Two Factor Authentication for Sharepoint

7/27/2019 Two Factor Authentication for Sharepoint

1/7

G

TwoFa

Global

lobal

torAu

SignEnterp

ignE

hentic

risePKIfor

using

terp

tionfo

StrongTw

indowsSh

iseS

Share

FactorCli

rePoint

lutio

ointU

ntAuthen

T

ns

erGui

tication

echnicalR

e

sources


2/7

2

TABLEOFCONTENTS

Introduction......................................................................................................................3

ImplementingtwofactorauthenticationusingActiveDirectory.....................................5

UsingGlobalSignEnterprisePKIto issue,manageandimplementclientcertificatesfor

twofactorauthentication................................................................................................5

UsingtheLDIFDEUtility....................................................................................................6

GlobalSignContactInformation.......................................................................................7

GlobalSignKnowledgeBase..............................................................................................7

SubmitaSupport

Ticket

....................................................................................................

7


3/7

INT

Micro

infor

that

Pass

repla

The i

traffi

client

Light

thata

The

L

canb

canb

perfo

supp

ODUCTI

softSharePoi

ation.

Prot

avebeengra

ordsalonea

attacks

in

trudercanr

is susceptib

and theser

eightDirect

rebasedonf

DAP

Lightwei

eusedforpe

eusedtoexp

rmed inActi

rtbatchope

Nntisapowe

ectingthis

in

ntedaccesst

reanotorio

hichan

intru

euse the tick

le tomanin

er,changes t

ryAccessPr

orgedreques

ght

Data

Inte

rformingbat

ortandimpo

eDirectory.

ationsbased

fultoolthat

ormationis

e

theinforma

slyweak for

derintercept

et to imperso

themiddlea

hepacketsa

otocol (LDAP

sfromtheL

rchange

Form

hoperations

rtdata,allow

Autilitycall

ontheLDIFs

3

allowsusers

ssential,ens

tion.

mof securit

sthe

authen

nate the legi

tacks inwhi

nd then forw

)server,ana

APclient.

at

(LDIF)

is

a

ondirectori

ingbatchop

edLDIFDE is

andard.

oaccessand

ringthat

it

is

. Unsigned

ticationatte

timateuser.

han intrude

ards them to

ttackercanc

n

Internet

dr

sthatconfo

rationssuch

included int

shareawid

onlyviewed

network traf

ptand

the

i

Additionally

r capturesp

theserver.

auseaserve

ft

standard

f

mtotheLD

asAdd,Modi

eWindows

arrayofimp

andshared

b

fic is suscept

ssuanceof

a

,unsignedn

cketsbetwe

If thisoccur

r tomakede

or

a

file

form

Pstandards.

ifyandDelet

peratingsys

ortant

users

ible to

ticket.

twork

n the

sona

isions

t

that

LDIF

tobe

emto


4/7

It isp

user's

using

isthe

Tradit

rights

syste

ofce

adat

Publi

bynu

centr

accou

and

opera

Inthi

user

card.

Serve

auto

ossibletom

account.

thiscertificat

sameasifth

ionally,comp

andtheirac

sbecome

tralisedcont

baselocated

keycertifica

merousparti

liseddataba

nts,notcerti

seraccounts

ting

system

t

smodel,whe

ccountshoul

WindowsS

r2003,Data

atic.

p(orcreate

server appl

e. Iftheus

euserprovid

utersystems

esscontrols.

oreandmor

rolbecomes

onthe

other

tescanhelp

sandcanbe

e. Howeve

ficates. The

is tocreate

continue

us

nauserpre

dbelogged

rver2003,S

enterEditio

anassociatio

cation can t

risauthentic

dauserIDa

haveuseda

Thistechni

edistributed,

unwieldy. T

sideof

the

In

simplifythes

verifiedbysi

r,existingop

simplesolut

amappingb

ing

accounts

entsacertifi

n. Noteth

andardEditi

support log

4

nfrom)ace

enuse publ

ated,thenth

ndpassword,

centraliseda

quehaswor

withhundre

heproblems

ternetto

ad

problems.

mplyexamin

ratingsyste

ion,onethat

etweenace

hile

the

larg

cate,thesyst

tthisshould

n;Windows

gingonwith

tificatethat

ic key crypto

euser'sacco

yettheproc

ccountsdata

edwellandi

dsofthousan

rangefromtr

inisteringal

Certificates

ingthecertifi

sandadmin

maintainsth

tificateand

er

"system"

a

emlooksatt

notbeconfu

Server2003,

a smart car

asbeen issu

raphy to au

ntislogged

ssismuchm

asetomana

wellunders

dstomillion

yingtoverify

ngthylist

of

anbewidel

cate,without

istrationtool

advantages

useraccou

nd

the

user

u

hemapping

sedwithlogg

EnterpriseEd

usingacco

edtoauser

thenticate th

on. Theend

oremanagea

geusers,the

tood. Howe

sofusers,thi

anaccount

users.

distributed,

havingtoref

canonlyde

ofbothcerti

t. Thisallo

se

certificate

odetermine

ingonwitha

ition;andWi

ntmapping

tothe

euser

result

ble.

iruser

ver,as

sform

gainst

issued

ertoa

lwith

ficates

s the

.

which

smart

ndows

hat is


5/7

IMP

DIR

Activ

auth

site,t

then

useri

USI

IMP

Impo

Globa

LEMENTI

CTORY

Directoryc

nticationint

heserverwil

crossreferen

sthenallowe

G GLO

LEMENT

tingyourcer

lSign. Youc

ePKI

G TW

nbe

used

t

SharePoint

lasktheuse

edwiththe

daccesstoth

ALSIGN

LIENTCE

tificatesinto

ancreatecus

OFACTO

store

client

ndotherWi

toprovidea

certificatest

eloginscree

ENTERP

RTIFICAT

ActiveDirect

tomtemplate

5

AUT

certificates,

dowsprodu

certificatef

redforthat

.

ISE PKI

SFORT

oryisaneas

stoexportin

LDIF

ENTICATI

hichcan

th

ts. Whena

rauthenticat

user inActiv

TO IS

OFACTO

processify

toanLDIFfil

N US

nbe

used

t

usertriesto

ion. Thepr

Directory.

UE, M

RAUTHE

uhaveane

.

ctiveDir

ING AC

set

up

dual

accessaShar

ovidedcertifi

Ifthesemat

NAGE,

TICATIO

KIaccountt

ectory

TIVE

factor

ePoint

cateis

h,the

AND

.

rough


6/7

USI

Using

Direc

expor

Activ

tosu

GTHEL

the LDIFDE

ory. Thisca

tandimport

Directory.

portbatcho

IFDEUTI

command in

nbeusedto

data,allowin

Autilitycalle

erationsbas

ITY

Windows co

addandsub

gbatchoper

dLDIFDEisi

edontheLDI

6

mmand pro

tractusers,a

ationssucha

cludedinth

Fstandard.

pt, you can

mendcurren

sAdd,Modif

Windows2

import an L

dataetc.

andDelete

002008R

DIF file into

DIFcanbeu

tobeperfor

operatings

Active

sedto

edin

stems


7/7

7

GLOBALSIGNCONTACTINFORMATION

GlobalSignAmericasTel:1

877

775

4562

www.globalsign.com

[email protected]

GlobalSignEUTel:

+32

16

891900

www.globalsign.eu

[email protected]

GlobalSignUKTel:

+44

1622

766766

www.globalsign.co.uk

[email protected]

GlobalSignFRTel:+33182880124

www.globalsign.fr

[email protected]

GlobalSignDETel:+493088789310

www.globalsign.de

[email protected]

GlobalSignNLTel:+31208908021

www.globalsign.nl

[email protected]

CONTACTINGSUPPORT:

GLOBALSIGNKNOWLEDGEBASE

If you require assistance during the ordering or installation process, you can search for help by

consultingtheGlobalSignKnowledgeBase:

https://www.globalsign.com/support/

SUBMITASUPPORTTICKETIfyoucannotfindtheanswertoyourquestioninourKnowledgeBase,pleasesubmityourquestionvia

ourSupportTicketRequestForm:

https://www.globalsign.co.uk/help/

Two Factor Authentication for Sharepoint

Documents

Transcript of Two Factor Authentication for Sharepoint