Federation

Federation is an authentication model where a trusted external identity provider authenticates users on behalf of the relying party, with trust expressed via cryptographically signed assertions (SAML, OIDC). In Microsoft 365's history, federation with Active Directory Federation Services (AD FS) was the common pattern for hybrid identity — Entra ID redirected users to on-prem AD FS, which authenticated and signed assertions back. Microsoft is steering customers off federation in favour of cloud-side authentication (Password Hash Sync or Pass-Through Authentication), which is simpler and more resilient. The term federation also describes cross-tenant trust (Entra ID B2B) and broader IdP-to-RP trust relationships.