locked
two-factor authentication to edge servers RRS feed

  • Question

  • Hi, is there anyway to do two-factor authentication to the edge servers for users on the internet?
    Wednesday, August 22, 2007 9:46 AM

Answers

  • This is a very interesting question.  The current Microsoft stance is that 2-factor Auth may be a possiblity in Wave 14...next version of OCS.  It will not be included in Wave 13  Yet, it seem this requirement isn't a high priority for the OCS product group...too many fish to fry.  

     

    The company I work for owns RSA and we have been looking for 2-factor Auth for Communicator for a while.  We have tested fronting OCS Edge Servers with ISA + Radius with very little success...forget about tokens for now.  One option is CWA with Radius Authentication but that doesn't really cut it for the Power User.

     

    In the end, we have come to an agreement with InfoSec that allows our users to access the OCS Edge Servers without 2-factor Authentication during normal business hours.  As each quarter ends and our moritoriums start, this access is shutdown.

     

    Not an optimal situation, but it's better than VPN.  

     

    Rob
    Thursday, April 3, 2008 7:01 AM

All replies

  • I think you need to look in to products like Application Gateways

    http://www.microsoft.com/forefront/edgesecurity/iag/default.mspx

     

    Deli

     

    Friday, December 14, 2007 3:27 PM
  • This is a very interesting question.  The current Microsoft stance is that 2-factor Auth may be a possiblity in Wave 14...next version of OCS.  It will not be included in Wave 13  Yet, it seem this requirement isn't a high priority for the OCS product group...too many fish to fry.  

     

    The company I work for owns RSA and we have been looking for 2-factor Auth for Communicator for a while.  We have tested fronting OCS Edge Servers with ISA + Radius with very little success...forget about tokens for now.  One option is CWA with Radius Authentication but that doesn't really cut it for the Power User.

     

    In the end, we have come to an agreement with InfoSec that allows our users to access the OCS Edge Servers without 2-factor Authentication during normal business hours.  As each quarter ends and our moritoriums start, this access is shutdown.

     

    Not an optimal situation, but it's better than VPN.  

     

    Rob
    Thursday, April 3, 2008 7:01 AM
  • Thanks for that. We had similar advise from MS. Do you think machine certificates and 801.x certicates would work?
    Thursday, April 3, 2008 10:02 AM
  • We've considered using certificates in an attempt to achieve some level of 2-factor Authentication but it hasn't gone beyond discussion so far.  I do intend to test this and once I do, I'll post my findings.

     

     

    Thx;

     

    Rob 

     

    Saturday, April 5, 2008 3:03 PM