GSX Blog

Be proactive about authentication issues in ADFS

Posted by Pavan Reddy on Thu, Jul 07, 2016

adfs.jpgActive Directory Federation Services (AD Federation Services) is a feature of the Windows Server operating system that extends end users' single sign-on access to applications and systems outside the corporate firewall.

System Resources

GSX for ADFS provides live monitoring and reporting for CPU, Memory, and Average Disk time. GSX also monitors performance of ADFS through critical performance counters, which helps troubleshoot issues quickly in any organization during congestion or performance load issues.

  • Token Requests/Sec
  • Token Requests
  • Federation Metadata requests/sec
  • Artifact resolution requests/sec
  • Extranet Account Lockouts
  • Password Change Successful Requests
  • Password Change Failed Requests
  • External Authentication Failures

GSX provides real-time monitoring and keeps the performance counter information up to 400 data points (analyze, trends, forecasts).

GSX shows the collected statistics information in Graphs, which allows the administrator to point out the issue easily and provide the resolution quickly.

ADFS2-1.png

Certificates

In any Active Directory Federation Services (ADFS) design, various certificates must be used to secure communication and facilitate user authentication and authorization requests that are made to federation servers, federation server proxies, and AD FS-enabled Web servers.

Certificates will be playing a major role in Active directory Federation Services and it’s very important to monitor and make sure we renew the certificates before they expire and create a huge impact in the organization.

GSX monitors ADFS certificate information triggers an alert to administrators on Expiry notification with the date of expiration, subject and thumbprint value. 

certificate.jpg

ADFS_Certificate_led_with_tooltip-1.png

Synthetic Transactions

GSX not only performs server monitoring, but also mimics end-user actions and perform synthetic transactions on ADFS environment.

GSX Solutions as a user will send the request against windows credentials and make sure the ADFS server is responding to the request with the token quickly. GSX also notifies the time taken to receive the response from the ADFS server and triggers an alert in case the response time exceeds the threshold. This test will let the administrators know if there is any issue with the federation server and authentication.

GSX as a user will frequently access the Federation Metadata information and make sure the server responding the request with the proper information.

ADFS3-1.png

Learn more about GSX for ADFS >>

ADFS1-1.png

At GSX, we consider Identities management as a critical component of Office 365 monitoring. Any issue with Identities management can have huge impact on the end-user experience, and can require extensive amounts of troubleshooting time for the administrator while end-users are unable to connect to the service.

We help you test the Office 365 service from end to end, including with:

  • Monitoring of the Microsoft Identities management tools (AD, Azure AD Connect, and ADFS)
  • Monitoring of the actual end-user experience, measured at the site level, from multiple locations
  • Monitoring of the network latency from the user to the Office 365 Datacenter
  • Monitoring of key users statistics (mailboxes and actives devices statistics) to help identify any usage issues

CTA-bas--de-blog-1.png

Tags: ADFS, ADFS monitoring, Microsoft identity management