Team,
Looking for second level of auth. besides SSO by ADFS 2.0 or 3.0 as Primary auth.
BING gave me option of MFA by Office 365, but we dont want to go with it.
Looking at technet article : http://technet.microsoft.com/en-us/library/dn554247.aspx
Primary Auth can be achieved using:
- Windows Integrated Authentication using Negotiate for Kerberos & NTLM
OR - Forms Authentication using username/passwords
Secondary Auth can that be achieved using Certificate Authentication:
- The certificate must map to the user account in AD DS by either of the following methods:
- The certificate subject name corresponds to the LDAP distinguished name of a user account in AD DS.
- The certificate subject altname extension has the user principal name (UPN) of a user account in AD DS
I guess the article, doesnt clearly states that cert authentication can act as second level of auth.
Team, if it can than the quesiton is what is the procedure to configure and any architecture level overview that clarifies the ports and connectivity mechanism?