Publishing SharePoint with ISA 2006 and 2 factor authentication

ISA 2006 provides some great new capabilities for user authentication. Find more info on ISA at the following link https://www.microsoft.com/isa.

On one of my recent projects I had to publish SharePoint Portal to Internet based users. The information on the portal is very sensitive and customer has made a decision to require two factor authentication. The original proposal was to allow users to VPN into network with Smart Card, go through quarantine and then access SharePoint portal. While it is valid solution, I felt that it is not the most efficient way to provide access to the portal.

In turn, I have decided to use ISA 2006 SharePoint publishing functionality and its ability to authenticate users with certificates and form-based authentication (FBA). In this configuration users type URL for SharePoint site, they are asked to choose certificate and after entering the pin they are presented with FBA form asking for user name and password. It takes less then one minute to log into portal and it works super fast. ISA 2006 FBA has new cool functionality - password change. Now users can change their passwords via ISA 2006 FBA without ever logging into internal corporate network.

In my solution each user have been issued USB based smart card token that allows them to authenticate against ISA 2006. In the next phase of the project we are going to deploy Certificate Lifecycle Manager (CLM) to manage all of those tokens and certificates that they have been issued with.