Access control for publishing deployment guide
Updated: February 1, 2011
Applies To: Unified Access Gateway
Forefront Unified Access Gateway (UAG) provides a gateway for remote employees, mobile workers, partners, and other third-parties to access corporate applications and resources. To help secure applications published through the gateway, Forefront UAG allows you to define which users are allowed to access the applications, and how they will authenticate to Forefront UAG and to the applications. There are a number of different authentication servers you can use to authenticate users to the portal.
About this guide
This guide provides information about deploying mechanisms that verify the identity of remote endpoints that connect to Forefront Unified Access Gateway (UAG) sites, and that control endpoint access to resources published via Forefront UAG.
The guide includes the following topics:
Overview of access control—Describes the mechanisms that Forefront UAG uses to verify the identity of remote endpoints, and how it controls endpoint access to published resources.
Planning to deploy access control mechanisms—Provides a summary of the required planning and prerequisite tasks before beginning deployment.
Implementing frontend authentication—Describes deployment steps and procedures for configuring trunk authentication.
Implementing backend authentication mechanisms—Describes deployment steps and procedures for forwarding credentials supplied during trunk authentication to backend published applications.
Implementing cross-site single sign-on─Describes the steps required to allow users to access multiple Forefront UAG sites using a single set of authentication credentials.
Implementing access policies for endpoint health validation─Describes how to configure Forefront UAG access policies, and Network Access Protection (NAP) policies.
Implementing users and groups for application authorization—Describes how to create users and groups that can be used to control granular access to specific portal applications.
Implementing certified endpoints─Describes how to deploy client certificates to certified endpoints.