Hi All,
I know there are number of solutions out there which can allow you to expose SharePoint On-Premise externally. All solution come with some limitation. I am looking for someone who has implemented such a solution and lesson learned.
Here is the high level requirement:
– SharePoint Portal (Some web application not all) from on-premise SharePoint Farm to be available outside company network
– We should limit devices and track those devices accessing portal
– User should be able to authenticate by using their active directory credentials so no additional authentication should be required.
– If a user moves between web application, he/she should not be challenged to enter his/her domain credentials
Thanks
Adnan
Adnan,
That is interesting scenario that needs thorough testing.
You can use a wildcard SSL certificate with the SAN (Subject Alternative Names) option and have web app URLs as part of it. For example:
webapp1.domain.com
webapp2.domain.com
With a wild card SSL cert that offers SAN option, you can have *.domain.com. Besides the *, you can add the abve two url in the SAN. I’ve used www.Digicert.com wildcard certificates with SAN options. Makes life easy at least for this requirement.
Have you looked at the ADFS (Active Directory Federation Services) and/or ADCS (Active Directory Certificate Services) as a solution? How about using ADFS with the Azure AD to have seamless authentication across multiple web apps? Just like Office 365 has the authentication option with corporate ADFS.
Configure client certificate authentication for SharePoint 2013
2FA (Two Factor Authentication) is the way to limit who will be accessing the portal. But then you don’t want users to enter additional credentials!
Review some of these resources:
- Multi-Factor Authentication on SharePoint using AD DS
- Test drive Comodo’s Two-Factor Authentication Solution for Free
- ADFS and Windows Azure AD Resources
Limiting devices and track those devices using SharePoint seems a little more challenging.
At the end, review my blog post on external hosting and some of the pieces involved. The current version of that article is not a solution to all the scenarios. But it might give you few ideas.
Primer on SharePoint Hosting for External Collaboration
Regards
Faisal Masood –
