Hey @Daniel-Loyer ,
Active Directory Federation Services is used to establish a trust relationship between two (or more) Active Directory domains.
For example, company A has an Active Directory domain, domainA. Within this domain there is trust between all nodes and AD. Users can authenticate with any domain controller from domainA, and access resources throughout domainA.
Company B also has an Active Directory domain, domainB. Within this domain there is trust between all nodes and AD. Users can authenticate with any domain controller from domainB, and access resources throughout domainB.
A user in domainB, Bob, wants to access resources in domainA. He has logged in to domainB, but domainA doesn't trust domainB and doesn't trust the authentication token Bob has from domainB. Bob cannot access resources in domainA. Bob would need an account in domainA (another username/password to remember).
To fix this, one solution is Federation Services. We can establish a federation between domainA and domainB. Once the federation is created, domainA will trust domainB's authentication process. Bob will try to access resources in domainA, and present his authentication token he received from domainB. Because domainA now trusts domainB (thanks to the federation) domainA can grant access to Bob, even though he was authenticated by domain controllers from another domain. Bob doesn't need a second account/password to access resources in domainA.
In short, Federation Services allows us to create a trust between two separate security realms. It allows the resource partner to remain in control of the resource and the access level, and allows the account partner to remain in control of the user accounts.
Federation Services is installed on top of Active Directory. Both companies would need AD already established. Both sides would also need to install AD Federation Services as well, and configure the appropriate federation policies.
**if the post above has answered the question, please mark the topic as solved.