PKI Blog

Authentication in an Ultra-Connected World: Internet of Things

Posted by Ted Shorter on Oct 1, 2015 6:05:00 AM

As PKI practitioners, we’ve been asked the question for years: “What’s the best way to get a digital certificate on _____?” What gets filled into the blank has expanded dramatically over time, however. Ten years ago, certificates landed primarily on what I’d describe as “traditional” IT infrastructure – servers, desktops, laptops, smart cards, RADIUS servers, or VPN concentrators. But since then, things have gotten much more interesting. Handheld scanners. Surgical robots. VOIP phones. Set-top boxes. Cable modems. Even heart monitors and IV pumps.

Read More

Topics: install certificates onto devices, digital certificates, cert, embedded systems, certificate, Microsoft Security Partner, expired digital certificate, Public Key Infrastructure, Certificate Management System (CMS), Industry Trends, Microsoft Public Key Infrastructure, Cisco Internet of Things, embedded certificates, embedded devices, Microsoft PKI, X.509 digital certificates, Internet of Things, IoT, Blog, Internet of Things (IoT), certificate install, BYOD, PKI Assurance

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Posted by CSS Technical Team on Sep 17, 2014 11:11:00 AM

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

Read More

Topics: Infrastructure Management, Industry Trends, SMS, strong authentication, Identity Management, SSPR, OTP, Blog, Self-Service Password Reset, one-time password, FIM 2010 R2, two factor authentication

PCNS Error 6032

Posted by Sami Van Vliet on Sep 8, 2014 9:45:53 AM

Last week a user reported having reset his password, but it hadn’t changed in the connected HR system.

As this is an indication that the Password Change Notification Service (PCNS) wasn't working, I checked the Event Viewer on the Synchronization Engine server. While I saw several Event IDs indicating that heartbeats were being received from the DCs, there were no Event IDs 6903 for the past several hours. 6903 is the event that indicates a password notification was received from PCNS.

Read More

Topics: PCNS, FIM, Identity Management, Blog, Password Synchronization, Password Change Notification Service

ITIL Continual Service Improvement

Posted by Max Szaniawski on Jul 3, 2014 7:22:19 AM

An ITIL implementation in your organization can be confusing. This section explains exactly why we implement ITIL for our services and processes. In Continual Service Improvement (CSI), we have a couple of different models that we need to know - the Seven Step Continual Improvement Model and the Deming Model. Our ultimate goal is to continually improve our services. You may ask…why are we implementing ITIL? Why are we shooting for perfection?

Important keys to success for Continual Service Improvement:

Read More

Topics: Deming Model, GAP Analysis, Continual Service Improvement, IT Security, Microsoft Security Partner, ITIL – Continual Service Improvement, Continual Service Improvement (CSI), Seven Step Continual Improvement Model, TQM, SIX SIGMA, Blog, ITIL

Batch Attribute Updates for Users in Forefront Identity Manager (FIM)

Posted by CSS Technical Team on Jun 25, 2014 11:56:00 AM

A client recently requested the ability to use data in an externally-generated file to perform batch attribute updates for Users in the FIM Service. What made this more complicated than expected was that some of the user attributes, for example Manager, were FIM references.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Forefront Identity Manager (FIM), FIM web service, Identity Management, Microsoft Forefront Identity Manager, Blog, FIM automation, PowerShell

Workplace Join, AD FS 3.0 or OAuth 2.0: Which is Right for You?

Posted by CSS Technical Team on Jun 18, 2014 6:27:00 AM

At first, this question might initially seem like an apples vs. oranges situation. We’ll find out that in some cases it’s not, and that making the best strategic choice for your needs depends on a number of factors.

Read More

Topics: Workplace Join, IT Security, IAM, Microsoft Security Partner, Azure ACS, Microsoft Azure, AD FS 3.0, Identity and Access Management, SAML 2.0, SAML 2.0 via AD FS 3.0, Identity Management, OAuth 2.0, Blog, SaaS, Azure, OAuth, Mobile, BYOD, Windows Azure

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

AD/CS Web Enrollment Delegation

Posted by Wayne Harris on Jun 11, 2014 5:46:29 AM

Have you ever had a problem installing the Active Directory Certificate Services Web Enrollment role feature on a server that is separate from the Certificate Authority?

Read More

Topics: digital certificate, microsoft ca, certificate, IT Security, Microsoft Security Partner, authentication, AD/CS, Public Key Infrastructure, Active Directory Certificate Services (ADCS), web enrollment, Active Directory Certificate Services, CA, AD/CS Web Enrollment Delegation, Blog, Microsoft Certificate Authority

Case Study: Azure Based PKI

Posted by CSS Technical Team on Jun 9, 2014 10:24:18 AM

A leader in the educational software market was developing a custom MDM solution enabling a Bring Your Own Device (BYOD) initiative for the classroom when their developers realized their need for an underlying security and Public Key Infrastructure (PKI). Purchasing individual certificates was out of the question, since their solution required very high certificate volume, and they were reluctant to roll out their own PKI, as reliability and high assurance were key requirements to meet their growing customer base. The customer engaged CSS after realizing that operating a full scale PKI was simply out of their wheelhouse.

Read More

Topics: Managed PKI, IT Security, Microsoft Security Partner, Public Key Infrastructure, Certificate Management System (CMS), PKIaaS, Azure PKI, PKI, PKI as a Service (PKIaaS), Public Key Infrastructure (PKI), Azure Based PKI, PKI as a Service, Blog, Got PKI?

Deleting a Large Number of Objects from the FIM Service with PowerShell

Posted by Sami Van Vliet on Jun 3, 2014 10:49:10 AM

Deleting a large number of objects from the FIM Service can be accomplished in several ways:

Read More

Topics: Delete objects FIM, Forefront Identity Manager, IT Security, Microsoft Security Partner, FIM, FIM PowerShell, Identity Management, Microsoft Forefront Identity Manager, Microsoft FIM, Blog, PowerShell, FIM Service

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?