This guide provides information about deploying mechanisms that verify the identity of remote endpoints that connect to Forefront Unified Access Gateway (UAG) sites, and that control endpoint access to resources published via Forefront UAG.

The guide includes the following topics:

• Overview of access control—Describes the mechanisms that Forefront UAG uses to verify the identity of remote endpoints, and how it controls endpoint access to published resources.
  
  
• Planning to deploy access control mechanisms—Provides a summary of the required planning and prerequisite tasks before beginning deployment.
  
  
• Implementing frontend authentication—Describes deployment steps and procedures for configuring trunk authentication.
  
  
• Implementing backend authentication mechanisms—Describes deployment steps and procedures for forwarding credentials supplied during trunk authentication to backend published applications.
  
  
• Implementing cross-site single sign-on─Describes the steps required to allow users to access multiple Forefront UAG sites using a single set of authentication credentials.
  
  
• Implementing access policies for endpoint health validation─Describes how to configure Forefront UAG access policies, and Network Access Protection (NAP) policies.
  
  
• Implementing users and groups for application authorization—Describes how to create users and groups that can be used to control granular access to specific portal applications.
  
  
• Implementing certified endpoints─Describes how to deploy client certificates to certified endpoints.