We are on DNN for our Portal and it can be accessed through a login and password. I would like to understand how can we implement MFA(multi factor Authentication)
Can somebody guide as to what is required. This portal is also further connected with Dynamics 365 for the data. Is there any documentation that you could refer us to?
Thanks,
Jalpa Shah
What you need is an authentication provider for DNN that implements MFA.
If you go to store.dnnsoftware.com and search for "authentication" then you will find some modules.
Note: I don't have any experience with any MFA on DNN, but that's where I would start.
The other option would be to create your own MFA provider. You might want to poke around the DNN Community section of GitHub, too.
Typically I would recommend the usage of a commercial module, such as the one my company makes DNN Simple 2 Factor Authenticaiton.
However, you note that you are also looking at a connection with Dynamics 365, which most likely makes that option not a route.
If using Dynamics365 for authentication, you will want to look at configuration within Dynamics to configure/enforce the 2FA processes.
Related
I need a method where I can destroy all user sessions after a product release forcing them to login.
It can be a manual step on portal, I just need to be able to do it.
I can't find anything in the documentation, and the quite generic potential search terms only appear to provide solutions and approaches to different issues.
Is this possible and if so, can you point me in the direction?
Thanks
I have confirmed this with Azure support engineer. Azure B2C doesn't support such feature that sign all users out.
Hey Guys i just quickly wanted to double check – as far as i know there is no way to implement the Microsoft Azure Login into an existing Website / Style – is this correct or is there any kind of work-around?
It really is annoying that customers need to "jump of" our page to azure to login in.
You can choose e.g. the background image. But, of course you can do the authentication back-end yourself, using the Microsoft Authentication libraries. See here for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios
does anybody have a manuel that describes the steps to create an anonymous
user authentication in SharePoint 2010 (Website for the internet with no authentication).
For editing an admin has to log in
with forms authentication. Can I hold the admin somewhere in the web.config with
membership provider ? Or do I need to install SQL Server somewhere for that task ?
Thanx a lot.
Stephan
Ah - you need SQL Server installed somewhee ANYWAY - SharePoint makes heavy use of SQL Server.
I would think that any valid ASP.NET membership provider should work with SharePoint, so in theory you should be able to write your own XML-based or text-based provider and store the admin username and password there.
But it's too much work and a bit risky. And in all honesty I would personally avoid trying anything like that since SharePoint is a complex enough behemoth by itself.
Since you only want an admin to be able to modify the website, it's probably a lot easier to just use the Active Directory provider and create a user in AD for the admin if one doesn't already exist.
HTH
We're currently investigating what kind of authentication we want to use for a sharepoint portal site : Forms Authentication or Windows Authentication. The latter has my preference.
What suprised me (I'm a sharepoint noob), is the fact that MS didn't provide a component/web-part that handles account management when using Windows Authentication.
Do you now how to do this? Without resorting to buying an additional product. Shouldn't it be very easy to access the Active Directory by code (C#)?
Windows Authentication
I echo Justin's thoughts regarding AD management. Adding users to your domain also doesn't necessarily have anything to do with adding them to SharePoint. However perhaps there is an IIS add-on that does this if you wish to pursue it.
If you don't already know, SharePoint can automatically import user profiles from your Active Directory domain. This makes them available for assigning permissions within the sites.
Some additional info from Justin's comment about changing the AD structure to administer security: With SharePoint 2007 you no longer need to rely on Active Directory to manage groups of users. It's possible to also use SharePoint groups (which can contain AD users or AD groups). This works really well when you need to create a group for a purpose that isn't applicable outside SharePoint and you don't want to bug the infrastructure team. The downside is that without education, end users probably won't manage this well and it can become a mess.
Forms Authentication
It's true there is very little provided by Microsoft for managing this. However the Community Kit for SharePoint provides this functionality. From memory I had to tweak their code a bit but I was generally happy with it.
If you are considering this option also read this MSDN article.
It's much easier to just use the regular AD management tools provided with Windows rather than trying to manage your users' permissions through a web interface (for groups and such).
...of course you'll need access to make changes to your AD structure to administer the security.
Another alternative you may want to consider is using Forms Authentication using the Active Directory provider. It'll allow you to use the Forms Auth user admin tools and still authenticate against an Active Directory environment.
IF this is for users who are not a part of your actual domain (i.e. extranet users), I suggest you take a look at ADAM, Active Directory in Application Mode. It behaves the same as regular AD, can be administered through the windows.
Also, take a look at the following codeplex project, ADSelfService, it allows users to edit their own AD profiles. Perhaps you can extend the code yourself to allow admins to edit all profiles.
AdSelfService Project
Just need to use find a simple way to have AD authenticate as the login for a Sharepoint site. This fairly quick and simple to get going ?
Thanks!
For SharePoint 2007, see this article. You probably want to set it up to do Windows integrated authentication with NTLM. Getting authentication working is probably not too hard, getting your site setup the way you want with permissions/authorization working probably isn't. Depends on how complex your site is. I wasn't directly involved but I know that it took a few months to get our intranet up and bug free.
One recommendation that I would have is to use AD groups or SharePoint groups that contain AD groups rather than individuals to control access. It's much easier to clean up AD group membership when an individual leaves than to track down all the places where you've given them individual access (including membership in SharePoint groups).
You need your server to be part of the domain before installing SharePoint.
If you do that, the default configuration will be AD authentication.
Here is a decent discussion of SharePoint security links
http://blogs.msdn.com/joelo/archive/2007/06/29/sharepoint-groups-permissions-site-security-and-depreciated-site-groups.aspx
Essentially, you will either need to add users to the appropriate SharePoint group. The defaults for a site are generally xxx_Visitor, xxx_Members and xxx_Owners, with each group having increasing security rights.
You can either add an AD domain to these groups or else add individual AD users