Forefront Unified Access Gateway (UAG) provides a gateway for remote employees, mobile workers, partners, and other third-parties to access corporate applications and resources. To help secure applications published through the gateway, Forefront UAG allows you to define which users are allowed to access the applications, and how they will authenticate to Forefront UAG and to the applications. There are a number of different authentication servers you can use to authenticate users to the portal.
About this guide
This guide provides information about deploying mechanisms that verify the identity of remote endpoints that connect to Forefront Unified Access Gateway (UAG) sites, and that control endpoint access to resources published via Forefront UAG.
The guide includes the following topics:
- Overview of access
control—Describes the mechanisms that Forefront UAG uses to
verify the identity of remote endpoints, and how it controls
endpoint access to published resources.
- Planning to deploy
access control mechanisms—Provides a summary of the required
planning and prerequisite tasks before beginning deployment.
- Implementing frontend
authentication—Describes deployment steps and procedures for
configuring trunk authentication.
- Implementing backend
authentication mechanisms—Describes deployment steps and
procedures for forwarding credentials supplied during trunk
authentication to backend published applications.
- Implementing cross-site
single sign-on─Describes the steps required to allow users to
access multiple Forefront UAG sites using a single set of
- Implementing access
policies for endpoint health validation─Describes how to
configure Forefront UAG access policies, and Network Access
Protection (NAP) policies.
- Implementing users and
groups for application authorization—Describes how to create
users and groups that can be used to control granular access to
specific portal applications.
- Implementing certified
endpoints─Describes how to deploy client certificates to