Authentication methods supported by windows server 2016

Active Directory Federation Service for Windows Server 2016 (Recommended learning: web front-end video tutorial)

Active Directory Federation Service provides access control and single sign-on across a variety of applications including Office 365, cloud-based SaaS applications and applications on the enterprise network.

For IT organizations, it can provide login and access control for modern and traditional applications on-premises and in the cloud, based on the same set of credentials and policies.

For users, it provides seamless login using the same familiar account credentials.

For developers, it provides an easy way to authenticate users whose identities are located in your organization's directory so you can focus on your work on applications, without authenticating or identity.

Eliminating Passwords from Extranet

AD FS 2016 enables three new options for going passwordless, allowing organizations to avoid cyber risks from login breaches from being scammed, leaked, or compromised. Stolen password.

Login using Azure Multi-Factor Authentication

AD FS 2016 Based on the AD FS feature in Windows Server 2012 R2 based on Multi-Factor Authentication (MFA), thereby using only the Azure MFA code without entering the user Log in with name and password.

With the primary authentication method of Azure MFA, the user is prompted for their username and OTP code from the Azure Authenticator application.

Using Azure MFA's secondary or other authentication method, the user will see the text of the prompt if they provide primary authentication credentials (using Windows Integrated Authentication, username and password, smart card, or user or device certificate) , Voice or OTP based on Azure MFA login.

Installing and configuring Azure MFA with AD FS has never been easier with the new built-in Azure MFA adapter.

Organizations can take full advantage of Azure MFA without the need for an on-premises Azure MFA server.

Azure MFA can be configured as part of an intranet or extranet or any access control policy.

Sign in with Windows Hello for Business

Windows 10 devices introduce Windows Hello and Windows Hello for Enterprise, and the user's password is replaced by a user protected by strong device binding user credentials gestures (biometric gestures such as PIN, fingerprint or facial recognition). AD FS 2016 supports these new Windows 10 features, allowing users to log in to AD FS applications from an intranet or extranet without providing a password.

The above is the detailed content of Authentication methods supported by windows server 2016. For more information, please follow other related articles on the PHP Chinese website!