Skip to main content -->

Showcase: Multi-factor Authentication for SharePoint at US Department of Energy

ActioNet: a federal contractor for US Department of Energy and others 
 
United States Department of Energy 
 
Microsoft SharePoint 2013 
CipherPoint Software: Securing SharePoint 

Customer Background​

ActioNet is a federal government contractor responsible for the development and maintenance of the US Department of Energy's PARS2 web site. PARS2 leverages Microsoft SharePoint to manage documents and deliver web content to PARS2 users, some of whom are DOE employees and many of whom work with affiliates organizations outside the DOE.

Time Period

November 2014 to Present

The Challenge

Given recent news including developing cybersecurity threats and data breaches, DOE and ActioNet recognized a need to provide a more secure method of authentication for SharePoint. ActioNet was seeking a secure solution that would allow users to login to the PARS2 web site with minimal difficulty, while meeting all federal government security requirements and standards, including multi-factor authentication, security policy acceptance, and password expiration reminders.

The solution needed to be very user friendly, since some users were in different organizations and extensive training was impractical. The system would need to support multiple devices, including PCs and tablets, and it could not require the user to have a Windows domain account with the DOE.

The solution also needed to integrate transparently with CipherPoint, an ecryption and security solution for SharePoint developed by CipherPoint Software and a business with whom Liquid Mercury Solutions occassionally partners.

Our Solution

We were originally approached by CipherPoint who had familliarity with work we were doing on Beowulf, a product in development to provide SAML claims based authentication and identity services for SharePoint. Among other benefits, Beowulf provides an extra layer of protection to SharePoint via multi-factor authentication.

We demonstrated an early version of Beowulf to ActioNet in late 2014. Given the unique capabilities of our product, it was determined to be a perfect fit for DOE's needs, and it was included into the overall solution. Along with CipherPoint, Beowulf was submitted for A&A review in the summer of 2015, and our application was granted Authority to Operate in October 2015.

The system went into production in January 2016. By that time, our product had been extended to add many new features which DOE enjoys today. ActioNet has continued to be an important partner as we provide ongoing support for our product at DOE.

Benefits

  • Users of the PARS2 system authenticate using a friendly and recognizable login form.
  • Accounts are protected by multi-factor authentication, which is required whenever a user logs in from a new computer or network.
  • DOE security policies are clearly posted and enforced.
  • Users receive reminders and warnings up to 2 weeks before their passwords expire.
  • Administrators and site owners can use SharePoint's People Picker without needing to worry about the technical details of how it works.

Technical Accomplishments

  • Login screens were tested to be compatible with older versions of Internet Explorer.
  • Responsive design was leveraged so that login screens work well on mobile devices.
  • Since Beowulf can be themed, ActioNet was able to customize all screens to include DOE branding and verbiage.
  • Enforcement of session based logout when a user closes their browser, while also allowing cookie based claims to support products like Word and Excel.
  • Our solution was proven to work effectively without impairing the functionality of products like CipherPoint and ShareGate.
  • Multiple methods of integration with SharePoint User Profiles and the People Picker were implemented and tested.
  • During the course of this project, we developed many other capabilities into Beowulf which are unique in the marketplace as far as know.

The Bottom Line

This project represents a significant investment in security infrastructure. Nevertheless, we were able to accomplish all project goals within one year, and our solution was cost effective compared to other options.

Total project cost was approximately $55,000, including labor, server software licenses, and three years of premium support.

Talk to the Client

ActioNet's Marc Cree has gone on record to sing our praises on many occassions. Here's one such example:

Marc Cree writes, "Outstanding customer service/support. Highly knowledgeable. Good company! People. Responsive! Dedicated." 

In case you're on a mobile phone, Marc Cree writes, "Outstanding customer service/support. Highly knowledgeable. Good company! People. Responsive! Dedicated." Thank you, Marc, for your kind words!

If you'd like to speak with Marc directly, please contact us and we'll be happy to arrange an introduction.