Abstract: Usage-limited passcodes support authentication when onboarding new employees, when recovering access after an enrolled device is lost or temporarily unavailable, or when registering passwordless authentication methods for new devices during an out of the box setup, among other scenarios. Usage-limited passcodes are also referred to as “temporary access passes” or TAPs. TAP usage may be limited to a specific number of uses, particular kinds of uses, certain time periods, or a combination thereof. A TAP includes a code string and an implementation of corresponding tokens, rights, and other identity aspects within an enhanced access control infrastructure. TAP usage may supplement or replace other authentication, and in particular may replace authentication through a username and password combination, thereby enhancing both usability and security. Self-service identity confirmation may be used to obtain a TAP. Redirection to a federated domain identity provider may be avoided during TAP authentication.

Abstract: The present invention extends to methods, systems, and computer program products for arbitrating an appropriate back-end server to receive channels of a client connection. Each front-end server in a server farm specifies a back-end server in the server farm that it deems appropriate for receiving channels of a client connection. Each specified back-end server is represented by an arbitration order, for example, a universally unique identifier. A relevant set of potential back-end servers that can receive channels of a client connection is selected according to function configured to minimize performance impact. A load balancing service compares arbitration orders for different back-end servers in the set of potential back-end servers to determine an appropriate back-end server for receiving channels of the client connection.

Abstract: Systems and methods are described that provide terminal services through a firewall. In one implementation, data is wrapped with an RPC-based protocol, wherein the data to be wrapped is configured according to a stream-based protocol consistent with establishing a server/client relationship. The RPC-based protocol is then layered over HTTPS. The wrapped data is then passed through the firewall.