Forefront Unified Access Gateway (UAG) allows you to control endpoint access to applications and resources published via Forefront UAG, and to configure the frontend authentication scheme for applications that require authentication.

It is recommended that remote clients authenticate when connecting to a Forefront UAG portal or site. A site session is opened only for users who authenticate successfully, thus ensuring that only authenticated traffic is passed to backend servers published via Forefront UAG. Session authentication requires you to define at least one authentication server, against which the credentials of users connecting to a portal or application session are verified.

This topic describes how to define authentication servers that are required by remote clients connecting to a Forefront UAG portal or site. Authentication servers are used by Forefront UAG for frontend session authentication, and also to verify credentials for delegating client credentials to backend servers that require authentication.

Forefront UAG supports many types of authentication servers, as described in the following topics: