Deploying a Windows Credential Provider

The AuthAnvil Windows Credential Provider offers companies the ability to add strong multi-factor authentication to Microsoft’s Windows client and server operating systems. It provides a simple and consistent logon experience no matter if they logon at the local desktop or through a terminal session. And it offers identity assurance by requiring users to provide their AuthAnvil MFA Auth passcode during the logon process.

Note: This agent does not support x86 versions of Windows. If you need an x86 agent please see the agents listed in this section.

Note: This agent is installed on a per machine basis currently. 

Note: This agent requires that the AAoD username and the Windows username must be matching.


To configure a Windows Logon agent please follow these steps

First create a Policy for this agent.

  1. Log into your tenant https://(your company).my.authanvil.com
  2. Select Policy Manager.
  3. Select the Add icon (small green + sign in the bottom right corner). 
  4. Name the Policy
    Example: Windows Credential Provider.
    Set your Policy Elements & Actions.
    Note: This policy must not allow for simple passwords. Require MFA must be used.
    policy.PNG
  5. When you have your policy completed select Save changes.
    policy2.PNG

 

  1. Select Auth Manager.
  2. Select the Add icon (small green + sign in the bottom right corner). 
  3. Select Windows Logon.
    1.PNG
  4. Configure the agent.
    Select Agent is enabled.
    Select the policy you created in Step 4.
  5. Select Windows Logon Configuration.
    2.PNG
    Note: It is recommend that you set an Override Password for all installs.
    Note: You will need to manually create the AuthAnvil Override Group in Active Directory (Windows security group for stand alone machines).
  6. Select Add Agent.
    3.PNG
  7. Select the Agent from the agent list in Auth Manager.
  8. Select Download Installer.
    4.PNG
  9. Copy the installer AAWinLogonCP.msi file to the target x64 Windows Server/Desktop/Workstation.
    Note: The installer must be on the local machine and not run from a shared drive like Lancache.
  10. Run the MSI AAWinLogonCP.msi
    Note: If installing on a DC or where there might be excessive UAC style controls enabled you can run the MSI from an elevated command.
  11. Select Run if prompted.
    5.PNG
  12. Select Next.
    6.PNG
  13. Accept the Terms of Use. Select Next.
    7.PNG

  14. Logon Agent configuration. Set the following.
    Home Realm: (This your tenant (your company).my.authanvil.com)
    ID: (This will be provided on the agent information screen where you downloaded the agent).
    Key: (This will be provided on the agent information screen where you downloaded the agent).
    8.PNG
  15. Select Next.
  16. Select Install.
    9.PNG
  17. Select Finish.
    10.PNG

 

Test the agent

  1. Lock the desktop. You should now see the following.
    11.PNG
  2. Enter the user's Windows Password.
  3. You should receive a Push notification automatically. If the push fails you will receive an MFA prompt for the passcode. Open the Authenticator app. Tap your username. This will provide you with your one time password.

 

Have more questions? Submit a request

0 Comments

Article is closed for comments.