Highly authenticated functions of Shin Telework System that can also use My Number Card
The Shin -Telework System, which can easily realize a remote desktop environment, has a simple user authentication function, and one of the strengths is that it can be used without pre -registering user registration.This simple user authentication is a mechanism to set one password for one PC, so if multiple users want to use a shared PC as a redeid desktop, they cannot be flexible.
Introducing the "advanced user authentication function" provided as a security option will allow you to use more flexible user authentication.The "advanced user authentication function" also supports authentication using My Number Cards, enabling more secure connections.This time, let's introduce this "advanced user authentication function".
Manage connections by authentication using registered user information
In the "advanced user authentication function" of the Shin Telework system, you can choose some authentication methods according to the situation, such as authentication using user names and passwords and authentication using unique electronic certificates.。To use the "advanced user authentication function", first open the security setting screen on the server side (company PC) application, and use the "Advanced user authentication function" in the "Advanced user authentication function settings" column.Check the item "Do".Then, click the [User Management] button below.
The management screen is displayed as follows.Click [Create New], as you have to register the user information used for the connection.
Once the user's new creation screen is displayed, first enter any user name.It is safer to specify the expiration date of the account.Various authentication methods are supported in the "advanced user authentication function", but first try to enable the most basic user name and password authentication.Select [Password authentication] in the "Certification Method" column, and set any password in the "Password Authentication" column in the upper left.
Click the OK button to create a user and display it in the list as shown below.
This concludes the preparation on the server side.Next, start the client app on the client's PC (home PC) and connect to the server side PC.The screen "Advanced User Authentication" is displayed as follows. Select "Password Authentication" as a authentication method, enter the user name and password created on the server side, and click [OK].
If you succeed in authentication, you will be able to establish a remote connection and operate the server -side PC desktop.
If you connect with a web client, you will be asked to enter the username and password as well, and if you succeed in authentication, the server -side PC desktop will be displayed.
The reason why the "advanced user authentication function" is very different from simple user authentication is that multiple users can be registered, specifying the authentication method and expiration date for each user, or setting a password.。Since the number of login times and the date and time of the final login can be confirmed for each user, system administrators have the advantage of being able to grasp the user usage status.
Use a user authentication with a unique certificate
The "advanced user authentication function" allows not only authentication by user name and password, but also authentication using unique client certificates.This is to provide a unique digital certificate for each client, so that only users who have a certificate matching the server registered in advance can be connected.Please note that user authentication using a unique certificate does not support connection from the web client.
The client certificate can be officially issued by an external third party, but can be created and used as a simple version.Here, let's try the latter method.
User authentication by specific certificate is set for each user, as in the case of the user name and password authentication.First, go to the "User Management" screen in the "Advanced User Authentication" section to open the user's property you want to set.Then, please select "Eechi certificate authentication" as the authentication method as shown in the figure below.
The certificate is added in the "Certificate Certificate" column on the right.If you already have a certificate, add a certificate file from the Certificate button.If you want to create a new certificate, click the Certificate Creation Tool button to open the "Create a new certificate" screen as follows.
If you just create a certificate, there is no problem if you select "Route Certificate" for the certificate.The explanation is omitted about the difference from the "certificate signed by other certificates", but in a nutshell, the latter is a more formal certificate.
In addition, if you fill in the necessary information such as the name, the name of the organization, or the validity period, click the [OK] button.
Next, the screen "Save Certificate and Principal Key" is displayed as follows. Select "PKCS#12" as a saving method.It is a passphrase of the lower secret key, but this is a setting for whether to input a passphrase when using the certificate's private key, and it is safer to enable the passphrase safely.You can operate it.
When the input is completed, click the OK button to add a unique certificate to the specified user of the server app:
This concludes the preparation on the server side.By the way, the created certificate should be saved by the file name of the extension ".p12".When connecting from the client, you need to use the file every time.In other words, only users who have a certificate file can connect a remote desktop.
Therefore, first copy the certificate file to the client PC using a USB memory.At this time, be careful not to transfer via the Internet using email.The certificate file plays a key role, so you need to be careful not to be copied by a third party.
Once the certificate file is ready, connect it from the client's PC to the server side PC.When the "Advanced User Authentication" screen is displayed, select "Certificate Certification" as a certification method and specify the certificate file for the user specified in the certificate authentication column.
Click the [OK] button to authenticate, and if you can confirm that it is the correct certificate, you will be able to use the server -side PC desktop.