什么是与 Azure AD 的联合?What is federation with Azure AD?

联合是已建立信任的域的集合。Federation is a collection of domains that have established trust. 信任级别可能有所不同,但通常包括身份验证,几乎始终包括授权。The level of trust may vary, but typically includes authentication and almost always includes authorization. 典型的联合可能包括为了对一组资源进行共享访问而建立信任的许多组织。A typical federation might include a number of organizations that have established trust for shared access to a set of resources.

你可以将本地环境与 Azure AD 进行联合,并使用此联合进行身份验证和授权。You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. 此登录方法可确保所有用户身份验证都在本地进行。This sign-in method ensures that all user authentication occurs on-premises. 此方法允许管理员实施更严格的访问控制。This method allows administrators to implement more rigorous levels of access control. 可以使用 AD FS 和 PingFederate 进行联合身份验证。Federation with AD FS and PingFederate is available.

联合标识

提示

如果决定使用 Active Directory 联合身份验证服务 (AD FS) 进行联合身份验证,则可以选择性地设置密码哈希同步,作为在 AD FS 基础结构发生故障时的备用身份验证方式。If you decide to use Federation with Active Directory Federation Services (AD FS), you can optionally set up password hash synchronization as a backup in case your AD FS infrastructure fails.

后续步骤Next Steps