Secure Identity and PKI Blogs | one-time password

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Posted by CSS Technical Team on Sep 17, 2014 11:11:00 AM

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

0 Comments Click here to read/write comments

Topics: Infrastructure Management, Industry Trends, SMS, strong authentication, Identity Management, SSPR, OTP, Blog, Self-Service Password Reset, one-time password, FIM 2010 R2, two factor authentication

All posts

Posts by Topic

Blog (117)
Microsoft Security Partner (100)
IT Security (80)
PKI (47)
Public Key Infrastructure (31)
Identity Management (29)
Press Releases (28)
Industry Trends (24)
digital certificate (23)
Certificate Management System (CMS) (21)
Active Directory (16)
Cyber Security (15)
Got PKI? (15)
Microsoft FIM (15)
Microsoft Public Key Infrastructure (15)
SCCM (15)
FIM (14)
Microsoft Forefront Identity Manager (14)
Microsoft System Center (14)
SCEP (14)
BYOD (13)
AD (12)
Desktop Security (12)
Microsoft PKI (12)
Anti-Malware (11)
Microsoft Active Directory AD (11)
Microsoft Forefront Endpoint Protection (11)
Microsoft SCCM (11)
SCCM 2012 (11)
IoT (10)
Public Key Infrastructure (PKI) (10)
digital pki (10)
mCMS (10)
Federation (9)
Internet of Things (IoT) (9)
iOS (9)
Antimalware Protection (8)
Certificate Reporting Tool (8)
Forefront Identity Manager (FIM) (8)
Microsoft Active Directory (8)
Microsoft FEP (8)
apple (8)
Active Directory Rights Management Services (7)
Azure PKI (7)
Digital Identity Management (7)
Infrastructure Management (7)
Internet of Things (7)
Microsoft AD (7)
PKI as a Service (PKIaaS) (7)
PowerShell (7)
Simple Certificate Enrollment Protocol (7)
Win7 (7)
digital certificates (7)
iOS management certificates (7)
iPad (7)
iPhone (7)
mobile certificate (7)
AD RMS (6)
Forefront Identity Manager (6)
SHA-1 (6)
System Center 2012 (6)
System Center Configuration Manager (6)
Virtualization (6)
XP End of Life (6)
certificate (6)
expired digital certificate (6)
AD FS (5)
CRT (5)
PKI for IoT (5)
RMS (5)
SCCM 2007 (5)
SCCM client (5)
SHA-2 (5)
Symantec (5)
System Center (5)
Windows XP (5)
embedded certificates (5)
ADFS (4)
Active Directory Federation Services (4)
Azure (4)
ConfigMgr 2012 (4)
Configuration Manager 2012 (4)
Data Protection (4)
FIM 2010 R2 (4)
ITIL (4)
Identity and Access Management (4)
IoT Security (4)
MDM (4)
Microsoft Antimalware (4)
Root of Trust (4)
Software Products (4)
Windows 7 (4)
Windows Azure (4)
X.509 digital certificates (4)
consumerization of IT (4)
digital certificate management (4)
microsoft ca (4)
AD FS 2.0 (3)
CA (3)
Certificate Reporting Tool (CRT) (3)
Configuration Manager (3)
Device Security (3)
FEP (3)
FIM 2010 (3)
FIM Service (3)
Heartbleed (3)
McAfee (3)
Microsoft Azure (3)
Microsoft Exchange (3)
Microsoft Forefront Endpoint Protection Best Pract (3)
Microsoft System Center 2012 (3)
Microsoft-centric infrastructure (3)
Mobile Device Management (3)
OpenSSL (3)
PowerShell script (3)
Rights Management Services (3)
SAML 2.0 (3)
SSL certificate (3)
SSPR (3)
Secure Hash Algorithm (3)
Self-Service Password Reset (3)
Systems Management (3)
authentication (3)
blockchain (3)
bring your own device (3)
cert (3)
consumerization (3)
heartbleed bug (3)
iOS 5 (3)
root CA (3)
sccm microsoft (3)
1024 certificate length (2)
4/8/14 (2)
Active Directory Certificate Services (2)
Android (2)
App-V (2)
Application Publishing (2)
Application Virtualization (2)
Certificate SAN (2)
Certificate revocation list (2)
Cloud (2)
DIY PKI (2)
Encryption (2)
Events (2)
Exchange Provisioning (2)
FIM Groups (2)
FIM Password reset (2)
FIM PowerShell (2)
FIM Sets (2)
FIM Sync Service (2)
Group Membership (2)
Heartbleed vulnerability (2)
IdM (2)
Identity Federation (2)
MBAM (2)
MD5 hash (2)
MDOP (2)
MIM (2)
Man in the Middle Attack (2)
Microsoft (2)
Microsoft Bitlocker Administration and Monitoring (2)
Microsoft Certificate Authority (2)
Microsoft Desktop Optimization Pack (2)
Microsoft Malware Protection Center (2)
Microsoft SharePoint 2010 (2)
Microsoft System Center Configuration Manager (2)
Microsoft Worldwide Partner Conference (2)
Microsoft and Apple (2)
Migration (2)
News (2)
PCNS (2)
PKI CA (2)
PKI as a Service (2)
PKIaaS (2)
RSA (2)
Rights Management System (2)
Risk and Compliance (2)
Root CA Security (2)
SAML (2)
SAML-P (2)
SHA-3 (2)
SHA1 (2)
SHA2 (2)
SSL certificates (2)
SSL vulnerability (2)
Sysctr (2)
System Center Endpoint Protection (2)
Time Stamping Authority (2)
US-CERT (2)
USMT Builder (2)
USMT XML Builder (2)
User File Settings SCCM 2007 (2)
WPC (2)
Windows7 (2)
blockchain help (2)
blockchain pki (2)
blockchain security (2)
certificate management (2)
certificates (2)
digital certificate length (2)
digital identity (2)
expanded compliance and forensic issues (2)
expired certs (2)
hack (2)
iOS management services (2)
migrate SCCM 2012 (2)
mobile certificates (2)
mobile security (2)
private key (2)
two factor authentication (2)
what is blockchain (2)
1024-bit RSA (1)
2-factor authentication (1)
2010 Criteria Based Sets (1)
2017 (1)
64k (1)
ACE (1)
ACL (1)
AD FS 2.0 Federation Server Proxy (1)
AD FS 3.0 (1)
AD FS server (1)
AD RMS Bulk Protection Tool (1)
AD/CS (1)
AD/CS Web Enrollment Delegation (1)
ADD (1)
ADFS 2.0 (1)
ADFS 3.0 (1)
ADRMS (1)
Access Control Service (1)
Active Directory (AD) (1)
Active Directory Certificate Services (ADCS) (1)
Active Directory Federation Service (1)
ActiveSync (1)
Adobe Acrobat (1)
Aerospace (1)
AirWatch (1)
AirWatch marketplace (1)
Android 4.0 (1)
Android Ice Cream Sandwich (1)
Android RMS (1)
Android Security flaw (1)
App-V SCCM (1)
App-V and System Center (1)
App-V sequencer (1)
Apple SSL (1)
Apple flaw (1)
Apple’s SSL Flaw (1)
Applications (1)
Apps (1)
Audit (1)
Audit tool (1)
Auditors (1)
Azure ACS (1)
Azure Active Directory (1)
Azure Based PKI (1)
BHold (1)
BHold FIM (1)
Bruce Schneier (1)
Build and Capture Windows 7 (1)
CERT Coordination Center (1)
CRL Monitoring (1)
CRLs (1)
CSS Chief Technology Officer (1)
CTO (1)
Certificate Auto-Enrollment Issuance (1)
Certificate Provisioning (1)
Certificate authority (1)
Change Management (1)
Cisco Internet of Things (1)
Claims-based authentication (1)
Cloud Identity Management (1)
Cloud based (1)
Comodo (1)
ConfigMgr (1)
Continual Service Improvement (1)
Continual Service Improvement (CSI) (1)
Continuous Integration (1)
Core Infrastructure Solutions (1)
Criteria Based Groups (1)
Cyber Threats (1)
DART (1)
Data Security (1)
Death Star (1)
Delete objects FIM (1)
Deming Model (1)
Desktop (1)
DigiCert (1)
DigiNotar (1)
DigiNotar PKI (1)
DigiNotar hack (1)
DirSync Tool (1)
Distributed Authorization Reporting Tool (1)
ECC key patent trolling (1)
ECMA (1)
Event Plugin Handlers (1)
Exchange server (1)
FCI (1)
FCIV (1)
FIM 2010 Password Reset Extensions (1)
FIM 2010 R2 Password Reset Extensions (1)
FIM 2010 R2 Upgrade (1)
FIM CM (1)
FIM Client Add-ins and Extensions (1)
FIM Delta Tool (1)
FIM Group Criteria Detecting Empty Attributes (1)
FIM Group Set (1)
FIM LAB Design (1)
FIM Lab (1)
FIM Lab Best Practices (1)
FIM MVA (1)
FIM Metaverse (1)
FIM Multivalued attribute table (1)
FIM Password (1)
FIM Portal (1)
FIM R2 Client Add-ins and Extensions (1)
FIM R2 SSPR Client (1)
FIM SSPR Client (1)
FIM Service Accounts (1)
FIM Service Migration (1)
FIM Service Service (1)
FIM Service migration process (1)
FIM Set Criteria Detecting Empty Attributes (1)
FIM Sync (1)
FIM attributes (1)
FIM automation (1)
FIM extensions (1)
FIM group type changes (1)
FIM production (1)
FIM synchronization (1)
FIM web service (1)
FS (1)
Federation Capable (1)
File Classification Infrastructure (FCI) (1)
File Server Resource Manager (1)
FimDelta (1)
Financial Security (1)
Fog Computing (1)
Forefront Advanced System Toolset (1)
Forefront Unified Access Gateway 2010 (UAG) (1)
Fulfillment and governance tools for IAM (1)
GAP Analysis (1)
GitHub (1)
GitHub FimDelta (1)
GlobalSign (1)
GoDaddy (1)
Gold Competency (1)
Google Chrome Version 58 (1)
Group Nesting (1)
Groups in FIM (1)
HSM (1)
HTTPS (1)
HTTPS Port (1)
Hacking (1)
Healthcare (1)
Heartbleed SSL (1)
Heartbleed android (1)
IAM (1)
IE6 (1)
ILM (1)
INSTALLDIR64 (1)
IT Information Library (1)
IT management (1)
IT onboarding (1)
ITIL Incident Management (1)
ITIL – Continual Service Improvement (1)
Ice Cream Sandwich (1)
IdM capability (1)
Identity & Security (1)
Identity & Security Partner of the Year (1)
Importance of a PKI Heath Check (1)
Incident Management (1)
Information Security (1)
Information Technologoy (1)
Information Technology (1)
Internet Explorer (1)
Internet Explorer 6 (1)
Internet of Everything (1)
IoT Healthcare (1)
IoT Identity Management (1)
Issuing CA (1)
Jenkins (1)
Keccak (1)
Lenovo (1)
Lockheed Martin (1)
MA (1)
MDT (1)
MITM (1)
MMPC (1)
MSDN (1)
MSDN Media (1)
MSO (1)
MV (1)
Mac SSL (1)
Managed PKI (1)
Managed Service Offerings (1)
Managed Services (1)
Management (1)
Master Clock (1)
Med-V (1)
Microsoft ADFS (1)
Microsoft Active Directory Federated Services (1)
Microsoft App-V (1)
Microsoft Application Virtualization (1)
Microsoft Bitlocker (1)
Microsoft Checksum Integrity Verifier (1)
Microsoft Exchange 2010 (1)
Microsoft Exchange ActiveSync (1)
Microsoft Generic File Protection Explorer (1)
Microsoft IE6 (1)
Microsoft IE9 (1)
Microsoft IT Security (1)
Microsoft Identity & Security Partner of the Y (1)
Microsoft Identity Manager (1)
Microsoft MBAM (1)
Microsoft Network Device Enrollment Services (NDES (1)
Microsoft Office365 (1)
Microsoft Partner (1)
Microsoft Partner Awards (1)
Microsoft Partner Network (1)
Microsoft RMS (1)
Microsoft SCEP (1)
Microsoft SIP (1)
Microsoft Security Advisory (2661254) (1)
Microsoft SharePoint (1)
Microsoft TFS (1)
Microsoft UAG (1)
Microsoft VMM (1)
Microsoft WPC (1)
Microsoft Windows Azure Active Directory (1)
Microsoft baseline image (1)
Microsoft's Forefront Identity Manager (1)
Microsot Azure (1)
Mobile (1)
Mobile Device Hacking (1)
Mozilla (1)
Multivalued attribute table (1)
NDES (1)
NIST (1)
NIST CVE-2014-0160 (1)
NSA (1)
NTP (1)
Network time Protocol (1)
OAuth (1)
OAuth 2.0 (1)
ODKG (1)
OSD (1)
OTP (1)
OWIN (1)
OWIN Open Web Interface for .NET (1)
Office365 (1)
Open Web Interface for .NET (1)
OpenID (1)
Operating System Deployment (1)
PKI Assurance (1)
PKI GlobalSign (1)
PKI Health (1)
PKI Health Check (1)
PKI Integration (1)
PKI Managed Service (1)
PKI OID (1)
PKI Object Identifiers (1)
PKI deployment (1)
PKI error (1)
PKI for chrome (1)
PKI help (1)
PKI in the Cloud (1)
PKI installation (1)
PKI key (1)
PKI mistakes (1)
PKI vendor (1)
PWUnrecoverableError (1)
Password Change Notification Service (1)
Password Synchronization (1)
Password reset (1)
PlayStation Network (1)
Plugin Handlers (1)
PoC (1)
Pokemon Go (1)
Pokemon Go location tracking (1)
Pokemon Go security (1)
PonTovia (1)
PowerShell migration (1)
Pre-Staging a Distribution Point in System Center (1)
Project Management (1)
Proof of Concept (1)
Provisioning (1)
RSA Digital Certificate (1)
RSA Keys (1)
RSA Secure ID tokens (1)
RSA cert length (1)
RSA certificate length (1)
Reference Attributes (1)
Regulatory Compliance (1)
Relying Party trusts (1)
Remote Access (1)
Retail (1)
Role Based Administration (1)
Role Based Security (1)
Root CA Key Signing Ceremony Mistakes (1)
SAML 2.0 via AD FS 3.0 (1)
SAML token (1)
SAP (1)
SCCM Distribution Point (1)
SCEP Server (1)
SCORCH (1)
SCSM (1)
SCVMM (1)
SDLC (1)
SHA-2 Migration (1)
SIM Card Hacking (1)
SIP (1)
SIX SIGMA (1)
SMS (1)
SNTP (1)
SPNS (1)
SSL PKI (1)
SSL attack (1)
SSL bug (1)
SSPR Client (1)
SWT token (1)
SaaS (1)
Sales Engineering (1)
Samsung (1)
Samsung Galaxy Tab 2 (1)
Samsung email (1)
Samsung security flaw (1)
Securing a root CA (1)
Security Audit (1)
Security Tool (1)
Sets in FIM (1)
Setspn (1)
Setting up a FIM Lab (1)
Seven Step Continual Improvement Model (1)
SharePoint (1)
SharePoint 2010 (1)
Simple Network time Protocol (1)
Software (1)
Software Developer (1)
Software Update Groups (1)
Solution Incentives Program (1)
Sony (1)
Star Wars (1)
Stratum-1 (1)
Stratum-2 (1)
Superfish (1)
Synchronization (1)
System Administrator (1)
System Center 2012 Endpoint Protection (1)
System Center 2012 migration (1)
System Center Configuration Manager 2007 (1)
System Center Configuration Manager 2012 (1)
System Center Orchestrator (1)
System Center migration (1)
T-Mobile SIM Card Hack (1)
TLS Heartbeat Extension (1)
TLS cert (1)
TQM (1)
TSA (1)
Ted Shorter (1)
Thales (1)
Thales e-Security (1)
The Ramen (1)
ThingWorx (1)
Time Stamp Protocol (1)
Time Stamp Server (1)
Trust (1)
UAG (1)
Unplanned Outages (1)
VMM (1)
VMWare (1)
VSCEP (1)
Validated SCEP (1)
Virtual Machine Manager (1)
Virtualized Applications using System Center Confi (1)
WAAD (1)
WMI (1)
WPC Toronto (1)
Wall Street Journal (1)
Wearables Security (1)
What is PKI (1)
Windows 7 Deployment (1)
Windows 7 Task Sequence SCCM (1)
Windows Azure Active Directory (1)
Windows Azure Active Directory (WAAD) (1)
Windows Azure Service Bus (1)
Windows Server 2012 NDES (1)
Windows security (1)
Workplace Join (1)
apple MITM attack (1)
apple security flaw (1)
apple ssl attack (1)
attribute precedence (1)
blackberry (1)
brand management (1)
brand strength (1)
breach (1)
cert downtime (1)
cert length 2013 (1)
cert management (1)
certificate 2013 (1)
certificate install (1)
certificate remediation (1)
certificate renewal (1)
certificate replacement (1)
certificate research (1)
certificate revocation (1)
certification and remediation (1)
certs (1)
client-side SSL certificates (1)
command line tool (1)
consumer security (1)
data breach (1)
debugging (1)
digital certificate security (1)
digital certificates expire (1)
dynamic groups (1)
embedded devices (1)
embedded encryption (1)
embedded systems (1)
energy iot (1)
expired certificate (1)
expired certificates (1)
expired digital certificates (1)
fulfill (1)
hardware security modules (1)
healthcare IoT (1)
healthcare certificates (1)
healthcare security (1)
heartbleed help (1)
iOS 7 (1)
iOS 7 SSL (1)
iPad security (1)
iPhone security (1)
identity (1)
ie6countdown.com (1)
install certificates onto devices (1)
install path (1)
installation path (1)
issue mobile certificate (1)
manufacturing (1)
migration to SCCM 2012 (1)
mobile carrier hacks (1)
motorola (1)
multifactor authentication (1)
on device key generation (1)
one-time password (1)
pokemon go privacy (1)
private key heartbleed (1)
private key ssl (1)
private keys (1)
private keys vulnerable (1)
privilege escalation attack (1)
public key infrastructure blockchain (1)
renewed (1)
replaced (1)
revoked (1)
secure enrollment (1)
security breach (1)
security token service (STS) (1)
smartcard (1)
smartcard lifecycle (1)
smartcards (1)
smartphone (1)
social engineering (1)
solutions to healthcare systems vulnerabilities (1)
strong authentication (1)
time stamp (1)
time stamped signature (1)
unified access gateway (1)
web enrollment (1)
what should a fim lab look like (1)
workflow (1)

see all

PKI Blog

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Recent Posts

Posts by Topic

Want to Learn more about CSS?