Applies To: Windows Server 2008
Establishing a valid user of information or resources in your environment requires that the user be able to provide two pieces of information to your network: identification and proof of identity. The technologies that support users in providing these essential pieces of information are described in the following sections.
Windows authentication includes components that verify the identity of an object or user in a Windows environment. This page links to technical documentation about authentication protocols, Windows authentication packages, smart cards, and interactive logon.
Central Identity Store
Active Directory Domain Services (AD DS) is a secure, highly available, distributed central identity store that is tightly integrated with Windows Server 2008. AD DS serves as the focal point for managing and administrating user accounts, authentication, security policies, and organizational resources such as computers, printers, and servers.
Identity Lifecycle Manager (ILM) 2007 enables IT organizations to reduce the cost of managing the identity and access lifecycle by providing a single view of a user's identity across the heterogeneous enterprise and through the automation of common tasks. ILM 2007 builds on the metadirectory and user provisioning capabilities in Microsoft Identity Integration Server (MIIS) 2003 and adds new capabilities for managing strong credentials such as smart cards with Certificate Lifecycle Manager (CLM) 2007. ILM 2007 provides an integrated approach that pulls together metadirectory, certificate and password management, and user provisioning across Windows and other enterprise systems.
Active Directory Federation Services (AD FS) extends the ability to use single sign-on (SSO) functionality that is available within a single security or enterprise boundary to Internet-facing applications so that your customers, partners, and suppliers can have a streamlined user experience while accessing Web-based applications.
A one-time password (OTP) authentication solution can be implemented with computers running the Windows 7 or Windows Server 2008 R2 operating systems to require two-factor authentication with remote access technologies such as DirectAccess.