One "Pro" worth mentioning is that SSO usually implies a greater level of security. It's one less password to remember and your organization likely enforces password policies (like changing every x days, complexity, not reusing, etc.) that you may not have enabled with WF because no one wants to have to constantly change their password their as well. Additionally, since we are using ADFS to log in (when we go to WF we are re-directed to our internal access portal and then, once validated, put into WF) we are also in the process of testing adding two factor authentication to our ADFS page for external entry. So, if we are on our work network, we just need our standard credentials but if we are off the network you have to use username/password and have our two factor authentication app to validate. Again, if security is a concern, this helps add an additional layer. Jason Maust McGuireWoods LLP