Two Factor Authentication for Sharepoint
-
Upload
luis-oswaldo-velasquez-lovera -
Category
Documents
-
view
225 -
download
0
Transcript of Two Factor Authentication for Sharepoint
-
7/27/2019 Two Factor Authentication for Sharepoint
1/7
G
TwoFa
Global
lobal
torAu
SignEnterp
ignE
hentic
risePKIfor
using
terp
tionfo
StrongTw
indowsSh
iseS
Share
FactorCli
rePoint
lutio
ointU
ntAuthen
T
ns
erGui
tication
echnicalR
e
sources
-
7/27/2019 Two Factor Authentication for Sharepoint
2/7
2
TABLEOFCONTENTS
Introduction......................................................................................................................3
ImplementingtwofactorauthenticationusingActiveDirectory.....................................5
UsingGlobalSignEnterprisePKIto issue,manageandimplementclientcertificatesfor
twofactorauthentication................................................................................................5
UsingtheLDIFDEUtility....................................................................................................6
GlobalSignContactInformation.......................................................................................7
GlobalSignKnowledgeBase..............................................................................................7
SubmitaSupport
Ticket
....................................................................................................
7
-
7/27/2019 Two Factor Authentication for Sharepoint
3/7
INT
Micro
infor
that
Pass
repla
The i
traffi
client
Light
thata
The
L
canb
canb
perfo
supp
ODUCTI
softSharePoi
ation.
Prot
avebeengra
ordsalonea
attacks
in
trudercanr
is susceptib
and theser
eightDirect
rebasedonf
DAP
Lightwei
eusedforpe
eusedtoexp
rmed inActi
rtbatchope
Nntisapowe
ectingthis
in
ntedaccesst
reanotorio
hichan
intru
euse the tick
le tomanin
er,changes t
ryAccessPr
orgedreques
ght
Data
Inte
rformingbat
ortandimpo
eDirectory.
ationsbased
fultoolthat
ormationis
e
theinforma
slyweak for
derintercept
et to imperso
themiddlea
hepacketsa
otocol (LDAP
sfromtheL
rchange
Form
hoperations
rtdata,allow
Autilitycall
ontheLDIFs
3
allowsusers
ssential,ens
tion.
mof securit
sthe
authen
nate the legi
tacks inwhi
nd then forw
)server,ana
APclient.
at
(LDIF)
is
a
ondirectori
ingbatchop
edLDIFDE is
andard.
oaccessand
ringthat
it
is
. Unsigned
ticationatte
timateuser.
han intrude
ards them to
ttackercanc
n
Internet
dr
sthatconfo
rationssuch
included int
shareawid
onlyviewed
network traf
ptand
the
i
Additionally
r capturesp
theserver.
auseaserve
ft
standard
f
mtotheLD
asAdd,Modi
eWindows
arrayofimp
andshared
b
fic is suscept
ssuanceof
a
,unsignedn
cketsbetwe
If thisoccur
r tomakede
or
a
file
form
Pstandards.
ifyandDelet
peratingsys
ortant
users
ible to
ticket.
twork
n the
sona
isions
t
that
LDIF
tobe
emto
-
7/27/2019 Two Factor Authentication for Sharepoint
4/7
It isp
user's
using
isthe
Tradit
rights
syste
ofce
adat
Publi
bynu
centr
accou
and
opera
Inthi
user
card.
Serve
auto
ossibletom
account.
thiscertificat
sameasifth
ionally,comp
andtheirac
sbecome
tralisedcont
baselocated
keycertifica
merousparti
liseddataba
nts,notcerti
seraccounts
ting
system
t
smodel,whe
ccountshoul
WindowsS
r2003,Data
atic.
p(orcreate
server appl
e. Iftheus
euserprovid
utersystems
esscontrols.
oreandmor
rolbecomes
onthe
other
tescanhelp
sandcanbe
e. Howeve
ficates. The
is tocreate
continue
us
nauserpre
dbelogged
rver2003,S
enterEditio
anassociatio
cation can t
risauthentic
dauserIDa
haveuseda
Thistechni
edistributed,
unwieldy. T
sideof
the
In
simplifythes
verifiedbysi
r,existingop
simplesolut
amappingb
ing
accounts
entsacertifi
n. Noteth
andardEditi
support log
4
nfrom)ace
enuse publ
ated,thenth
ndpassword,
centraliseda
quehaswor
withhundre
heproblems
ternetto
ad
problems.
mplyexamin
ratingsyste
ion,onethat
etweenace
hile
the
larg
cate,thesyst
tthisshould
n;Windows
gingonwith
tificatethat
ic key crypto
euser'sacco
yettheproc
ccountsdata
edwellandi
dsofthousan
rangefromtr
inisteringal
Certificates
ingthecertifi
sandadmin
maintainsth
tificateand
er
"system"
a
emlooksatt
notbeconfu
Server2003,
a smart car
asbeen issu
raphy to au
ntislogged
ssismuchm
asetomana
wellunders
dstomillion
yingtoverify
ngthylist
of
anbewidel
cate,without
istrationtool
advantages
useraccou
nd
the
user
u
hemapping
sedwithlogg
EnterpriseEd
usingacco
edtoauser
thenticate th
on. Theend
oremanagea
geusers,the
tood. Howe
sofusers,thi
anaccount
users.
distributed,
havingtoref
canonlyde
ofbothcerti
t. Thisallo
se
certificate
odetermine
ingonwitha
ition;andWi
ntmapping
tothe
euser
result
ble.
iruser
ver,as
sform
gainst
issued
ertoa
lwith
ficates
s the
.
which
smart
ndows
hat is
-
7/27/2019 Two Factor Authentication for Sharepoint
5/7
IMP
DIR
Activ
auth
site,t
then
useri
USI
IMP
Impo
Globa
LEMENTI
CTORY
Directoryc
nticationint
heserverwil
crossreferen
sthenallowe
G GLO
LEMENT
tingyourcer
lSign. Youc
ePKI
G TW
nbe
used
t
SharePoint
lasktheuse
edwiththe
daccesstoth
ALSIGN
LIENTCE
tificatesinto
ancreatecus
OFACTO
store
client
ndotherWi
toprovidea
certificatest
eloginscree
ENTERP
RTIFICAT
ActiveDirect
tomtemplate
5
AUT
certificates,
dowsprodu
certificatef
redforthat
.
ISE PKI
SFORT
oryisaneas
stoexportin
LDIF
ENTICATI
hichcan
th
ts. Whena
rauthenticat
user inActiv
TO IS
OFACTO
processify
toanLDIFfil
N US
nbe
used
t
usertriesto
ion. Thepr
Directory.
UE, M
RAUTHE
uhaveane
.
ctiveDir
ING AC
set
up
dual
accessaShar
ovidedcertifi
Ifthesemat
NAGE,
TICATIO
KIaccountt
ectory
TIVE
factor
ePoint
cateis
h,the
AND
.
rough
-
7/27/2019 Two Factor Authentication for Sharepoint
6/7
USI
Using
Direc
expor
Activ
tosu
GTHEL
the LDIFDE
ory. Thisca
tandimport
Directory.
portbatcho
IFDEUTI
command in
nbeusedto
data,allowin
Autilitycalle
erationsbas
ITY
Windows co
addandsub
gbatchoper
dLDIFDEisi
edontheLDI
6
mmand pro
tractusers,a
ationssucha
cludedinth
Fstandard.
pt, you can
mendcurren
sAdd,Modif
Windows2
import an L
dataetc.
andDelete
002008R
DIF file into
DIFcanbeu
tobeperfor
operatings
Active
sedto
edin
stems
-
7/27/2019 Two Factor Authentication for Sharepoint
7/7
7
GLOBALSIGNCONTACTINFORMATION
GlobalSignAmericasTel:1
877
775
4562
www.globalsign.com
GlobalSignEUTel:
+32
16
891900
www.globalsign.eu
GlobalSignUKTel:
+44
1622
766766
www.globalsign.co.uk
GlobalSignFRTel:+33182880124
www.globalsign.fr
GlobalSignDETel:+493088789310
www.globalsign.de
GlobalSignNLTel:+31208908021
www.globalsign.nl
CONTACTINGSUPPORT:
GLOBALSIGNKNOWLEDGEBASE
If you require assistance during the ordering or installation process, you can search for help by
consultingtheGlobalSignKnowledgeBase:
https://www.globalsign.com/support/
SUBMITASUPPORTTICKETIfyoucannotfindtheanswertoyourquestioninourKnowledgeBase,pleasesubmityourquestionvia
ourSupportTicketRequestForm:
https://www.globalsign.co.uk/help/