Pointsharp MFA User Storage Configuration

Pointsharp MFA User Storage ConfigurationPointsharp multifactor authentication can be integrated with most popular remote access solutions to greatly improve security and provide a higher level of assurance for authenticating remote users. Although DirectAccess and Always On VPN natively provide multifactor authentication using certificates, integrating MFA should be considered standard procedure for any traditional client-based VPN solution.

Pointsharp User Storage

The Pointsharp multifactor authentication (MFA) solution uses an Active Directory Organizational Unit (OU) to store user information. This article will provide guidance for the proper configuration and delegation of the OU to ensure proper Pointsharp MFA operation.

Create the OU

A dedicated OU should be created and the Pointsharp service account delegated full control over the OU prior to configuring the software. To do this, open the Active Directory Users and Computers management console, right-click on the domain and choose New and then Organizational Unit.

Pointsharp MFA User Storage Configuration

Note: The OU does not have to be created at the domain level. It can be created or moved to another OU if desired.

Provide a name for the OU and select the option to Protect container from accidental deletion.

Pointsharp MFA User Storage Configuration

Create a Service Account

Establish a service account for Pointsharp by creating a user with no special privileges or group memberships. The Pointsharp service account does not require administrative rights of any kind. Be sure to use a very long and complex password. Select the options User cannot change password and Password never expires.

Pointsharp MFA User Storage Configuration

Delegate Permissions on the OU

In the Active Directory User and Computers management console, right-click the Pointsharp storage OU and choose Delegate Control….

Pointsharp MFA User Storage Configuration

Click Next, and then click Add to add the Pointsharp service account.

Pointsharp MFA User Storage Configuration

Click Next, then select the option to Create a custom task to delegate.

Pointsharp MFA User Storage Configuration

Click Next twice. In the Permissions window select Full Control. This will automatically select all other options. Click Next and then click Finish.

Pointsharp MFA User Storage Configuration

Once complete, proceed with the configuration of Pointsharp MFA user storage by using the service account credentials and storage OU created previously.

Pointsharp MFA User Storage Configuration

Additional Resources

Configure DirectAccess with One-Time Password (OTP) Authentication

Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: