locked
Need Multi-factor authentication on the company website hosted on share-point. RRS feed

  • Question

  • Hi Guys,

    we have our company website where all users data and records are kept. So to provide more authentication we require MFA on that website through Azure. Please let us know what all we need to do to achieve it. Any link and reference will appreciated.

    We actually need to register the web application with Azure AD. and we dont know what to put in the tab option asking for APP ID URL.

    Please help.


    Amit Singh |Project Consultant (System center)


    Friday, June 10, 2016 1:16 PM

Answers

  • Hi Amit,

    I hope its correct method for MFA on your company website.

    And also, refer the alternative methods for achieve MFA on your company website.

    Planning to publish Applications using Web Application Proxy”.

    Publish applications using Azure AD Application Proxy”.

    If you want to achieve through Kerberos constrained delegation, you can use plan NTP.

    When using AD FS pre-authentication, the time of all Web Application Proxy servers must be identical to the time of the AD FS servers so that the timestamps on claims match. The time of all Web Application Proxy servers must be identical to the time of the applications servers when using Kerberos constrained delegation. It is recommended to enable Network Time Protocol (NTP) on all Web Application Proxy and AD FS servers.

    Hope this helps.

    Regards,

    Pradeep

     

    If a post answers your question, please click Mark as Answer on that post and Vote as Helpful.

    Wednesday, June 15, 2016 6:51 AM

All replies

  • Hi Amit,

    Thank you for posting here!

    Enter the base URL of the website that will encompass all pages to which a user might navigate. Partial directory prefixes are allowed (Ex: https://www.abc.com/sitename). Wildcard characters are allowed for hostname (Ex: https://*/sitename).

    The IIS Authentication section of the Azure Multi-Factor Authentication Server allows you to enable and configure IIS authentication for integration with Microsoft IIS web applications. The Azure Multi-Factor Authentication Server installs a plug-in which can filter requests being made to the IIS web server in order to add Azure Multi-Factor Authentication. The IIS plug-in provides support for Form-Based Authentication and Integrated Windows HTTP Authentication. Trusted IPs can also be configured to exempt internal IP addresses from two-factor authentication.

    For more information, kindly refer the link given below:

    https://azure.microsoft.com/en-in/documentation/articles/multi-factor-authentication-get-started-server-iis/

    And also, please check “Multi-Factor Authentication on SharePoint using AD”.

    Hope this helps.

    Disclaimer:

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Regards,

    Pradeep

    If a post answers your question, please click Mark as Answer on that post and Vote as Helpful.

    Saturday, June 11, 2016 7:46 AM
  • Hi Pradeep,

    Thanks for your reply.

    Just for second option. please let me know if  i am doing correct method for my organisation.

    We are using sharepoint web application and wants to apply MFA on the same web application. But currently we are using NTLM as authentication and that is not supported by azure.

    To enable MFA we are integrating the web application to the azure.

    Register the web application with the Azure Active directory, use Azure Multifactor Authentication server for second factor.

    High Level Steps:

    • Needs a configuration change on the web application side so that it can federated with Azure AD
    • Register the web application in Azure AD using the Add an application my organization is developing
    • Use Azure Multifactor authentication server for second factor

    Multifactor Authentication (Cloud) - Integrated into Azure Active Directory

    https://azure.microsoft.com/en-in/documentation/articles/multi-factor-authentication/

    • Authentication protocols supported by Azure AD - WSFED ,SAML,OAUTH, Open ID


    Amit Singh |Project Consultant (System center)

    Tuesday, June 14, 2016 3:34 PM
  • Hi Amit,

    I hope its correct method for MFA on your company website.

    And also, refer the alternative methods for achieve MFA on your company website.

    Planning to publish Applications using Web Application Proxy”.

    Publish applications using Azure AD Application Proxy”.

    If you want to achieve through Kerberos constrained delegation, you can use plan NTP.

    When using AD FS pre-authentication, the time of all Web Application Proxy servers must be identical to the time of the AD FS servers so that the timestamps on claims match. The time of all Web Application Proxy servers must be identical to the time of the applications servers when using Kerberos constrained delegation. It is recommended to enable Network Time Protocol (NTP) on all Web Application Proxy and AD FS servers.

    Hope this helps.

    Regards,

    Pradeep

     

    If a post answers your question, please click Mark as Answer on that post and Vote as Helpful.

    Wednesday, June 15, 2016 6:51 AM