Use case: What to do if Token2 is lost, forgotten, etc The edit box will display the associated 6-digit code and automatically close the dialog box indicating that the verification operation succeeded.Īs explained in the “Requirements” section, remember that to enroll with MFA and Token2, users will have to connect directly (and not via RDP) to a computer (the subsequent connections will allow RDP connections with the Token2 HOTP plugged into the USB port of the client computer). The UserLock desktop agent requests the authentication code: The user logs in to their Windows Session.The user plugs the Token2 HOTP into a USB port of their computer (the client computer if they are using RDP).Subsequent connections for two-factor authentication with UserLock and Token2 HOTPįollowing the initial connection in which the Token2 configuration is included, subsequent connections where MFA is requested will occur as follows: The cursor appears in the edit box of the authentication code and the user can touch the Token2.Īs a result, the edit box will display the associated 6-digit code and automatically close the dialog box indicating that the verification operation succeeded. Next, the Desktop UserLock agent programs the Token2 HOTP using the MFA secret (without displaying it), then updates the Link Token2 button to confirm that the operation succeeded: If the user chooses "USB Token", Token2 is automatically detected and a dialog box appears: The UserLock desktop agent asks the user the method to configure multi-factor authentication: The user logs in to their Windows session.The user plugs the Token2 HOTP into the USB port of their computer (do not connect via RDP for this first connection as explained in the "Requirements" section).Once MFA is activated for a user account (configure the MFA frequency you need), this user may require assistance logging in for the first time with UserLock and Token2: To enable two-factor authentication with UserLock and Token2 HOTP Subsequent connections will allow RDP connections with the Token2 plugged into the USB port of the client computer. To enroll in MFA with Token2 HOTP, users will have to connect directly (and not via RDP) to a computer for the Desktop UserLock agent to detect the Token2. This device must be inserted into a USB port of their computer during the connection. Users require a Token2 with HOTP support such as Token2 T2F2-ALU. This touch activated Token2 HOTP automatically enters a pre-determined authentication code thus avoiding the possibility of the end user entering an invalid code. To authenticate with Token2 HOTP, users simply tap their security key. UserLock configures Token2 HOTP in an efficient manner uniquely on the server side thus avoiding any client based configuration. Note that the most used TOTP solutions are authentication applications (for example Google Authenticator) or programmable tokens (for example, Token2 miniOTP-3). HOTP is an alternative to Time-based One-time Passwords (TOTP). Token2 HOTP is a token, powered by Token2, which can be configured to use HMAC-based One-time Passwords (HOTP) for multi-factor authentication. Onboarding for End Users – with Token2 (HOTP)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |