About two-factor authentication

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Two-factor authentication provides improved security because it requires the user to meet two authentication criteria: a user name/password combination and a token or certificate, known as something you have, something you know. Forefront TMG supports two-factor authentication in these scenarios:

  • The user has a certificate.

  • The user has a SecurID token that provides a passcode.

  • The user has a one-time password token that provides a passcode.

A typical example of two-factor authentication with a certificate is the use of a smart card. The smart card contains the certificate, which Forefront TMG can validate against a server that contains the user and certificate information. By comparing the user information (user name and password) to the certificate provided, the server validates the credentials, and Forefront TMG authenticates the user.

Important

Two-factor authentication using a client certificate is not supported for Forefront TMG deployment in a workgroup.

Concepts

About authentication in Web publishing