{"id":3440,"date":"2026-03-13T07:03:31","date_gmt":"2026-03-13T07:03:31","guid":{"rendered":"https:\/\/www.overtsoftware.id\/?p=3440"},"modified":"2026-03-18T07:06:14","modified_gmt":"2026-03-18T07:06:14","slug":"from-adfs-to-azure-ad-the-essential-migration-guide-for-shibboleth-idp-users","status":"publish","type":"post","link":"https:\/\/www.overtsoftware.id\/index.php\/from-adfs-to-azure-ad-the-essential-migration-guide-for-shibboleth-idp-users\/","title":{"rendered":"From ADFS to Azure AD: The Essential Migration Guide for Shibboleth IdP Users\u00a0"},"content":{"rendered":"<p><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">For years Active Directory Federation Services, or ADFS, has served as a robust identity bridge connecting on-premises resources to the cloud. Today Microsoft\u2019s strategic direction is increasingly centred on Azure AD, now branded as Microsoft Entra ID, as its primary identity platform.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/p>\n<p><span><img decoding=\"async\" alt=\"\" data-id=\"16438\" width=\"602\" data-init-width=\"1024\" height=\"485\" data-init-height=\"825\" title=\"intro - From ADFS to Azure AD\" loading=\"lazy\" src=\"https:\/\/www.overtsoftware.id\/wp-content\/uploads\/2026\/03\/intro-From-ADFS-to-Azure-AD.png\" data-width=\"602\" data-height=\"485\" style=\"aspect-ratio: auto 1024 \/ 825;\"><\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">While ADFS remains supported, its long-term development focus is clearly secondary to Entra ID, which now represents Microsoft\u2019s core identity service.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">This shift presents a significant challenge for many large organisations, particularly those in the education and research sectors that rely on Shibboleth IdP to manage federated access. For them, migration is not a simple lift-and-shift exercise. A successful transition requires careful planning to maintain continuous&nbsp;<\/span><span data-contrast=\"auto\" lang=\"EN-GB\"><a href=\"https:\/\/www.overtsoftware.com\/from-challenges-to-solutions-how-saam-transforms-access-management\/\" target=\"_blank\" style=\"outline: none;\" rel=\"noopener\">Single Sign On SSO&nbsp;<\/a>and&nbsp;<\/span><span data-contrast=\"auto\" lang=\"EN-GB\">ensure correct attribute flow between these complex identity systems.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">This guide provides a clear roadmap for migrating applications from ADFS to Azure AD. We focus specifically on navigating this transition while coexisting with, or fully transitioning from, a Shibboleth IdP environment.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<h2 id=\"t-1763811456152\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 2\">Why Migration Is Increasingly Necessary: The Benefits of Modern Identity (Entra ID)<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">&nbsp;<\/span><\/span><\/span><\/h2>\n<p><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The move away from ADFS is largely driven by improvements in operational efficiency, security capabilities, and governance flexibility. For many organisations, it represents a strategic progression towards more resilient identity management.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/p>\n<ul>\n<li><strong><span data-contrast=\"auto\" lang=\"EN-GB\">Reduced Cost and Complexity:<\/span><\/strong><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;A<span data-contrast=\"auto\" lang=\"EN-GB\">DFS requires physical or virtual servers, ongoing certificate management, patching, and infrastructure monitoring. Azure AD \/ Entra ID is a cloud-native service, reducing infrastructure dependency and shifting responsibility for platform maintenance to Microsoft. This allows internal teams to focus more on strategic initiatives rather than server upkeep.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/li>\n<li><strong><span data-contrast=\"auto\" lang=\"EN-GB\">Enhanced Security and Compliance:<\/span><\/strong><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<span data-contrast=\"auto\" lang=\"EN-GB\">Azure AD&nbsp;provides&nbsp;built-in modern security capabilities including Conditional Access policies, granular access controls, and support for phishing-resistant Multi-Factor Authentication (MFA). While some of these controls can be implemented within ADFS, they are more natively integrated and centrally managed within Entra ID. Migrating can therefore improve visibility and control over identity-based risk.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/li>\n<li><strong><span data-contrast=\"auto\" lang=\"EN-GB\">The Shibboleth Factor:<\/span><\/strong><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<span data-contrast=\"auto\" lang=\"EN-GB\">Migration also presents an opportunity to reassess architectural complexity. Organisations&nbsp;operating&nbsp;both Shibboleth IdP and ADFS environments often accumulate layered federation configurations over time. By redesigning identity flows around modern federation patterns, it may be possible to simplify trust relationships and reduce reliance on legacy relay configurations. The result is often a cleaner and more manageable identity architecture.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/li>\n<\/ul>\n<h2 lang=\"EN-GB\" id=\"t-1763811456153\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 1\">The Three Phases of a Successful Migration<\/span><\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:360,&quot;335559739&quot;:80}\">&nbsp;<\/span><\/h2>\n<h3 lang=\"EN-GB\" id=\"t-1763811456154\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Phase 1: Discovery and Assessment<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h3>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The single most critical phase of any migration is discovery. You cannot move what you do not fully understand. Your ADFS environment holds years of accumulated configuration and complexity.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Begin by compiling a complete inventory of all Relying Party Trusts (RPTs) currently configured on your ADFS servers. These RPTs represent every application, external service, and third-party partner that relies on ADFS for authentication. Pay close attention to RPTs that secure access to your internal Shibboleth resources, as these may require&nbsp;additional&nbsp;consideration during migration.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Microsoft provides several tools to&nbsp;assist&nbsp;with this discovery process.&nbsp;For example, the ADFS application migration dashboard available within the Microsoft Entra admin centre can help organisations review their existing Relying Party Trust configurations and&nbsp;identify&nbsp;applications that may require further analysis before migration.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">However, environments with customised claim rules or non-standard configurations often require&nbsp;additional&nbsp;manual review. This assessment phase&nbsp;ultimately defines&nbsp;the scope and timeline of the migration project.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<h3 lang=\"EN-GB\" id=\"t-1763811456155\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Phase 2: Application Migration and Testing<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h3>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Once assessed, applications should be migrated in controlled waves. One of the most significant technical challenges in an ADFS migration involves ensuring the correct flow of identity data, commonly referred to as claims and attributes.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">ADFS uses Claim Rules to&nbsp;determine&nbsp;which user attributes are released to specific applications. During migration, these rules must be carefully mapped to the Azure AD token claims configuration. A common failure point in environments that also use Shibboleth is incorrect handling of group membership or education-specific attributes required by federated services.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Implement a pilot and parallel run strategy. Avoid migrating all applications simultaneously. Configure the application in Azure AD \/ Entra ID while keeping the ADFS instance running in parallel. Test with a small user group using the new Azure AD configuration before transitioning access for the wider organisation.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">End-to-end testing should confirm that users can successfully authenticate and that applications receive the correct attributes&nbsp;required&nbsp;for authorisation.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<h3 lang=\"EN-GB\" id=\"t-1763811456156\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Phase 3: Cutover and Governance<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h3>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The final phase involves transitioning applications to the new identity platform and gradually decommissioning the legacy ADFS infrastructure. After successful pilot testing, applications can be updated to point fully to the new Azure AD configuration.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">If the organisation is migrating its entire user authentication model, the identity configuration may need to be adjusted from a federated authentication model to a managed or cloud authentication approach. In many environments this involves updating the Azure AD Connect configuration so that Azure AD becomes the primary authentication authority rather than relying on ADFS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Post-migration governance is equally important. Ensure that&nbsp;appropriate audit&nbsp;logging is enabled within Azure AD and&nbsp;establish&nbsp;a monitoring process to track authentication activity, unexpected access patterns, or attribute claim issues that may&nbsp;emerge&nbsp;in the weeks following the cutover.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p><span><img decoding=\"async\" alt=\"\" data-id=\"16437\" width=\"602\" data-init-width=\"1023\" height=\"397\" data-init-height=\"675\" title=\"Section 1 - From ADFS to Azure AD\" loading=\"lazy\" src=\"https:\/\/www.overtsoftware.id\/wp-content\/uploads\/2026\/03\/Section-1-From-ADFS-to-Azure-AD.png\" data-width=\"602\" data-height=\"397\" style=\"aspect-ratio: auto 1023 \/ 675;\"><\/span><\/p>\n<h2 lang=\"EN-GB\" id=\"t-1763811456157\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Bridging the Shibboleth Gap<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">:&nbsp;<\/span><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Solving Dual Login Challenges<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h2>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">While the move from ADFS to Azure AD resolves many operational challenges, it can introduce a new frustration for organisations running a mixed identity environment. Users may find themselves logging into Shibboleth resources and Azure AD resources separately. This dual login experience undermines the goal of Single Sign On and can create user friction as well as&nbsp;additional&nbsp;service desk requests.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">This challenge stems from the&nbsp;different ways&nbsp;these two identity providers manage sessions and authentication tokens. Without a mechanism to connect the two environments, users may&nbsp;be required&nbsp;to authenticate again when moving between a federated research application secured by Shibboleth and a corporate application secured by Azure AD.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">In these environments,&nbsp;additional&nbsp;configuration or specialised tooling is often&nbsp;required&nbsp;to link the authentication flow between the two providers. One approach is the use of a bridging mechanism that helps synchronise authentication sessions between the identity systems.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Overt Software Solutions developed the <span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<\/span><a href=\"https:\/\/www.overtsoftware.com\/saam-shibboleth-adfs-azure-ad-authentication-module\/\" target=\"_blank\" style=\"outline: none;\" rel=\"noopener\"><span data-contrast=\"auto\" lang=\"EN-GB\">SAAM bridge<\/span><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;(Shibboleth ADFS\/Azure AD Authentication Module)<\/span><\/a><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<\/span> to support this type of integration. The SAAM bridge allows authentication from one environment to be recognised by the other, helping organisations provide a more consistent Single Sign On experience across both Shibboleth and Azure AD resources.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">You can learn more about the SAAM bridge and its cross-authentication capabilities on the Overt Software Solutions website or by simply pressing the button below:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p><span><img decoding=\"async\" alt=\"\" data-id=\"16436\" width=\"1024\" data-init-width=\"1024\" height=\"702\" data-init-height=\"702\" title=\"Section 3 - From ADFS to Azure AD\" loading=\"lazy\" src=\"https:\/\/www.overtsoftware.id\/wp-content\/uploads\/2026\/03\/Section-3-From-ADFS-to-Azure-AD.png\" style=\"aspect-ratio: auto 1024 \/ 702;\"><\/span><\/p>\n<h2 lang=\"EN-GB\" id=\"t-1763811456158\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Achieving Modern Identity Resilience<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">:&nbsp;<\/span><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Your Secure Path to Entra ID<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h2>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The migration from ADFS to Azure AD&nbsp;represents&nbsp;an important step&nbsp;for many organisations seeking improved security, reduced infrastructure overhead, and access to modern identity capabilities.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">However, the migration process can be complex, and the risk of misconfiguration increases in environments that rely on Shibboleth or other federated identity systems. Successfully managing the transition while addressing dual login challenges requires careful planning, thorough testing, and&nbsp;appropriate integration&nbsp;tools.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The team at Overt Software Solutions&nbsp;provides&nbsp;specialist guidance to support organisations during ADFS to Azure AD migrations. We work with institutions that&nbsp;operate&nbsp;complex identity environments, including those using Shibboleth IdP for federated access.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Our services help organisations manage attribute mapping, identity integration, and migration planning across both Azure AD and Shibboleth environments. The SAAM bridge developed by Overt Software Solutions is designed to help organisations connect authentication between these systems and reduce the friction of dual login experiences.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p>\n<p style=\"text-align: center;\"><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">If you are planning an ADFS to Entra ID migration and want to ensure the process is carefully managed, the team at Overt Software Solutions can help guide your transition.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/p>\n<p style=\"text-align: center;\"><strong><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\"><\/span><span data-contrast=\"auto\" lang=\"EN-GB\">Contact Overt Software Solutions today<\/span><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;to ensure a successful, resilient transition to Microsoft Entra ID.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Migrate securely from ADFS to Azure AD. This guide covers the challenges specific to Shibboleth IdP environments and the best practice migration steps.<\/p>\n","protected":false},"author":1,"featured_media":3430,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"<div class=\"thrv_wrapper tve-toc tve-elem-scroll tve-toc-expandable tcb-local-vars-root\" data-columns=\"1\" data-ct=\"toc-60733\" data-transition=\"slide\" data-headers=\"h2,h3,h4\" data-numbering=\"none\" data-highlight=\"heading\" data-ct-name=\"Table of Contents 13\" data-heading-style=\"{&quot;0&quot;:&quot;tve-u-19cffc2aca4&quot;,&quot;1&quot;:&quot;tve-u-19cffc2aca6&quot;,&quot;2&quot;:&quot;tve-u-19aab5dbc2f&quot;}\" style=\"--tcb-local-color-4204a: var(--tcb-skin-color-0) !important; --tcb-local-color-ea1e7: rgba(214, 93, 0, 0.08) !important;\" data-css=\"tve-u-19cffc2ac9a\" data-state-default=\"expanded\" data-state-default-d=\"expanded\" data-animation=\"slide\" data-bullet-style=\"{&quot;0&quot;:&quot;tve-u-17399ff41d4&quot;,&quot;1&quot;:&quot;tve-u-17399ffc502&quot;,&quot;2&quot;:&quot;tve-u-17399ffedb7&quot;}\" data-number-style=\"{&quot;0&quot;:&quot;tve-u-17399fecc2c&quot;,&quot;1&quot;:&quot;tve-u-173dc8687ce&quot;,&quot;2&quot;:&quot;tve-u-173dc86929b&quot;}\" data-distribute=\"false\" data-state-default-m=\"collapsed\" data-element-name=\"Table of Contents\" data-form-settings=\"__TCB_FORM__{&quot;form_identifier&quot;:&quot;from-adfs-to-azure-ad-the-essential-migration-guide-for-shibboleth-idp-users-form-kwousk&quot;}__TCB_FORM__\" data-id=\"mmvp4mck\"><div class=\"thrive-colors-palette-config\" style=\"display: none !important\">__CONFIG_colors_palette__{\"active_palette\":0,\"config\":{\"colors\":{\"4204a\":{\"name\":\"Main Accent\",\"parent\":-1},\"ea1e7\":{\"name\":\"Main Accent Light\",\"parent\":\"4204a\",\"lock\":{\"lightness\":1}}},\"gradients\":[]},\"palettes\":[{\"name\":\"Default\",\"value\":{\"colors\":{\"4204a\":{\"val\":\"var(--tcb-skin-color-0)\"},\"ea1e7\":{\"val\":\"rgba(214, 93, 0, 0.08)\",\"hsl_parent_dependency\":{\"h\":26,\"l\":0.42,\"s\":1.28}}},\"gradients\":[]},\"original\":{\"colors\":{\"4204a\":{\"val\":\"rgb(30, 136, 69)\",\"hsl\":{\"h\":142,\"s\":0.63,\"l\":0.32,\"a\":1}},\"ea1e7\":{\"val\":\"rgba(4, 215, 85, 0.08)\",\"hsl_parent_dependency\":{\"h\":143,\"s\":0.96,\"l\":0.42,\"a\":0.08}}},\"gradients\":[]}}]}__CONFIG_colors_palette__<\/div><div class=\"tve-toc-divider\" style=\"position: absolute; width: 0; height: 0; overflow: hidden;\"><div class=\"thrv_wrapper thrv-divider tve-vert-divider\" data-style=\"tve_sep-1\" data-color-d=\"rgb(217, 217, 217)\"><hr class=\"tve_sep tve_sep-1\" style=\"\"><\/div><\/div><svg class=\"toc-icons\" style=\"position: absolute; width: 0; height: 0; overflow: hidden;\" version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><symbol viewBox=\"0 0 24 24\" id=\"toc-bullet-0-mmvp4mck\" data-id=\"icon-chevron_right-duotone\"><path fill=\"none\" d=\"M0 0h24v24H0V0z\"><\/path><path d=\"M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6-6-6z\"><\/path><\/symbol><symbol viewBox=\"0 0 24 24\" id=\"toc-bullet-1-mmvp4mck\" data-id=\"icon-chevron_right-duotone\"><path fill=\"none\" d=\"M0 0h24v24H0V0z\"><\/path><path d=\"M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6-6-6z\"><\/path><\/symbol><symbol viewBox=\"0 0 24 24\" id=\"toc-bullet-2-mmvp4mck\" data-id=\"icon-chevron_right-duotone\"><path fill=\"none\" d=\"M0 0h24v24H0V0z\"><\/path><path d=\"M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6-6-6z\"><\/path><\/symbol><\/svg>\n\t<div class=\"tve-content-box-background\" data-css=\"tve-u-19cffc2ac9c\" style=\"\"><\/div>\n\t<div class=\"thrv_wrapper tve-toc-title tcb-icon-display reverse tve-no-dropzone tve-prevent-content-edit\" data-css=\"tve-u-19cffc2ac9d\" style=\"\">\n\t<div class=\"tve-content-box-background\" style=\"\"><\/div>\n\t<div class=\"tve-cb\" style=\"\">\n\t\t<div class=\"tve-toc-title-icon\" data-icon-code=\"icon-chevron-down-solid\" style=\"\"><svg class=\"tcb-icon\" viewBox=\"0 0 24 24\" data-id=\"icon-chevron-down-solid\" data-name=\"\"><path d=\"M7.41,8.58L12,13.17L16.59,8.58L18,10L12,16L6,10L7.41,8.58Z\"><\/path><\/svg><\/div>\n\t\t<div class=\"thrv_wrapper thrv_text_element tve_no_icons\">\t\t\t<div class=\"tcb-plain-text\" data-css=\"tve-u-19cffc2ac9e\" style=\"\">table of contents<\/div> \t\t<\/div>\n\t<\/div>\n<\/div><div class=\"tve-cb tve-toc-content tve-prevent-content-edit\">\n\t\t\n\n\t\t<div class=\"thrv_wrapper thrv_contentbox_shortcode thrv-content-box tve-elem-default-pad\" data-css=\"tve-u-19cffc2ac9f\" style=\"\">\n\t<div class=\"tve-content-box-background\" style=\"\" data-css=\"tve-u-19cffc2aca0\"><\/div>\n\t<div class=\"tve-cb\"><\/div>\n<\/div><div class=\"thrv_wrapper tve-toc-list tcb-no-delete tcb-no-save tcb-no-clone tve-no-dropzone\" data-css=\"tve-u-19cffc2aca2\" style=\"\">\n\t\t\t<div class=\"tve-content-box-background\" data-css=\"tve-u-19cffc2aca3\" style=\"\"><\/div>\n\t\t\t<div class=\"tve-cb\">\n\t\t\t\t<div class=\"tve_ct_content tve_clearfix\"><div class=\"ct_column\"><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level0 tve_no_icons\" data-tag=\"H2\" data-css=\"tve-u-19cffc2aca4\" data-element-name=\"Heading Level 1\"><a href=\"#t-1763811456152\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">Why Migration Is Increasingly Necessary: The Benefits of Modern Identity (Entra ID)&nbsp;<\/a><\/div><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level0 tve_no_icons\" data-tag=\"H2\" data-css=\"tve-u-19cffc2aca4\" data-element-name=\"Heading Level 1\"><a href=\"#t-1763811456153\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">The Three Phases of a Successful Migration&nbsp;<\/a><\/div><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level1 tve_no_icons\" data-tag=\"H3\" data-css=\"tve-u-19cffc2aca6\" data-element-name=\"Heading Level 2\"><a href=\"#t-1763811456154\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">Phase 1: Discovery and Assessment&nbsp;<\/a><\/div><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level1 tve_no_icons\" data-tag=\"H3\" data-css=\"tve-u-19cffc2aca6\" data-element-name=\"Heading Level 2\"><a href=\"#t-1763811456155\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">Phase 2: Application Migration and Testing&nbsp;<\/a><\/div><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level1 tve_no_icons\" data-tag=\"H3\" data-css=\"tve-u-19cffc2aca6\" data-element-name=\"Heading Level 2\"><a href=\"#t-1763811456156\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">Phase 3: Cutover and Governance&nbsp;<\/a><\/div><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level0 tve_no_icons\" data-tag=\"H2\" data-css=\"tve-u-19cffc2aca4\" data-element-name=\"Heading Level 1\"><a href=\"#t-1763811456157\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">Bridging the Shibboleth Gap:&nbsp;Solving Dual Login Challenges&nbsp;<\/a><\/div><div class=\"thrv_wrapper tve-toc-heading tve-toc-heading-level0 tve_no_icons\" data-tag=\"H2\" data-css=\"tve-u-19cffc2aca4\" data-element-name=\"Heading Level 1\"><a href=\"#t-1763811456158\" class=\"tve-toc-anchor tve-jump-scroll\" jump-animation=\"smooth\">Achieving Modern Identity Resilience:&nbsp;Your Secure Path to Entra ID&nbsp;<\/a><\/div><\/div><div class=\"thrv_wrapper thrv-divider tve-vert-divider\" data-style=\"tve_sep-1\" data-color-d=\"rgb(217, 217, 217)\"><hr class=\"tve_sep tve_sep-1\" style=\"\"><\/div><\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n<\/div><div class=\"thrv_wrapper thrv_text_element\">\t<p><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">For years Active Directory Federation Services, or ADFS, has served as a robust identity bridge connecting on-premises resources to the cloud. Today Microsoft\u2019s strategic direction is increasingly centred on Azure AD, now branded as Microsoft Entra ID, as its primary identity platform.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/p><\/div><div class=\"thrv_wrapper tve_image_caption\" data-css=\"tve-u-19cffc2acac\"><span class=\"tve_image_frame\"><img decoding=\"async\" class=\"tve_image wp-image-16438\" alt=\"\" data-id=\"16438\" width=\"602\" data-init-width=\"1024\" height=\"485\" data-init-height=\"825\" title=\"intro - From ADFS to Azure AD\" loading=\"lazy\" src=\"https:\/\/www.overtsoftware.id\/wp-content\/uploads\/2026\/03\/intro-From-ADFS-to-Azure-AD.png\" data-width=\"602\" data-height=\"485\" style=\"aspect-ratio: auto 1024 \/ 825;\"><\/span><\/div><div class=\"thrv_wrapper thrv_text_element\"><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">While ADFS remains supported, its long-term development focus is clearly secondary to Entra ID, which now represents Microsoft\u2019s core identity service.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">This shift presents a significant challenge for many large organisations, particularly those in the education and research sectors that rely on Shibboleth IdP to manage federated access. For them, migration is not a simple lift-and-shift exercise. A successful transition requires careful planning to maintain continuous&nbsp;<\/span><span data-contrast=\"auto\" lang=\"EN-GB\"><a href=\"https:\/\/www.overtsoftware.com\/from-challenges-to-solutions-how-saam-transforms-access-management\/\" target=\"_blank\" class=\"\" style=\"outline: none;\">Single Sign On SSO&nbsp;<\/a>and&nbsp;<\/span><span data-contrast=\"auto\" lang=\"EN-GB\">ensure correct attribute flow between these complex identity systems.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">This guide provides a clear roadmap for migrating applications from ADFS to Azure AD. We focus specifically on navigating this transition while coexisting with, or fully transitioning from, a Shibboleth IdP environment.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><h2 class=\"\" id=\"t-1763811456152\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 2\">Why Migration Is Increasingly Necessary: The Benefits of Modern Identity (Entra ID)<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">&nbsp;<\/span><\/span><\/span><\/h2><p><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The move away from ADFS is largely driven by improvements in operational efficiency, security capabilities, and governance flexibility. For many organisations, it represents a strategic progression towards more resilient identity management.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/p><ul class=\"\"><li><strong><span data-contrast=\"auto\" lang=\"EN-GB\">Reduced Cost and Complexity:<\/span><\/strong><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;A<span data-contrast=\"auto\" lang=\"EN-GB\">DFS requires physical or virtual servers, ongoing certificate management, patching, and infrastructure monitoring. Azure AD \/ Entra ID is a cloud-native service, reducing infrastructure dependency and shifting responsibility for platform maintenance to Microsoft. This allows internal teams to focus more on strategic initiatives rather than server upkeep.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/li><li><strong><span data-contrast=\"auto\" lang=\"EN-GB\">Enhanced Security and Compliance:<\/span><\/strong><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<span data-contrast=\"auto\" lang=\"EN-GB\">Azure AD&nbsp;provides&nbsp;built-in modern security capabilities including Conditional Access policies, granular access controls, and support for phishing-resistant Multi-Factor Authentication (MFA). While some of these controls can be implemented within ADFS, they are more natively integrated and centrally managed within Entra ID. Migrating can therefore improve visibility and control over identity-based risk.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/li><li><strong><span data-contrast=\"auto\" lang=\"EN-GB\">The Shibboleth Factor:<\/span><\/strong><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<span data-contrast=\"auto\" lang=\"EN-GB\">Migration also presents an opportunity to reassess architectural complexity. Organisations&nbsp;operating&nbsp;both Shibboleth IdP and ADFS environments often accumulate layered federation configurations over time. By redesigning identity flows around modern federation patterns, it may be possible to simplify trust relationships and reduce reliance on legacy relay configurations. The result is often a cleaner and more manageable identity architecture.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/li><\/ul><h2 lang=\"EN-GB\" class=\"\" id=\"t-1763811456153\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 1\">The Three Phases of a Successful Migration<\/span><\/span><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:360,&quot;335559739&quot;:80}\">&nbsp;<\/span><\/h2><h3 lang=\"EN-GB\" class=\"\" id=\"t-1763811456154\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Phase 1: Discovery and Assessment<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h3><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The single most critical phase of any migration is discovery. You cannot move what you do not fully understand. Your ADFS environment holds years of accumulated configuration and complexity.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Begin by compiling a complete inventory of all Relying Party Trusts (RPTs) currently configured on your ADFS servers. These RPTs represent every application, external service, and third-party partner that relies on ADFS for authentication. Pay close attention to RPTs that secure access to your internal Shibboleth resources, as these may require&nbsp;additional&nbsp;consideration during migration.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Microsoft provides several tools to&nbsp;assist&nbsp;with this discovery process.&nbsp;For example, the ADFS application migration dashboard available within the Microsoft Entra admin centre can help organisations review their existing Relying Party Trust configurations and&nbsp;identify&nbsp;applications that may require further analysis before migration.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">However, environments with customised claim rules or non-standard configurations often require&nbsp;additional&nbsp;manual review. This assessment phase&nbsp;ultimately defines&nbsp;the scope and timeline of the migration project.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><h3 lang=\"EN-GB\" class=\"\" id=\"t-1763811456155\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Phase 2: Application Migration and Testing<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h3><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Once assessed, applications should be migrated in controlled waves. One of the most significant technical challenges in an ADFS migration involves ensuring the correct flow of identity data, commonly referred to as claims and attributes.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">ADFS uses Claim Rules to&nbsp;determine&nbsp;which user attributes are released to specific applications. During migration, these rules must be carefully mapped to the Azure AD token claims configuration. A common failure point in environments that also use Shibboleth is incorrect handling of group membership or education-specific attributes required by federated services.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Implement a pilot and parallel run strategy. Avoid migrating all applications simultaneously. Configure the application in Azure AD \/ Entra ID while keeping the ADFS instance running in parallel. Test with a small user group using the new Azure AD configuration before transitioning access for the wider organisation.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">End-to-end testing should confirm that users can successfully authenticate and that applications receive the correct attributes&nbsp;required&nbsp;for authorisation.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><h3 lang=\"EN-GB\" class=\"\" id=\"t-1763811456156\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Phase 3: Cutover and Governance<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h3><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The final phase involves transitioning applications to the new identity platform and gradually decommissioning the legacy ADFS infrastructure. After successful pilot testing, applications can be updated to point fully to the new Azure AD configuration.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">If the organisation is migrating its entire user authentication model, the identity configuration may need to be adjusted from a federated authentication model to a managed or cloud authentication approach. In many environments this involves updating the Azure AD Connect configuration so that Azure AD becomes the primary authentication authority rather than relying on ADFS.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Post-migration governance is equally important. Ensure that&nbsp;appropriate audit&nbsp;logging is enabled within Azure AD and&nbsp;establish&nbsp;a monitoring process to track authentication activity, unexpected access patterns, or attribute claim issues that may&nbsp;emerge&nbsp;in the weeks following the cutover.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><\/div><div class=\"thrv_wrapper tve_image_caption\" data-css=\"tve-u-19cffc2acae\"><span class=\"tve_image_frame\"><img decoding=\"async\" class=\"tve_image wp-image-16437\" alt=\"\" data-id=\"16437\" width=\"602\" data-init-width=\"1023\" height=\"397\" data-init-height=\"675\" title=\"Section 1 - From ADFS to Azure AD\" loading=\"lazy\" src=\"https:\/\/www.overtsoftware.id\/wp-content\/uploads\/2026\/03\/Section-1-From-ADFS-to-Azure-AD.png\" data-width=\"602\" data-height=\"397\" style=\"aspect-ratio: auto 1023 \/ 675;\"><\/span><\/div><div class=\"thrv_wrapper thrv_text_element\"><h2 lang=\"EN-GB\" class=\"\" id=\"t-1763811456157\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Bridging the Shibboleth Gap<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">:&nbsp;<\/span><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Solving Dual Login Challenges<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h2><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">While the move from ADFS to Azure AD resolves many operational challenges, it can introduce a new frustration for organisations running a mixed identity environment. Users may find themselves logging into Shibboleth resources and Azure AD resources separately. This dual login experience undermines the goal of Single Sign On and can create user friction as well as&nbsp;additional&nbsp;service desk requests.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">This challenge stems from the&nbsp;different ways&nbsp;these two identity providers manage sessions and authentication tokens. Without a mechanism to connect the two environments, users may&nbsp;be required&nbsp;to authenticate again when moving between a federated research application secured by Shibboleth and a corporate application secured by Azure AD.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">In these environments,&nbsp;additional&nbsp;configuration or specialised tooling is often&nbsp;required&nbsp;to link the authentication flow between the two providers. One approach is the use of a bridging mechanism that helps synchronise authentication sessions between the identity systems.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Overt Software Solutions developed the <span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<\/span><a href=\"https:\/\/www.overtsoftware.com\/saam-shibboleth-adfs-azure-ad-authentication-module\/\" target=\"_blank\" class=\"\" style=\"outline: none;\"><span data-contrast=\"auto\" lang=\"EN-GB\">SAAM bridge<\/span><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;(Shibboleth ADFS\/Azure AD Authentication Module)<\/span><\/a><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;<\/span> to support this type of integration. The SAAM bridge allows authentication from one environment to be recognised by the other, helping organisations provide a more consistent Single Sign On experience across both Shibboleth and Azure AD resources.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">You can learn more about the SAAM bridge and its cross-authentication capabilities on the Overt Software Solutions website or by simply pressing the button below:<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><\/div><div class=\"thrv_wrapper thrv-button thrv-button-v2 tcb-local-vars-root\" data-css=\"tve-u-19cffc2acaf\" style=\"--tcb-local-color-62516: var(--tcb-skin-color-0) !important;\">\n\t<div class=\"thrive-colors-palette-config\" style=\"display: none !important\">__CONFIG_colors_palette__{\"active_palette\":0,\"config\":{\"colors\":{\"62516\":{\"name\":\"Main Accent\",\"parent\":-1}},\"gradients\":[]},\"palettes\":[{\"name\":\"Default Palette\",\"value\":{\"colors\":{\"62516\":{\"val\":\"var(--tcb-skin-color-0)\"}},\"gradients\":[]}}]}__CONFIG_colors_palette__<\/div>\n\t<a href=\"https:\/\/www.overtsoftware.com\/products\/sso\/saam-bridge-shibboleth-adfs\/\" class=\"tcb-button-link tcb-plain-text\" target=\"_blank\">\n\t\t<span class=\"tcb-button-texts\"><span class=\"tcb-button-text thrv-inline-text\">Read more about SAAM&nbsp;<\/span><\/span>\n\t<\/a>\n<\/div><div class=\"thrv_wrapper tve_image_caption\" data-css=\"tve-u-19cffc2acb0\"><span class=\"tve_image_frame\"><img decoding=\"async\" class=\"tve_image wp-image-16436\" alt=\"\" data-id=\"16436\" width=\"1024\" data-init-width=\"1024\" height=\"702\" data-init-height=\"702\" title=\"Section 3 - From ADFS to Azure AD\" loading=\"lazy\" src=\"https:\/\/www.overtsoftware.id\/wp-content\/uploads\/2026\/03\/Section-3-From-ADFS-to-Azure-AD.png\" style=\"aspect-ratio: auto 1024 \/ 702;\"><\/span><\/div><div class=\"thrv_wrapper thrv_text_element\"><h2 lang=\"EN-GB\" class=\"\" id=\"t-1763811456158\"><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Achieving Modern Identity Resilience<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">:&nbsp;<\/span><span data-contrast=\"none\" lang=\"EN-GB\"><span data-ccp-parastyle=\"heading 3\">Your Secure Path to Entra ID<\/span><\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">&nbsp;<\/span><\/h2><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The migration from ADFS to Azure AD&nbsp;represents&nbsp;an important step&nbsp;for many organisations seeking improved security, reduced infrastructure overhead, and access to modern identity capabilities.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">However, the migration process can be complex, and the risk of misconfiguration increases in environments that rely on Shibboleth or other federated identity systems. Successfully managing the transition while addressing dual login challenges requires careful planning, thorough testing, and&nbsp;appropriate integration&nbsp;tools.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">The team at Overt Software Solutions&nbsp;provides&nbsp;specialist guidance to support organisations during ADFS to Azure AD migrations. We work with institutions that&nbsp;operate&nbsp;complex identity environments, including those using Shibboleth IdP for federated access.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><p lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">Our services help organisations manage attribute mapping, identity integration, and migration planning across both Azure AD and Shibboleth environments. The SAAM bridge developed by Overt Software Solutions is designed to help organisations connect authentication between these systems and reduce the friction of dual login experiences.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/p><\/div><div class=\"thrv_wrapper thrv_contentbox_shortcode thrv-content-box tve-elem-default-pad cb_style_4\" data-style=\"cb_style_4\">\n\t<div class=\"tve-content-box-background cb_style_4-bg\" data-css=\"tve-u-19cffc2acb1\" style=\"\"><\/div>\n\t<div class=\"tve-cb cb_style_4-cb\" data-css=\"tve-u-19cffc2acb2\" style=\"\"><div class=\"thrv_wrapper thrv_text_element\"><p style=\"text-align: center;\"><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\">If you are planning an ADFS to Entra ID migration and want to ensure the process is carefully managed, the team at Overt Software Solutions can help guide your transition.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/p><\/div><div class=\"thrv_wrapper thrv-button thrv-button-v2 tcb-local-vars-root\" data-css=\"tve-u-19cffc2acb4\" style=\"--tcb-local-color-62516: var(--tcb-skin-color-0) !important;\">\n\t<div class=\"thrive-colors-palette-config\" style=\"display: none !important\">__CONFIG_colors_palette__{\"active_palette\":0,\"config\":{\"colors\":{\"62516\":{\"name\":\"Main Accent\",\"parent\":-1}},\"gradients\":[]},\"palettes\":[{\"name\":\"Default Palette\",\"value\":{\"colors\":{\"62516\":{\"val\":\"var(--tcb-skin-color-0)\"}},\"gradients\":[]}}]}__CONFIG_colors_palette__<\/div>\n\t<a href=\"https:\/\/www.overtsoftware.com\/contact\/\" class=\"tcb-button-link tcb-plain-text\" target=\"_blank\">\n\t\t<span class=\"tcb-button-texts\"><span class=\"tcb-button-text thrv-inline-text\">Contact&nbsp; us now!<\/span><\/span>\n\t<\/a>\n<\/div><div class=\"thrv_wrapper thrv_text_element\"><p style=\"text-align: center;\"><strong><span data-contrast=\"auto\" lang=\"EN-GB\"><span data-contrast=\"auto\" lang=\"EN-GB\"><\/span><span data-contrast=\"auto\" lang=\"EN-GB\">Contact Overt Software Solutions today<\/span><span data-contrast=\"auto\" lang=\"EN-GB\">&nbsp;to ensure a successful, resilient transition to Microsoft Entra ID.<\/span><span data-ccp-props=\"{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">&nbsp;<\/span><\/span><\/strong><\/p><\/div><\/div>\n<\/div>","tve_custom_css":"@media (min-width: 300px){.tcb-post-list[data-css=\"tve-u-16ecb5f152b\"] .post-wrapper.thrv_wrapper { width: calc(50% - 10px); }.tcb-post-list[data-css=\"tve-u-16ecb5f152b\"] .post-wrapper.thrv_wrapper:nth-child(n+3) { margin-top: 20px !important; }.tcb-post-list[data-css=\"tve-u-16ecb5f152b\"] .post-wrapper.thrv_wrapper:not(:nth-child(n+3)) { margin-top: 0px !important; }.tcb-post-list[data-css=\"tve-u-16ecb5f152b\"] .post-wrapper.thrv_wrapper:not(:nth-child(2n)) { margin-right: 20px !important; }.tcb-post-list[data-css=\"tve-u-16ecb5f152b\"] .post-wrapper.thrv_wrapper:nth-child(2n) { margin-right: 0px !important; }[data-css=\"tve-u-19aab5dbc2f\"] { font-size: var(--tve-font-size,16px); --tve-font-size: 16px; color: var(--tve-color,rgb(85,85,85)); --tve-color: rgb(85,85,85); --tcb-applied-color: rgb(85,85,85); line-height: var(--tve-line-height,1.6em); --tve-line-height: 1.6em; padding: 8px !important; }[data-css=\"tve-u-19aab5dbc2f\"].tve-state-expanded { color: var(--tve-color,rgb(255,255,255)); --tve-color: rgb(255,255,255); --tcb-applied-color: rgb(255,255,255); background-image: linear-gradient(var(--tcb-local-color-4204a),var(--tcb-local-color-4204a)) !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; }:not(#tve) [data-css=\"tve-u-19aab5dbc2f\"]:hover { color: var(--tve-color,var(--tcb-local-color-4204a)) !important; --tve-color: var(--tcb-local-color-4204a) !important; --tcb-applied-color: var$(--tcb-local-color-4204a) !important; background-image: linear-gradient(var(--tcb-local-color-ea1e7),var(--tcb-local-color-ea1e7)) !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; }[data-css=\"tve-u-17399fecc2c\"] { padding: 0px !important; }[data-css=\"tve-u-173dc8687ce\"] { padding: 0px !important; }[data-css=\"tve-u-173dc86929b\"] { padding: 0px !important; }[data-css=\"tve-u-19cffc2ac9a\"] { --tve-toc-indent: 20px; max-width: 1000px; float: none; padding: 15px !important; margin-left: auto !important; margin-right: auto !important; --tcb-local-color-4204a: var(--tcb-skin-color-0) !important; --tcb-local-color-ea1e7: rgba(214,93,0,0.08) !important; --tve-applied-max-width: 1000px !important; }[data-css=\"tve-u-19cffc2ac9c\"] { box-shadow: rgba(0, 0, 0, 0.08) 0px 5px 12px 1px; overflow: hidden; border-radius: 0px !important; background-image: linear-gradient(rgb(255, 255, 255), rgb(255, 255, 255)) !important; border-top: none !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; }[data-css=\"tve-u-19cffc2ac9d\"] { padding: 12px 5px !important; margin-bottom: -1px !important; margin-top: 0px !important; }:not(#tve) [data-css=\"tve-u-19cffc2ac9d\"] > .tve-content-box-background { background-color: rgb(244, 244, 244) !important; --tve-applied-background-color: rgb(244,244,244) !important; }[data-css=\"tve-u-19cffc2ac9d\"] .tve-toc-title-icon { font-size: 16px !important; width: 16px !important; height: 16px !important; }:not(#tve) [data-css=\"tve-u-19cffc2ac9e\"] { letter-spacing: 2px; text-transform: uppercase !important; font-size: 13px !important; color: rgb(0, 0, 0) !important; --tcb-applied-color: rgb(0,0,0) !important; --tve-applied-color: rgb(0,0,0) !important; }[data-css=\"tve-u-19cffc2ac9f\"] { float: none; width: 40px; z-index: 3; position: relative; margin: 0px auto 5px !important; padding: 0px !important; }[data-css=\"tve-u-19cffc2aca0\"] { border-top: 2px solid var(--tcb-local-color-4204a) !important; border-bottom: none !important; }[data-css=\"tve-u-19cffc2aca2\"] { padding: 0px !important; margin-top: 0px !important; margin-bottom: 10px !important; }[data-css=\"tve-u-19cffc2aca3\"] { overflow: hidden; border-radius: 15px !important; }:not(#tve) [data-css=\"tve-u-19cffc2aca3\"] { background-image: none !important; }[data-css=\"tve-u-19cffc2aca4\"] { font-size: var(--tve-font-size,16px); --tve-font-size: 16px; color: var(--tve-color,rgb(85,85,85)); --tve-color: rgb(85,85,85); --tcb-applied-color: rgb(85,85,85); line-height: var(--tve-line-height,1.6em); --tve-line-height: 1.6em; padding: 8px !important; }[data-css=\"tve-u-19cffc2aca4\"].tve-state-expanded { color: var(--tve-color,rgb(255,255,255)); --tve-color: rgb(255,255,255); --tcb-applied-color: rgb(255,255,255); background-image: linear-gradient(var(--tcb-local-color-4204a),var(--tcb-local-color-4204a)) !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; }:not(#tve) [data-css=\"tve-u-19cffc2aca4\"]:hover { background-image: linear-gradient(var(--tcb-local-color-ea1e7),var(--tcb-local-color-ea1e7)) !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; color: var(--tve-color,var(--tcb-local-color-4204a)) !important; --tve-color: var(--tcb-local-color-4204a) !important; --tcb-applied-color: var$(--tcb-local-color-4204a) !important; }[data-css=\"tve-u-19cffc2aca6\"] { font-size: var(--tve-font-size,16px); --tve-font-size: 16px; color: var(--tve-color,rgb(85,85,85)); --tve-color: rgb(85,85,85); --tcb-applied-color: rgb(85,85,85); line-height: var(--tve-line-height,1.6em); --tve-line-height: 1.6em; padding: 8px !important; }[data-css=\"tve-u-19cffc2aca6\"].tve-state-expanded { color: var(--tve-color,rgb(255,255,255)); --tve-color: rgb(255,255,255); --tcb-applied-color: rgb(255,255,255); background-image: linear-gradient(var(--tcb-local-color-4204a),var(--tcb-local-color-4204a)) !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; }:not(#tve) [data-css=\"tve-u-19cffc2aca6\"]:hover { color: var(--tve-color,var(--tcb-local-color-4204a)) !important; --tve-color: var(--tcb-local-color-4204a) !important; --tcb-applied-color: var$(--tcb-local-color-4204a) !important; background-image: linear-gradient(var(--tcb-local-color-ea1e7),var(--tcb-local-color-ea1e7)) !important; background-size: auto !important; background-position: 50% 50% !important; background-attachment: scroll !important; background-repeat: no-repeat !important; }[data-css=\"tve-u-19cffc2acac\"] { width: 1024px; --tve-alignment: center; float: none; margin-left: auto !important; margin-right: auto !important; }[data-css=\"tve-u-19cffc2acae\"] { width: 1023px; }[data-css=\"tve-u-19cffc2acaf\"] .tcb-button-link { letter-spacing: 2px; background-image: linear-gradient(var(--tcb-local-color-62516,rgb(19,114,211)),var(--tcb-local-color-62516,rgb(19,114,211))); --tve-applied-background-image: linear-gradient(var$(--tcb-local-color-62516,rgb(19,114,211)),var$(--tcb-local-color-62516,rgb(19,114,211))); background-size: auto; background-attachment: scroll; border-radius: 5px; padding: 18px; background-position: 50% 50%; background-repeat: no-repeat; background-color: transparent !important; }[data-css=\"tve-u-19cffc2acaf\"] .tcb-button-link span { color: rgb(255, 255, 255); --tcb-applied-color: #fff; }[data-css=\"tve-u-19cffc2acaf\"] { --tcb-local-color-62516: var(--tcb-skin-color-0) !important; min-width: 100% !important; }[data-css=\"tve-u-19cffc2acb0\"] { width: 1024px; }[data-css=\"tve-u-19cffc2acb1\"] { border-radius: 20px; box-shadow: rgba(21, 69, 94, 0.22) 0px 0px 27px 0px; background-color: rgba(0, 169, 230, 0) !important; border-right: none !important; border-left: none !important; border-image: initial !important; }:not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] p, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] li, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] blockquote, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] address, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] .tcb-plain-text, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] label, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] h1, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] h2, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] h3, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] h4, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] h5, :not(#tve) .thrv-content-box [data-css=\"tve-u-19cffc2acb2\"] h6 { color: var(--tve-color,rgb(0,0,0)); --tve-applied-color: var$(--tve-color,rgb(0,0,0)); --tcb-applied-color: rgb(0,0,0); }[data-css=\"tve-u-19cffc2acb2\"] { --tve-color: rgb(0,0,0); --tve-applied---tve-color: rgb(0,0,0); }[data-css=\"tve-u-19cffc2acb4\"] .tcb-button-link { letter-spacing: 2px; background-image: linear-gradient(var(--tcb-local-color-62516,rgb(19,114,211)),var(--tcb-local-color-62516,rgb(19,114,211))); --tve-applied-background-image: linear-gradient(var$(--tcb-local-color-62516,rgb(19,114,211)),var$(--tcb-local-color-62516,rgb(19,114,211))); background-size: auto; background-attachment: scroll; border-radius: 5px; padding: 18px; background-position: 50% 50%; background-repeat: no-repeat; background-color: transparent !important; }[data-css=\"tve-u-19cffc2acb4\"] .tcb-button-link span { color: rgb(255, 255, 255); --tcb-applied-color: #fff; }[data-css=\"tve-u-19cffc2acb4\"] { --tcb-local-color-62516: var(--tcb-skin-color-0) !important; min-width: 100% !important; }}@media (max-width: 767px){[data-css=\"tve-u-19aab5dbc2f\"] { font-size: var(--tve-font-size,15px); --tve-font-size: 15px; padding: 7px !important; }[data-css=\"tve-u-19cffc2ac9a\"] { padding: 10px 10px 20px !important; }[data-css=\"tve-u-19cffc2aca4\"] { font-size: var(--tve-font-size,15px); --tve-font-size: 15px; padding: 7px !important; }[data-css=\"tve-u-19cffc2aca6\"] { font-size: var(--tve-font-size,15px); --tve-font-size: 15px; padding: 7px !important; }[data-css=\"tve-u-19cffc2acb1\"] { border-radius: 10px; border-top: 2px solid rgba(0, 152, 231, 0.6) !important; border-bottom: 2px solid rgba(0, 152, 231, 0.6) !important; border-right: none !important; border-left: none !important; }}","tve_user_custom_css":"","tve_globals":{"e":"1","font_cls":[]},"tcb2_ready":1,"tcb_editor_enabled":1,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[32],"tags":[],"class_list":["post-3440","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sso-solutions","post-wrapper","thrv_wrapper"],"_links":{"self":[{"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/posts\/3440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/comments?post=3440"}],"version-history":[{"count":6,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/posts\/3440\/revisions"}],"predecessor-version":[{"id":3451,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/posts\/3440\/revisions\/3451"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/media\/3430"}],"wp:attachment":[{"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/media?parent=3440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/categories?post=3440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.overtsoftware.id\/index.php\/wp-json\/wp\/v2\/tags?post=3440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}