MFA for IIS Websites

Microsoft Internet Information Server (IIS) is one of the most popular web servers in the world. Many on-premises web applications, such as Outlook Web Access (OWA), Remote Desktop Web Access (RDWeb), and SharePoint etc, are powered by the IIS server.

DualShield MFA for IIS is a on-premises solution that adds multi-factor authentication to the IIS web server. Once installed and enabled, users who want to access the websites must be authenticated with multi-factors. If allowed, users will be able to select the authentication methods that are preferred and suitable to them.

Key features:

DualShield MFA for IIS is an IIS extension that can be easily installed into the IIS server. Technically, the DualShield IIS Agent adds a SAML protocol handler to the IIS server, which converts an ordinary IIS website into a SAML compatible website. As the result, the website can be easily integrated with the DualShield SSO server that authenticate users with MFA.

DualShield MFA supports direct integration with the Active Directory server. It does not require change to the AD database schema, does not require import from the database and does not require synchronization. Changes made to the Active Directory are immediately effective in DualShield in real time.

DualShield MFA supports the concurrent use of both AD password authentication and a strong 2nd-factor authentication for different users within the domain. The requirement for multi-factor authentication is controlled by a set of polices which can be applied to users, AD groups and OUs. This enables a staged, non-interruptive migration of users to strong authentication when convenient & appropriate.

DualShield MFA provides a set of authentication and access control policies that enable granular administrative access control down to a user, machine, group or unit. For instance, in a circumstance where a user or machine needs to be exempted from two-factor authentication, the network administrator can put the user or machine in the exception list.

DualShield MFA supports an array of two-factor authentication methods for website logon, including:

  • On-Demand Password
    (code by sms, email and call)
  • One-Time Password
    (hardware token & software app)
  • Security Questions
  • Out-of-Band Authentication
    (mobile push authentication)
  • FIDO USB Key
  • Grid Card
  • Device Fingerprint
  • Keystroke Dynamics
  • Face Recognition