locked
UAG with mulit-factor authentication - Ad hoc password changes RRS feed

  • Question

  • I am currently working for a company evaluating UAG with multi factor authentication (Active Directory and OTP using Radius OTP Authentication (LDAPS + Radius)).  We are having some problems with Ad-hoc password changes.  If the password is expired then users would be forced to change post logon but for users that want to change the password before expiration there is no provision for this?

    We are looking at just using a "basic" trunk to connect directly to Sharepoint without using the portal.  

    Has anyone done anything about maybe inserting another page postvalidate.asp that would offer the chance to change their AD password or OTP Password or just continuing on if neither is to be changed to the destination URL ?

    Friday, August 19, 2011 8:12 AM

Answers

  • Hi Mattayus,

    UAG has the option of notifying the user that their password may expire in X amount of days. You can find this setting under trunk configuration. I don't recommend creating a basic trunk as you described because you will lose the user tracking capabilities.

    Out of curiosity, what OTP product are you using?

    Thanks
    Dennis
    http://forefrontdennislee.wordpress.com/

    • Marked as answer by Erez Benari Friday, August 26, 2011 10:28 PM
    Saturday, August 20, 2011 5:19 PM
  • Is it an option that you use sharepoint to provide the password change function when you use something like here http://glorix.blogspot.com/2007/10/ad-change-password-webpart.html ? Just if it is an option for you.

    Bye,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/
    • Marked as answer by Erez Benari Friday, August 26, 2011 10:28 PM
    Tuesday, August 23, 2011 1:54 PM

All replies

  • Hi Mattayus,

    UAG has the option of notifying the user that their password may expire in X amount of days. You can find this setting under trunk configuration. I don't recommend creating a basic trunk as you described because you will lose the user tracking capabilities.

    Out of curiosity, what OTP product are you using?

    Thanks
    Dennis
    http://forefrontdennislee.wordpress.com/

    • Marked as answer by Erez Benari Friday, August 26, 2011 10:28 PM
    Saturday, August 20, 2011 5:19 PM
  • Is it an option that you use sharepoint to provide the password change function when you use something like here http://glorix.blogspot.com/2007/10/ad-change-password-webpart.html ? Just if it is an option for you.

    Bye,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/
    • Marked as answer by Erez Benari Friday, August 26, 2011 10:28 PM
    Tuesday, August 23, 2011 1:54 PM