Identity Management In SharePoint 2013

When it comes to an information security, using an authenticated platform is a must need for any organisation. And so SharePoint 2013 a robust platform provides seamless security capability as the user’s identity is verified by user authentication which is a process by a set of permission assigned to it. Hence whenever a user requests to access a SharePoint web application there are several methods SharePoint 2013 supports to user authentication process like, windows claims, SAML (Security Assertion Markup Language) claims, and forms based authentication claims.

The improvised claim infrastructure includes new distributed cache services and seamless migration from classic mode to windows based claim mode which can be run against content database as well as web application.

Enhanced login supports of SharePoint 2013 help troubleshooting authentication issues with,

  • Categorized claims for logs for each authentication mode.
  • Information for add/remove FedAuth cookies from distributed cache services.
  • FedAuth cookie expiration or failure related information.
  • Authentication request redirection related information.
  • Information about failure of user migration according to site collection.

Besides, SharePoint 2013 allows server-server authentication protocol using OAuth .However it also provides dedicated STS (security token service) for cross-server authenticated access. User identity claims can be used to lookup the user’s identity provider however to make server-to-server possible, a trust establishment needs to be done between the local STS and other server-to-server compliant services like Exchange Server 2013, Lync Server 2013 server-to-server STS. To enable cross-server communications in online services, an ACS (Windows Azure Access Control Service) required as a trust broker.

Moreover SharePoint 2013 uses OAuth 2.0 for App authentication to authorize user requests by apps in the SharePoint Store and App Catalog. E.g. If a user has installed an app from the SharePoint Store now OAuth verify an attempt made by user and assert that the app can act on behalf of an authenticated user where ACS (Windows Azure) acts as the app identity provider however it also can be used without ACS. Hence it verifies if an authenticated app has permission to perform a defined operation or to access a specified resource.

Please contact us today to know how we can help you further. You may also drop your inquires at info@bitscape.com