GlobalSign Enterprise Solutions



Similar documents
GlobalSign Customers. Enterprise PKI Client Authentication User Guide. Employing authentication as an additional security layer to the EPKI platform

GlobalSign Enterprise PKI Support. GlobalSign Enterprise Solution EPKI Administrator Guide v2.4

GLOBALSIGN WHITE PAPER. Taking BYOD Too Far. How to avoid the pitfalls of striving for BYOD utopia.

GlobalSign Integration Guide

GlobalSign Enterprise Solutions

GlobalSign Enterprise Solutions Google Apps Authentication User Guide

PRiSM Security. Configuration and considerations

GlobalSign Solutions. PersonalSign Digital Certificates. Installation Guide

OpenHRE Security Architecture. (DRAFT v0.5)

GlobalSign Enterprise Solutions

Quality Center LDAP Guide

StarTeam/CaliberRM LDAP QuickStart Manager Administration Guide

Step-by-Step Guide to Bulk Import and Export to Active Directory

CA SiteMinder SSO Agents for ERP Systems

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

Section 4 Application Description - LDAP

ADVANCE AUTHENTICATION TECHNIQUES

GlobalSign Solutions. Using a GlobalSign PersonalSign Certificate to Apply Digital Signatures in Microsoft Office Documents

Leverage Active Directory with Kerberos to Eliminate HTTP Password

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Step-by-Step Guide to Active Directory Bulk Import and Export

TechJam Active Directory Auditing Presenter Matt Warburton Professional Services

WHITE PAPER. Active Directory and the Cloud

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Certificate Inventory Tool (CIT) Quick Start Guide

Managing Identities and Admin Access

Content Filtering Client Policy & Reporting Administrator s Guide

User Management Guide

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Using LDAP Authentication in a PowerCenter Domain

Active Directory LDAP

Malware Monitoring Service Powered by StopTheHacker

Table of Contents. Introduction. Audience. At Course Completion

F5 BIG-IP V9 Local Traffic Management EE Demo Version. ITCertKeys.com

GlobalSign Malware Monitoring

App Orchestration 2.0

HP Device Manager 4.6

Single Sign-on (SSO) technologies for the Domino Web Server

Enterprise Public Key Infrastructure (EPKI) Manager. Version 3.5

GlobalSign Enterprise Solutions

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Strong Encryption for Public Key Management through SSL

HP Device Manager 4.7

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Administering the Web Server (IIS) Role of Windows Server

Owner of the content within this article is Written by Marc Grote

Installing CaseMap Server User Guide

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

QUESTION: 1 Which of the following are valid authentication user group types on a FortiGate unit? (Select all that apply.)

Entrust Managed Services PKI Administrator Guide

Cloud Services. Sharepoint. Admin Quick Start Guide

Using Entrust certificates with VPN

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham

App Orchestration 2.5

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Module 1: Introduction to Active Directory Infrastructure

Authentication Methods

ThinManager and Active Directory

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Copyright: WhosOnLocation Limited

Configuring Windows Server 2008 Active Directory

How to Resolve Login Errors with Business Objects XI

AVG Business SSO Connecting to Active Directory

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

10972B: Administering the Web Server (IIS) Role of Windows Server

R4: Configuring Windows Server 2008 Active Directory

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Lotus Domino Security

Interstage Application Server V7.0 Single Sign-on Operator's Guide

CA Nimsoft Service Desk

Importing data from Linux LDAP server to HA3969U

Overview of Domain SSL

Chapter 3 Authenticating Users

qliqdirect Active Directory Guide

Technical Guideline eid-server. Part 2: Security Framework

365 Services. 1.1 Configuring Access Manager Prerequisite Adding the Office 365 Metadata. docsys (en) 2 August 2012

Introduction to Endpoint Security

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

How to Configure Active Directory based User Authentication

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Welcome to Business Internet Banking

Binding an OS X computer to Active Directory at NEIU (Existing User)

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Transcription:

GlobalSign Enterprise Solutions Two Factor Authentication for SharePoint User Guide GlobalSign Enterprise PKI for Strong Two Factor Client Authentication using Windows SharePoint

INTRODUCTION Microsoft SharePoint is a powerful tool that allows users to access and share a wide array of important information. Protecting this information is essential, ensuring that it is only viewed and shared by users that have been granted access to the information. Passwords alone are a notoriously weak form of security. Unsigned network traffic is susceptible to replay attacks in which an intruder intercepts the authentication attempt and the issuance of a ticket. The intruder can reuse the ticket to impersonate the legitimate user. Additionally, unsigned network traffic is susceptible to man in the middle attacks in which an intruder captures packets between the client and the server, changes the packets, and then forwards them to the server. If this occurs on an LDAP server, an attacker can cause a server to make decisions that are based on forged requests from the LDAP client. Implementing two factor authentication using Active Directory Active Directory can be used to store client certificates, which can then be used to set up dual factor authentication into SharePoint and other Windows products. When a user tries to access a SharePoint site, the server will ask the user to provide a certificate for authentication. The provided certificate is then cross referenced with the certificate stored for that user in Active Directory. If these match, the user is then allowed access to the login screen. GlobalSign Two Factor Authentication for SharePoint Solution Guide v1.0 2

Using GlobalSign Enterprise PKI to issue, manage, and implement client certificates for two factor authentication. epki LDIF Active Directory Importing your certificates into Active Directory is an easy process if you have an epki account through GlobalSign. You can create custom templates to export into an LDIF file. The LDAP Data Interchange Format (LDIF) is a standard plain text dataa interchangee format for representing LDAP (Lightweight Directory Access Protocol) directory content and update requests. In other words, it is the standard file format for importing and exporting Active Directory objects. GlobalSign Two Factor Authentication for SharePoint Solution Guide v1.0 3

Using the LDIFDE command in Windows command prompt, you can import an LDIF file into Active Directory. This can be used to add/ subtract users, amend current data, etc. LDIF can be used to export and import data, allowing batch operations such as Add, Modify, and Delete to be performed in Active Directory. A utility called LDIFDE is included in the Windows 2000 2008 R2 operating systems to support batch operations based on the LDIF standard. Using the LDIFDE Utility The LDAP Data Interchange Format (LDIF) is an Internet draft standard for a file format that can be used for performing batch operations on directories that conform to the LDAP standards. LDIF can be used to export and import data, allowing batch operations such as Add, Modify, and Delete to be performed in Active Directory. A utility called LDIFDE is included in the Windows operating system to support batch operations based on the LDIF standard. It is possible to map (or create an association from) a certificate that has been issued to a user to the user'ss account. A server application can then use public key cryptography to authenticate the user using this certificate. If the user is authenticated, then the user's account is logged on. The end result is the same as if the user provided a user ID and password, yet the process is much more manageable. GlobalSign Two Factor Authentication for SharePoint Solution Guide v1.0 4

Traditionally, computer systems have used a centralized accounts database to manage users, their user rights, and their access controls. This technique has worked well and is well understood. However, as systems become more and more distributed with hundreds of thousands to millions of users this form of centralized control becomes unwieldy. The problems range from trying to verify an account against a database located on the other side of the Internet to administering a lengthy list of users. Public key certificates can help simplify these problems. Certificates can be widely distributed, issued by numerous parties, and can be verified by simply examining the certificate, without having to refer to a centralized database. However, existing operating systems and administration tools can only deal with accounts, not certificates. The simple solution one that maintains the advantages of both certificates and user accounts is to create a mapping between a certificate and a user account. This allows the operating system to continue using accounts while the larger "system" and the user use certificates. In this model, when a user presents a certificate, the system looks at the mapping to determine which user account should be logged on. (Note that this should not be confused with logging on with a smart card. Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition support logging on with a smart card using account mapping that is automatic.) GLOBALSIGN CONTACT INFORMATION GlobalSign Americas Tel: 1 877 775 4562 www.globalsign.com sales us@globalsign.com GlobalSign EU Tel: +32 16 891900 www.globalsign.eu sales@globalsign.com GlobalSign UK Tel: +44 1622 766766 www.globalsign.co.uk sales@globalsign.com GlobalSign FR Tel: +33 1 82 88 01 24 www.globalsign.fr ventes@globalsign.com GlobalSign DE Tel: +49 30 8878 9310 www.globalsign.de verkauf@globalsign.com GlobalSign NL Tel: +31 20 8908021 www.globalsign.nl verkoop@globalsign.com GlobalSign Two Factor Authentication for SharePoint Solution Guide v1.0 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information