AD FS 2.0 is a role in Windows Server that simplifies access and single sign-on to both on-premises and cloud-based applications. Using “claims-based” identity technology, it helps enable secure business collaboration and productivity within the enterprise, across organizations, and on the Web. (We also released Forefront Protection 2010 for SharePoint today, and published some high-level recommendations around ensuring more secure collaboration.)
Some of the top scenarios AD FS 2.0 will support are:
1. Collaboration with Office documents and SharePoint across companies with single sign-on access.
2. Single sign-on access to hosted/cloud services, extended from on-premises Active Directory to Microsoft (or other) cloud services.
3. Implementation of access security and management policies to many different applications with varied security requirements.
Overall, AD FS 2.0 will help you streamline user access management with a simpler, unified approach and native single sign-on. It builds on AD and interoperates with other directories via WS* and SAML support, too.
And, because it provides a single user access model that can be applied again and again, AD FS 2.0 also helps provide better, more consistent application security. It puts access control decisions where they should be: In the hands of IT.
The AD FS 2.0 planning and deployment guide is here .