This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 64%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
I have a weird scenario. There are many companies that are owned by one company. We are moving to a cloud based helpdesk system that supports SAML authentication for SSO. Ultimately all companies will be in a single forest, but for now each company has their own domain and Forest/Domain/External trusts will not be allowed. Can ADFS be set up such that each Forest has an ADFS server with a relaying party trust to "The Root Domain" and have the ADFS in "The Root Domain" have a relaying party trust using SAML to the SAML SP? Can SAML SP authentication requests be handled with this scenario for SSO?
You can have federation between domains or trusts but not both.
If you have 2 top level domains with no trust like contoso.com and fabrikam.com they can each have an ADFS Server and be federated to each other. But if the 2 domains have a 2- way trust then only 1 ADFS Should be used as it is a client to AD and would use UPN suffix routing just like any other AD client would.
--
Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.