AD fs 中設定額外的驗證方法Configure Additional Authentication Methods for AD FS

適用於:Windows Server 2016、Windows Server 2012 R2Applies To: Windows Server 2016, Windows Server 2012 R2

為了讓多因素驗證 (MFA),您必須選取至少一個額外的驗證方法。In order to enable multi-factor authentication (MFA), you must select at least one additional authentication method. 根據預設,在 Windows Server 2012 R2 的 Active Directory 同盟 Services (AD FS) 在您可以選取憑證驗證(亦即,智慧卡架構的驗證)做為額外的驗證方法。By default, in Active Directory Federation Services (AD FS) in Windows Server 2012 R2, you can select Certificate Authentication (in other words, smart card-based authentication) as an additional authentication method.

注意

如果您選擇憑證驗證,確保的智慧卡憑證已確實提供,而且有釘選的需求。If you select Certificate Authentication, ensure that the smart card certificates have been provisioned securely and have pin requirements.

|-|-| ||您知道,Microsoft Azure 會提供類似在雲端中的功能嗎?|-|-| ||Did you know that Microsoft Azure provides similar functionality in the cloud? 深入了解Microsoft Azure 的身分方案Learn more about Microsoft Azure identity solutions.

Microsoft Azure 建立混合式身分方案:Create a hybrid identity solution in Microsoft Azure:
- 深入了解 Azure 多因素驗證。- Learn about Azure Multi-Factor Authentication.
- 管理適用於單一樹系混合式環境使用雲端驗證身分。- Manage identities for single-forest hybrid environments using cloud authentication.
- [管理其他多因素驗證敏感的應用程式的風險。|- Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications.|

Microsoft 和第三方額外的驗證方法Microsoft and third-party additional authentication methods

您也可以設定,並讓 Microsoft 和第三方驗證方法 AD FS 在 Windows Server 2012 R2。You can also configure and enable Microsoft and third-party authentication methods in AD FS in Windows Server 2012 R2. 安裝和使用廣告 FS 註冊之後, 您可以執行 MFA 全球或每個--信賴驗證原則的一部分。Once installed and registered with AD FS, you can enforce MFA as part of the global or per-relying-party authentication policy.

以下是 Microsoft 和第三方提供者 MFA 方案的字母清單目前可在 Windows Server 2012 R2 AD fs。Below is an alphabetical list of Microsoft and third-party providers with MFA offerings currently available for AD FS in Windows Server 2012 R2.

提供者Provider 提供Offering 連結,以了解更多Link to learn more
GemaltoGemalto Gemalto 身分和安全性服務Gemalto Identity & Security Services http://www.gemalto.com/identityhttp://www.gemalto.com/identity
inWebo 技術inWebo Technologies inWebo 驗證企業服務inWebo Enterprise Authentication service inWebo 企業驗證inWebo Enterprise Authentication
登入連絡人Login People 登入人 MFA API 連接器 ad FS 2012 R2(公用搶鮮版)Login People MFA API connector for AD FS 2012 R2 (public beta) https://www.loginpeople.comhttps://www.loginpeople.com
Microsoft Corp.Microsoft Corp. Microsoft Azure MFAMicrosoft Azure MFA 逐步解說指南:管理敏感的應用程式與其他多因素驗證風險(看到執行「步驟 3)Walkthrough Guide: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications (see step 3)
RSA,EMC 的安全性區域RSA, The Security Division of EMC Microsoft Active Directory 同盟服務的 RSA SecurID 驗證代理程式RSA SecurID Authentication Agent for Microsoft Active Directory Federation Services Microsoft Active Directory 同盟服務的 RSA SecurID 驗證代理程式RSA SecurID Authentication Agent for Microsoft Active Directory Federation Services
SafeNet,Inc.SafeNet, Inc. AD fs SafeNet 驗證服務 (SAS) 代理程式SafeNet Authentication Service (SAS) Agent for AD FS SafeNet 驗證服務:AD FS 代理設定指南SafeNet Authentication Service: AD FS Agent Configuration Guide
SwisscomSwisscom 行動裝置版 ID 驗證服務和特徵碼服務Mobile ID Authentication Service and Signature Services 行動裝置版 ID 驗證服務Mobile ID Authentication Service
SymantecSymantec Symantec 驗證和 ID Protection Service (VIP)Symantec Validation and ID Protection Service (VIP) Symantec 驗證和 ID Protection Service (VIP)Symantec Validation and ID Protection Service (VIP)

在 Windows Server 2012 R2 AD FS 自訂的驗證方法Custom Authentication Method for AD FS in Windows Server 2012 R2

現在,我們會提供 AD FS 在 Windows Server 2012 R2 建置您自己的自訂的驗證方法的指示操作。We now provide instructions for building your own custom authentication method for AD FS in Windows Server 2012 R2. 如需詳細資訊,請查看適用於在 Windows Server 2012 R2 AD FS 建置自訂驗證方法For more information, see Build a Custom Authentication Method for AD FS in Windows Server 2012 R2.

也了See Also

管理其他多因素驗證敏感的應用程式的風險Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications