Enhancing SharePoint 2010 Authentication

You may already know that a Microsoft SharePoint 2010 Website can be configured for a number of authentication types:

  1. Windows Authentication (NTLM, Kerberos, Anonymous, Basic and Digest)
  2. Forms-based authentication (LDAP, SQL and Custom membership and role providers).

But what do you do if you want stronger authentication for your SharePoint site or maybe provide your SP users with Self-Service Password Management (SSPM). The good news is that SharePoint 2010 can also be configured for Claims Based (or SAML Token) authentication which expands the options available to include the options provided by the authentication mechanism used by the SAML Identity Provider (IdP) submitting the claims. Claims-based authentication allows for a website or application to request a SAML token from a third party IdP. The IdP now has the responsibility of authenticating the user before generating and returning the SAML token. This allows the additional authentication features of the IdP to be shared by the SharePoint web site.

Let’s say you are interested in providing Two Factor Authentication (2FA) for your SharePoint users as well as allowing them SSPM. Let’s also say that you have a SAML IdP that uses a proprietary authentication service which provides 2FA and SSPM to the user’s in the repository. The trick now is to allow SharePoint to take advantage of the IdP’s features.

SharePoint 2010 can be integrated with a third party IdP to request a SAML token for the authentication of a website user. Configuration changes must take place on the SharePoint side as well as the IdP. The SharePoint web site is configured to use the SAML protocol to send a SAML request to the IdP. On the IdP, a Relying Party Trust for the SharePoint site must be created/specified. In addition to identifying the SharePoint web site in the Relying Party, claims (attributes about the user) are also specified. These claims are sent to the SP site within the SAML token. The SAML token lets the site know that the user is authenticated and the claims are used by the site to determine whether or not that user has access to the requested website resource. Don’t forget, a user can be authenticated, but still not have access to all of the resources on the site.

This is all great you say, but I was promised 2FA and SSPM for my users. Where do these features fit into the integration? Well, remember that the IdP has to first authenticate the user before it will generate and deliver the SAML token. The IdP is employing a third party authentication appliance that supports the 2FA and SSPM while the user is authenticating.

So, whether you have an IdP in place or not, configuring SharePoint to authenticate with features not natively provided by SharePoint can be achieved without too much trouble. Either put an IdP in place or use your existing IdP to enhance the security and usability of your SharePoint user’s experience.

PortalGuard Climbs the SharePoint Summit

Climb the Sharepoint Summit

Come join PortalGuard by PistolStar, Inc. at the SharePointPro Virtual Conference, Climbing the Sharepoint Summit. No need to leave your office, just join us online to ask us any questions you like May 20th 9:00am-4:00pm EST. The best part is that registration is open to anyone and free!

Come see if PortalGuard is right for your company! See how you can meet or exceed your security objectives, including:

  • Stronger Authentication
  • Reducing Risk – both financial and security
  • Enhance compliance with both security and industry standards
  • Deliver effective password policies
  • Implement Best Practices

And Many More…

Conference Website & Information

PortalGuard Homepage

PortalGuard has Great Success at the 2010 SharePointPro Summit & Expo

Thanks for Stopping By!

We first would like to extend a thank you out to those of you who stopped by our booth at the SharePointPro Summit this year. It was fascinating to hear about how SharePoint authentication and security is being handled, what specific requirements you are looking for, and how PortalGuard or Tailored Authentication could help you with your SharePoint security needs.

If you did not have a chance to see us at the show, then we encourage you to visit PortalGuard.com, to see how PortalGuard is the solution for meeting and exceeding your security objectives. PortalGuard is supported on multiple platforms including Microsoft SharePoint/IIS, IBM Websphere/Websphere Portal, and Lotus Domino.

PortalGuard:

PortalGuard is an authentication and security solution that allows end-users to securely authenticate and manage their portal login credentials directly from a Web browser, while providing administrators with functionality to meet or exceed their security objectives. With PortalGuard, administrators can implement best practices for ensuring stronger and consistently secure authentication. Learn More…

Extensible Authentication Framework:

Many of our customers implement our standard Password Power Plug-ins – the authentication software framework offers robust functionality and feature-rich security, access control, and password management.

But for those customers who have a unique user base, organizational complexities, specific security and compliance requirements or multiple and diverse applications, our expert professional services and development team will develop a solution adapted to their environment and delivered within the framework of our standard Password Power software product, including ongoing technical support. Learn More…

PistolStar Brings PortalGuard to the SharePointPro Summit & Expo

 

PistolStar Brings PortalGuard to the SharePointPro Summit & Expo on March 17th & 18th, in Las Vegas!

Come stop by booth #508 for more information on:

PortalGuard:

PortalGuard is an authentication and security solution that allows end-users to securely authenticate and manage a portal password directly from a Web browser, while providing administrators with functionality to meet or exceed their security objectives. With PortalGuard, administrators can implement best practices for ensuring stronger and consistently secure authentication.

Security & Auditing:

  • One-Time Password – stop being vulnerable to replay attacks
  • Limit multiple concurrent logon sessions – prevent multiple users from logging in with the same set of credentials
  • Define strike-out limits by person, group or hierarchy – Alerts are emailed when strike-out limits are exceeded
  • Lockout inactive users after “n” days – Identify and stop access to dormant user accounts

 Help Desk and End-User Productivity:

  • Self-service Active Directory password reset via challenge question/response — Highly configurable and secure!
  • Prove your identity to the help desk – by providing highly configurable challenge question and answer functionality

 Services:

  • Tailored Authentication – we deliver a product that will fit precisely with your environment
  • Excellent Customer Service – receive support directly from the developers
  • Easy deployment — let us take you by the hand

 

† Fully supports & enhances multiple platforms and portals — IBM Lotus Domino (AIX, Solaris, Windows, System i, Linux), IBM WebSphere/WebSphere Portal, and Microsoft SharePoint

For more information please visit: PortalGuard.com