An on-premise federated identity management system that provides seamless and secure access to thousands of applications using Single Sign-On technology. Integrated with our Virtual Identity Server (VIS), OFIS provides multi-factor authentication and authorization from any data store.


Register for a Free Trial Today!

Interested in the features and benefits of Optimal IdM? Request a demo!

Request Demo

About On-Premise Federated Identity Management Systems

OFIS is an on-premise federated identity management system that provides seamless and secure access to thousands of applications using Single Sign-On technology. Integrated with our Virtual Identity Server (VIS), OFIS provides enterprise two-factor authentication and authorization from any data store.

OFIS is an on-premise offering from Optimal IdM that provides everything you need in a federated single sign-on solution. With it, users — whether on-premise, cloud hosted or federated — have seamless access to applications in the cloud and/or on-premise.

OFIS is much more than just a self-service password reset tool for Active Directory. The application’s built-in entitlements framework engine provides an easy to use and powerful claims based authorization solution. Application administrators define entitlements and specify both who can request access to them, and who can approve/deny access. Using the web interface, users’ requests are routed via email and delegated to administrators to approve or deny. As users authenticate, these additional entitlement/claims are added to the claims sent to the application.

Features of Optimal Federation & Identity Services

Optimal Federation & Identity Services provides federated identity management solutions, including ADFS deployment with additional out-of-the-box (OOB) authentication methods such as: traditional user id and password (basic), Windows Integrated Authentication, single-sign-on (SSO) to and from other systems, as well as Department of Defense Common Access Card (CAC) authentication.



Eliminate Deployment Barriers

VIS allows organizations to rapidly and easily deploy applications to users existing in multiple Active Directory forests or directories.

– The VIS Schema Manager™ eliminates the need to extend the Active Directory schema for third party LDAP applications.

– VIS allows you to rapidly deploy applications to users existing in multiple Active Directory Forests without any forest trusts making VIS a premier cloud active directory solution.

– VIS simplifies your identity management deployment by accessing data at its source directly.

– VIS provides multiple views of data, allowing for easy discreet application views of enterprise data.

Reduced IT Costs

By providing a federated single sign-on for your users, OFIS increase the value of your existing Microsoft environment. Both applications:

– Leverage the existing investment in Microsoft technology, extending it with increased functionality.

– Are developed in .NET technology and is designed to seamless integrate with your Microsoft environment.

– Continue to grow with an organization’s needs.

– Are proven solutions for Microsoft applications such as SharePoint and MIIS/ILM.

Meet Audit and Compliance Initiatives

A complete federated identity provider, OFIS can help you answer questions such as:

– Who has logged in and when?

– What changes were made to data and when?

– Who was added to the Administrators group today?

– What changes did “Bob” make?

Application Framework

The OptimalCloud is pre-integrated with thousands of applications, providing seamless, one-click access.

Search our Application Network to find your application today. If you do not see the one you are looking for, please let us know so that we can get it added to our network. Applications are added every day. Questions about our cloud-based active directory service? Contact Optimal IdM today.


Directory Integration

There is no need to waste time consolidating data. The OptimalCloud can instantly authenticate and surface identity data from multiple-forests and any identity stores.

Directory Integration

The OptimalCloud integrates with our Virtual Identity Server to provide authentication and authorization from any data store (LDAP, Active Directory, database, etc.)  In fact, some of our customers have hundreds of Active Directory forests. We can even provide a blended merged view of a user with data coming from multiple data sources.

Cloud Directory

The OptimalCloud also includes our cloud directory.  The cloud directory is a great place to host your external identities such as customers or partners. You no longer need to manage an on premise directory for these users.  Read more

User Management

From our custom entitlements engine to self-service administration, the OptimalCloud offers administrators a complete user management system that includes a robust Delegated Administrative Identity Management system.

user-management-graphic-01 (1)

Compliance Reporting

With the Optimal Cloud, data is auditable and trackable.

This provides you with a complete centralized audit trail of all user/group management and application activity. The OptimalCloud includes dozens of reports that provide both high level dashboard metrics as well as detailed audit reports.


Read more

Federation Protocols


Optimal Federation & Identity Services work as stand-alone services or integrated with an existing STS, including ADFS 2.0, ADFS 2.1 and ADFS 3.0. Other WS-Federation and SAML 2.0 federation systems are also supported.

For more information on Optimal IdM’s Federation & Identity services, contact Optimal IdM today or request a free trial of services to see what solution is right for you and your business.

Register for a Free Trial Today!

Interested in the features and benefits of Optimal IdM? Request a demo!

Request Demo

Cloud vs. OFIS Comparison

Understanding costs differences between Identity as a Service (IDaaS) and On Premise Deployments


Usage of the cloud has become more and more prevalent, even for areas that were classically on premise deployments.  For example, the cloud Identity as a Service (IDaaS) market has grown substantially over the last few years.  A major reason for the cloud adoption is that organizations have started to understand the true costs of maintaining an on premise identity deployment. Historically organizations didn’t realize the true cost of maintaining the solution until after it was purchased and deployed.   Read more

Frequently Asked Questions

Does OFIS provide audit capabilities?

Yes. All activity is optionally logged to a Microsoft SQL server database. This includes: who authenticated, when, how, to what application and with what claim values. There are audit reports that come out of the box for an administrator to run.

How can I control who has access to what applications using OFIS?

Using the built in Entitlements system of OFIS, an administrator can create custom claims that users can request access to. When a user requests access, the built-in workflow sends the request to either a delegated administrator or a claims administrator for approval or denial. If approved, this additional claim is added (claims are augmented) to the list of claims after authentication. These claims can be utilized to create very granular fine grained access to not only applications but also specific permissions such as a SharePoint document library.

Read more


Data Sheet: Optimal Federation Identity Services

Read More
White Papers

Read More
Benefits of a Cloud Federation Broker

Read More

Can’t wait?
Get Optimal IdM IAM Services Now

Start Your Free Trial