I recently hosted a webinar on certificate-based authentication for users, machines, and devices. I talked about the need for stronger authentication methods and why certificates are a great option and ended with an example deployment scenario using an Active Directory (AD) integration. Several people had questions about the integration and I didn't have a chance to cover them all during the broadcast, so I thought I'd answer some of them here.
How does an AD Integration work and why would I use one?
Our AD integration, the Auto Enrollment Gateway , is a software service that acts as a connector between our SaaS certificate services and an organization's Windows environment. In a nutshell, it basically takes the place of running an on-premise Certificate Authority (e.g., Microsoft CA). Administrators dictate which users and machines are allowed which types of certificates using AD Group Policies, but instead of requesting the certificates from an internal CA, the requests are sent to GlobalSign. This way you get all the benefits of Microsoft Certificate Services (e.g., auto enrollment, silent installs) without the need to manage a CA internally.
How can certificates be deployed to external users not part of the Active Directory network?
External users who are not part of the AD network could still leverage the CEP/CES services that AEG is based upon to enroll certificates. CES, specifically, is a web service that allows users and computers to perform certificate enrollment by using the HTTPS protocol. Alternatively, AEG also supports a manual enrollment portal where clients can request certificates through a web-based enrollment.
Other questions addressed during the live webinar:
- Can the certificates be installed on USB tokens?
- What kind of devices are supported?
- Is this type of solution cost-effective for a network of 150 users?
- Will the solution work with Cisco ASA 5500?
- Can you use the solution to authenticate to web applications?
Get the answers and learn more about why you should adopt stronger means of authentication, the benefits of using a certificate-based solution, and your deployment options by watching the full webinar . If you have any other questions about our Active Directory integration, or about certificate-based authentication in general, shoot us an email or let us know in the comments!