This topic describes the following methods of authentication that Forefront UAG DirectAccess provides, and how to configure them:

To configure the authentication options

  1. In the DirectAccess Server section of the wizard, on the Authentication Options page, select the root or intermediate certificate that verifies certificates sent by DirectAccess clients, as follows:

    • To use a root certificate, click Browse, select the required root certificate, and then click OK.

    • To use an intermediate certificate, click Use intermediate certificate, click Browse, select the required intermediate certificate, and then click OK.

  2. Select the certificate that authenticates the Forefront UAG DirectAccess server to a client connecting using IP-HTTPS, by clicking Browse, selecting the required IP-HTTPS certificate, and then clicking OK.

  3. If you want to change the IPsec cryptography settings, click Edit IPsec cryptography settings and select the relevant Integrity, Encryption and Key exchange algorithm, and then click OK.

    Forefront UAG DirectAccess (UP1 release), supports the Suite B cryptographic algorithms that were added to IPsec in Windows Vista Service Pack 1, in Windows Server 2008, and in Windows 7
  4. Select the following authentication options, if they are deployed in your organization:

    • Clients that log on using a PKI smart card—When selected, client endpoints must use PKI smart cards.

    • Computers that comply with your organization's NAP policy—When selected, NAP policy is applied to client endpoints.

  5. Click Finish.

For instructions on how to configure the next stage of the Forefront UAG DirectAccess configuration wizard, see Specifying the network location server.