouts
- Password Change Successful Requests
- Password Change Failed Requests
- External Authentication Failures
Martello provides real-time monitoring and keeps the performance counter information up to 400 data points (analyze, trends, forecasts).
Martello shows the collected statistics information in Graphs, which allows the administrator to point out the issue easily and provide the resolution quickly.
In any Active Directory Federation Services (ADFS) design, various certificates must be used to secure communication and facilitate user authentication and authorization requests that are made to federation servers, federation server proxies, and AD FS-enabled Web servers.
Certificates will be playing a major role in Active Directory Federation Services and it’s very important to monitor and make sure we renew the certificates before they expire and create a huge impact in the organization.
Martello monitors ADFS certificate information triggers an alert to administrators on Expiry notification with the date of expiration, subject and thumbprint value.
Martello not only performs server monitoring, but also mimics end-user actions and perform synthetic transactions on ADFS environment.
Martello Solutions as a user will send the request against windows credentials and make sure the ADFS server is responding to the request with the token quickly. Martello also notifies the time taken to receive the response from the ADFS server and triggers an alert in case the response time exceeds the threshold. This test will let the administrators know if there is any issue with the federation server and authentication.
Martello as a user will frequently access the Federation Metadata information and make sure the server responding the request with the proper information.
At Martello, we consider Identities management as a critical component of Office 365 monitoring. Any issue with Identities management can have huge impact on the end-user experience, and can require extensive amounts of troubleshooting time for the administrator while end-users are unable to connect to the service.
We help you test the Office 365 service from end to end, including with:
- Monitoring of the Microsoft Identities management tools (AD, Azure AD Connect, and ADFS)
- Monitoring of the actual end-user experience, measured at the site level, from multiple locations
- Monitoring of the network latency from the user to the Office 365 Datacenter
- Monitoring of key users statistics (mailboxes and actives devices statistics) to help identify any usage issues