Secure Identity and PKI Blogs | one-time password

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Posted by CSS Technical Team on Sep 17, 2014 11:11:00 AM

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

0 Comments Click here to read/write comments

Topics: Infrastructure Management, Industry Trends, SMS, strong authentication, Identity Management, SSPR, OTP, Blog, Self-Service Password Reset, one-time password, FIM 2010 R2, two factor authentication

All posts

Posts by Topic

Blog (116)
Microsoft Security Partner (99)
IT Security (80)
PKI (54)
Public Key Infrastructure (38)
Identity Management (29)
Press Releases (28)
Industry Trends (23)
digital certificate (23)
Certificate Management System (CMS) (22)
Active Directory (16)
Cyber Security (15)
Got PKI? (15)
Microsoft FIM (15)
Microsoft Public Key Infrastructure (15)
SCCM (15)
FIM (14)
Internet of Things (IoT) (14)
IoT (14)
Microsoft Forefront Identity Manager (14)
Microsoft System Center (14)
SCEP (14)
BYOD (13)
AD (12)
Desktop Security (12)
Microsoft PKI (12)
Public Key Infrastructure (PKI) (12)
Anti-Malware (11)
Microsoft Active Directory AD (11)
Microsoft Forefront Endpoint Protection (11)
Microsoft SCCM (11)
SCCM 2012 (11)
digital pki (10)
mCMS (10)
Certificate Reporting Tool (9)
Digital Identity Management (9)
Federation (9)
Internet of Things (9)
iOS (9)
Antimalware Protection (8)
Forefront Identity Manager (FIM) (8)
Microsoft Active Directory (8)
Microsoft FEP (8)
PowerShell (8)
apple (8)
Active Directory Rights Management Services (7)
Azure PKI (7)
Infrastructure Management (7)
Microsoft AD (7)
PKI as a Service (PKIaaS) (7)
Simple Certificate Enrollment Protocol (7)
Win7 (7)
digital certificate management (7)
digital certificates (7)
iOS management certificates (7)
iPad (7)
iPhone (7)
mobile certificate (7)
AD RMS (6)
Forefront Identity Manager (6)
IoT Security (6)
SHA-1 (6)
Symantec (6)
System Center 2012 (6)
System Center Configuration Manager (6)
XP End of Life (6)
certificate (6)
expired digital certificate (6)
AD FS (5)
CRT (5)
PKI for IoT (5)
RMS (5)
Root of Trust (5)
SCCM 2007 (5)
SCCM client (5)
SHA-2 (5)
System Center (5)
Virtualization (5)
Windows XP (5)
X.509 digital certificates (5)
embedded certificates (5)
ADFS (4)
Active Directory Federation Services (4)
Azure (4)
ConfigMgr 2012 (4)
Configuration Manager 2012 (4)
Data Protection (4)
FIM 2010 R2 (4)
ITIL (4)
Identity and Access Management (4)
LiveWorx (4)
MDM (4)
Managed PKI (4)
Microsoft Antimalware (4)
Software Products (4)
Windows Azure (4)
consumerization of IT (4)
microsoft ca (4)
AD FS 2.0 (3)
CA (3)
Certificate Reporting Tool (CRT) (3)
Configuration Manager (3)
DIY PKI (3)
Device Security (3)
FEP (3)
FIM 2010 (3)
FIM Service (3)
HSM (3)
Heartbleed (3)
McAfee (3)
Microsoft Azure (3)
Microsoft Exchange (3)
Microsoft Forefront Endpoint Protection Best Pract (3)
Microsoft System Center 2012 (3)
Microsoft-centric infrastructure (3)
Mobile Device Management (3)
OpenSSL (3)
PowerShell script (3)
Rights Management Services (3)
SAML 2.0 (3)
SSL certificate (3)
SSL certificates (3)
SSPR (3)
Secure Hash Algorithm (3)
Self-Service Password Reset (3)
Systems Management (3)
Windows 7 (3)
authentication (3)
blockchain (3)
bring your own device (3)
cert (3)
consumerization (3)
heartbleed bug (3)
iOS 5 (3)
root CA (3)
sccm microsoft (3)
1024 certificate length (2)
4/8/14 (2)
Active Directory Certificate Services (2)
Android (2)
App-V (2)
Application Publishing (2)
Application Virtualization (2)
Certificate SAN (2)
Certificate revocation list (2)
Cloud (2)
DigiCert (2)
Encryption (2)
Events (2)
Exchange Provisioning (2)
FIM Groups (2)
FIM Password reset (2)
FIM PowerShell (2)
FIM Sets (2)
FIM Sync Service (2)
Group Membership (2)
Heartbleed vulnerability (2)
IdM (2)
Identity Federation (2)
IoT Identity Management (2)
MBAM (2)
MD5 hash (2)
MDOP (2)
MIM (2)
Man in the Middle Attack (2)
Microsoft (2)
Microsoft Bitlocker Administration and Monitoring (2)
Microsoft Certificate Authority (2)
Microsoft Desktop Optimization Pack (2)
Microsoft Malware Protection Center (2)
Microsoft SharePoint 2010 (2)
Microsoft System Center Configuration Manager (2)
Microsoft Worldwide Partner Conference (2)
Microsoft and Apple (2)
Migration (2)
News (2)
PCNS (2)
PKI CA (2)
PKI as a Service (2)
PKI management (2)
PKIaaS (2)
ROI PKI (2)
RSA (2)
Rights Management System (2)
Risk and Compliance (2)
Root CA Security (2)
SAML (2)
SAML-P (2)
SHA-3 (2)
SHA1 (2)
SHA2 (2)
SSL vulnerability (2)
Sysctr (2)
System Center Endpoint Protection (2)
ThingWorx (2)
Time Stamping Authority (2)
US-CERT (2)
USMT Builder (2)
USMT XML Builder (2)
User File Settings SCCM 2007 (2)
WPC (2)
Windows7 (2)
blockchain help (2)
blockchain pki (2)
blockchain security (2)
certificate management (2)
certificates (2)
digital certificate length (2)
digital identity (2)
efficient certificate management (2)
expanded compliance and forensic issues (2)
expired certs (2)
expired digital certificates (2)
hack (2)
iOS management services (2)
managed public key infrastructure (2)
migrate SCCM 2012 (2)
mobile certificates (2)
mobile security (2)
private key (2)
two factor authentication (2)
what is blockchain (2)
1024-bit RSA (1)
2-factor authentication (1)
2010 Criteria Based Sets (1)
2017 (1)
64k (1)
ACE (1)
ACL (1)
AD FS 2.0 Federation Server Proxy (1)
AD FS 3.0 (1)
AD FS server (1)
AD RMS Bulk Protection Tool (1)
AD/CS (1)
AD/CS Web Enrollment Delegation (1)
ADD (1)
ADFS 2.0 (1)
ADFS 3.0 (1)
ADRMS (1)
API (1)
Access Control Service (1)
Active Directory (AD) (1)
Active Directory Certificate Services (ADCS) (1)
Active Directory Federation Service (1)
ActiveSync (1)
Adobe Acrobat (1)
Aerospace (1)
AirWatch (1)
AirWatch marketplace (1)
Android 4.0 (1)
Android Ice Cream Sandwich (1)
Android RMS (1)
Android Security flaw (1)
App-V SCCM (1)
App-V and System Center (1)
App-V sequencer (1)
Apple SSL (1)
Apple flaw (1)
Apple’s SSL Flaw (1)
Applications (1)
Apps (1)
Audit (1)
Audit tool (1)
Auditors (1)
Azure ACS (1)
Azure Active Directory (1)
Azure Based PKI (1)
BHold (1)
BHold FIM (1)
Bruce Schneier (1)
Build and Capture Windows 7 (1)
CERT Coordination Center (1)
CRL Monitoring (1)
CRLs (1)
CSS Chief Technology Officer (1)
CTO (1)
Certificate Auto-Enrollment Issuance (1)
Certificate Management System (1)
Certificate Provisioning (1)
Certificate authority (1)
Change Management (1)
Cisco Internet of Things (1)
Claims-based authentication (1)
Cloud Identity Management (1)
Cloud based (1)
Comodo (1)
ConfigMgr (1)
Connected Devices (1)
Continual Service Improvement (1)
Continual Service Improvement (CSI) (1)
Continuous Integration (1)
Core Infrastructure Solutions (1)
Criteria Based Groups (1)
Crypto-agility (1)
Cryptography (1)
Cyber Threats (1)
DART (1)
Data Security (1)
Death Star (1)
Delete objects FIM (1)
Deming Model (1)
Desktop (1)
DigiNotar (1)
DigiNotar PKI (1)
DigiNotar hack (1)
DirSync Tool (1)
Distributed Authorization Reporting Tool (1)
ECC key patent trolling (1)
ECMA (1)
Event Plugin Handlers (1)
Exchange server (1)
FCI (1)
FCIV (1)
FIM 2010 Password Reset Extensions (1)
FIM 2010 R2 Password Reset Extensions (1)
FIM 2010 R2 Upgrade (1)
FIM CM (1)
FIM Client Add-ins and Extensions (1)
FIM Delta Tool (1)
FIM Group Criteria Detecting Empty Attributes (1)
FIM Group Set (1)
FIM LAB Design (1)
FIM Lab (1)
FIM Lab Best Practices (1)
FIM MVA (1)
FIM Metaverse (1)
FIM Multivalued attribute table (1)
FIM Password (1)
FIM Portal (1)
FIM R2 Client Add-ins and Extensions (1)
FIM R2 SSPR Client (1)
FIM SSPR Client (1)
FIM Service Accounts (1)
FIM Service Migration (1)
FIM Service Service (1)
FIM Service migration process (1)
FIM Set Criteria Detecting Empty Attributes (1)
FIM Sync (1)
FIM attributes (1)
FIM automation (1)
FIM extensions (1)
FIM group type changes (1)
FIM production (1)
FIM synchronization (1)
FIM web service (1)
FS (1)
Federation Capable (1)
File Classification Infrastructure (FCI) (1)
File Server Resource Manager (1)
FimDelta (1)
Financial Security (1)
Fog Computing (1)
Forefront Advanced System Toolset (1)
Forefront Unified Access Gateway 2010 (UAG) (1)
Fulfillment and governance tools for IAM (1)
GAP Analysis (1)
GeoTrust (1)
GitHub (1)
GitHub FimDelta (1)
GlobalSign (1)
GoDaddy (1)
Gold Competency (1)
Google Chrome Version 58 (1)
Group Nesting (1)
Groups in FIM (1)
HTTPS (1)
HTTPS Port (1)
Hacking (1)
Hardware Security Module (1)
Healthcare (1)
Heartbleed SSL (1)
Heartbleed android (1)
IAM (1)
IE6 (1)
ILM (1)
INSTALLDIR64 (1)
IT Information Library (1)
IT management (1)
IT onboarding (1)
ITIL Incident Management (1)
ITIL – Continual Service Improvement (1)
Ice Cream Sandwich (1)
IdM capability (1)
Identity & Security (1)
Identity & Security Partner of the Year (1)
Importance of a PKI Heath Check (1)
Incident Management (1)
Information Security (1)
Information Technologoy (1)
Information Technology (1)
Intel (1)
Internet Explorer (1)
Internet Explorer 6 (1)
Internet of Everything (1)
IoT Healthcare (1)
IoT legislation (1)
Issuing CA (1)
Jenkins (1)
Keccak (1)
Kernel memory leaking (1)
Lenovo (1)
Lockheed Martin (1)
MA (1)
MDT (1)
MITM (1)
MMPC (1)
MSDN (1)
MSDN Media (1)
MSO (1)
MV (1)
Mac SSL (1)
Managed Service Offerings (1)
Managed Services (1)
Management (1)
Master Clock (1)
Med-V (1)
Microsoft ADFS (1)
Microsoft Active Directory Federated Services (1)
Microsoft App-V (1)
Microsoft Application Virtualization (1)
Microsoft Bitlocker (1)
Microsoft Checksum Integrity Verifier (1)
Microsoft Exchange 2010 (1)
Microsoft Exchange ActiveSync (1)
Microsoft Generic File Protection Explorer (1)
Microsoft IT Security (1)
Microsoft Identity & Security Partner of the Y (1)
Microsoft Identity Manager (1)
Microsoft MBAM (1)
Microsoft Network Device Enrollment Services (NDES (1)
Microsoft Office365 (1)
Microsoft Partner (1)
Microsoft Partner Awards (1)
Microsoft Partner Network (1)
Microsoft Policy Module (1)
Microsoft RMS (1)
Microsoft SCEP (1)
Microsoft SIP (1)
Microsoft SQL Server (1)
Microsoft Security Advisory (2661254) (1)
Microsoft SharePoint (1)
Microsoft TFS (1)
Microsoft UAG (1)
Microsoft VMM (1)
Microsoft WPC (1)
Microsoft Windows Azure Active Directory (1)
Microsoft baseline image (1)
Microsoft's Forefront Identity Manager (1)
Microsot Azure (1)
Mobile (1)
Mobile Device Hacking (1)
Mozilla (1)
Multivalued attribute table (1)
NDES (1)
NIST (1)
NIST CVE-2014-0160 (1)
NSA (1)
NTP (1)
Network time Protocol (1)
OAuth (1)
OAuth 2.0 (1)
ODKG (1)
OSD (1)
OTP (1)
OWIN (1)
OWIN Open Web Interface for .NET (1)
Office365 (1)
Open Web Interface for .NET (1)
OpenID (1)
Operating System Deployment (1)
PKI Assurance (1)
PKI GlobalSign (1)
PKI HSM (1)
PKI Health (1)
PKI Health Check (1)
PKI Integration (1)
PKI Managed Service (1)
PKI OID (1)
PKI Object Identifiers (1)
PKI deployment (1)
PKI error (1)
PKI for chrome (1)
PKI help (1)
PKI in the Cloud (1)
PKI installation (1)
PKI key (1)
PKI mistakes (1)
PKI vendor (1)
PWUnrecoverableError (1)
Password Change Notification Service (1)
Password Synchronization (1)
Password reset (1)
PlayStation Network (1)
Plugin Handlers (1)
PoC (1)
Pokemon Go (1)
Pokemon Go location tracking (1)
Pokemon Go security (1)
PowerShell SDK (1)
PowerShell migration (1)
Pre-Staging a Distribution Point in System Center (1)
Project Management (1)
Proof of Concept (1)
Provisioning (1)
ROI public key infrastructure (1)
RSA Digital Certificate (1)
RSA Keys (1)
RSA Secure ID tokens (1)
RSA cert length (1)
RSA certificate length (1)
Reference Attributes (1)
Regulatory Compliance (1)
Relying Party trusts (1)
Remote Access (1)
Retail (1)
Role Based Administration (1)
Role Based Security (1)
Root CA Key Signing Ceremony Mistakes (1)
SAML 2.0 via AD FS 3.0 (1)
SAML token (1)
SAP (1)
SCCM Distribution Point (1)
SCEP Server (1)
SCORCH (1)
SCSM (1)
SCVMM (1)
SDLC (1)
SHA-2 Migration (1)
SIM Card Hacking (1)
SIP (1)
SIX SIGMA (1)
SMS (1)
SNTP (1)
SPNS (1)
SQL Server Report Server (1)
SSL PKI (1)
SSL attack (1)
SSL bug (1)
SSPR Client (1)
SWT token (1)
SaaS (1)
Sales Engineering (1)
Samsung (1)
Samsung Galaxy Tab 2 (1)
Samsung email (1)
Samsung security flaw (1)
Securing a root CA (1)
Security Audit (1)
Security Tool (1)
Sets in FIM (1)
Setspn (1)
Setting up a FIM Lab (1)
Seven Step Continual Improvement Model (1)
SharePoint (1)
SharePoint 2010 (1)
Simple Network time Protocol (1)
Software (1)
Software Developer (1)
Software Update Groups (1)
Solution Incentives Program (1)
Sony (1)
Star Wars (1)
Stratum-1 (1)
Stratum-2 (1)
Superfish (1)
Synchronization (1)
System Administrator (1)
System Center 2012 Endpoint Protection (1)
System Center 2012 migration (1)
System Center Configuration Manager 2007 (1)
System Center Configuration Manager 2012 (1)
System Center Orchestrator (1)
System Center migration (1)
T-Mobile SIM Card Hack (1)
TLS Heartbeat Extension (1)
TLS cert (1)
TQM (1)
TSA (1)
Ted Shorter (1)
Thales (1)
Thales e-Security (1)
Thawte (1)
The Ramen (1)
Time Stamp Protocol (1)
Time Stamp Server (1)
Trust (1)
UAG (1)
Unplanned Outages (1)
User Interface (1)
VMM (1)
VSCEP (1)
Validated SCEP (1)
Virtual Machine Manager (1)
Virtualized Applications using System Center Confi (1)
WAAD (1)
WMI (1)
WPC Toronto (1)
Wall Street Journal (1)
Wearables Security (1)
What is PKI (1)
Windows 7 Deployment (1)
Windows 7 Task Sequence SCCM (1)
Windows Azure Active Directory (1)
Windows Azure Active Directory (WAAD) (1)
Windows Azure Service Bus (1)
Windows Server 2012 NDES (1)
Windows security (1)
Workplace Join (1)
apple MITM attack (1)
apple security flaw (1)
apple ssl attack (1)
attribute precedence (1)
blackberry (1)
brand management (1)
brand strength (1)
breach (1)
cert downtime (1)
cert length 2013 (1)
cert management (1)
certificate 2013 (1)
certificate install (1)
certificate remediation (1)
certificate renewal (1)
certificate replacement (1)
certificate research (1)
certificate revocation (1)
certification and remediation (1)
certs (1)
client-side SSL certificates (1)
cloud-based managed public key infrastructure (1)
command line tool (1)
consumer security (1)
data breach (1)
debugging (1)
digital certificate security (1)
digital certificates expire (1)
dynamic groups (1)
embedded devices (1)
embedded encryption (1)
embedded systems (1)
energy iot (1)
expired certificate (1)
expired certificates (1)
find code signing certificates (1)
fulfill (1)
hardware security modules (1)
healthcare IoT (1)
healthcare certificates (1)
healthcare security (1)
heartbleed help (1)
iOS 7 (1)
iOS 7 SSL (1)
iPad security (1)
iPhone security (1)
identity (1)
install certificates onto devices (1)
install path (1)
installation path (1)
issue mobile certificate (1)
manufacturing (1)
migration to SCCM 2012 (1)
mobile carrier hacks (1)
motorola (1)
multifactor authentication (1)
on device key generation (1)
one-time password (1)
pokemon go privacy (1)
private key heartbleed (1)
private key ssl (1)
private keys (1)
private keys vulnerable (1)
privilege escalation attack (1)
public key infrastructure blockchain (1)
renewed (1)
replaced (1)
revoked (1)
secure code signing (1)
secure enrollment (1)
security breach (1)
security token service (STS) (1)
smartcard (1)
smartcard lifecycle (1)
smartcards (1)
smartphone (1)
social engineering (1)
solutions to healthcare systems vulnerabilities (1)
strong authentication (1)
time stamp (1)
time stamped signature (1)
unified access gateway (1)
weakening cryptography (1)
web enrollment (1)
what should a fim lab look like (1)
workflow (1)

see all

PKI Blog

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Recent Posts

Posts by Topic

Subscribe to Email Updates

Want to Learn more about CSS?