A system for authenticating computer users comprising, a single active directory disposed in a federated partner, a web server disposed in a DMZ associated with the intranet; and a client disposed in the federated partner coupled to the web server through an internet connection that is capable of signing on to the web server.