SharePoint has always kept authentication an external subject and SharePoint 2013 is no different. By keeping authentication external and allowing a pluggable interface, SharePoint is able to support a variety of different authentication methods and providers for the following types of authentications:
- Forms based authentication
- Claims (SAML) based authentication
- Windows authentication
There are quite a lot of very informative articles explaining the technical details like the following technet article is an excellent technical source to start planning authentication methods in SharePoint 2013.
This one explains in sufficient technical detail some of the important concepts behind Claims authentication.
But what really prompted me to write this post was a recent interaction with a client who wanted to configure Windows Live authentication on their SharePoint 2013 farm for their external users. He wanted to know the different approaches which SharePoint provides to make this scenario possible. I gave him a simple technical answer that there are two possible approaches they can follow:
- Configure Windows Live Id as a federated authentication provider
- Configure Forms based authentication and authenticate against Windows Live ID using a Membership provider
Interestingly, the discussion turned into a very simple question. What is the end user experience like ? Will the users be redirected to Window Live authentication screen or will they be entering their user credentials on a custom SharePoint form. Configuring Option 1 will redirect end users to Windows Live authentication screen and get them back as authenticated users in SharePoint. Configuring Option 2 will make the users enter their user credentials on a custom SharePoint login form where their credentials are exposed to the partner SharePoint site they are logging in.
So what started off as a fairly technical discussion in which we were evaluating different criteria like
- the complexity of the solution (Option 1: Understanding Claims authentication and Federation etc)
- time to implement (Option 2: It can take more time to fine tune your membership provider)
ended up being a fairly simple conclusion based on what kind of user experience the customer will like to have and then evaluate the different authentication options available.