AuthX Integrations

AuthX – Windows Logon Integration

Posted authxwp

Overview

AuthX integrates with Windows Logon to add two-factor authentication (2FA) for Windows Desktop and server logins.

System Requirements

AuthX Authentication for Windows Logon supports both client and server operating systems.

  • Windows 10 1709 & above

  • Server 2016 & above

AuthX Factor Support

AuthX for Windows Logon supports these factor types for 2FA:

  • Push

  • Time-based One-Time Password (TOTP)

  • Face

  • Fingerprint

  • Phone SMS

  • Phone Call

  • RFID

  • Hardware Token

  • Pin

Windows Application Creation

Pre-Requisite – Make sure to have an active user in the company before adding an application otherwise you will get this error

  1. Sign up for an AuthX account here: https://admin.authx.com/signup

  2. Navigate to the Applications tab

  3. Click Protect Application and select Protect for Windows

  4. Provide your inputs on the Application Name, Description, & Policies and click on save

    1. For additional configuration, you can use Manage Configuration

      1. Click on EDIT

      2. You can set the configuration values here

      3. After the values are set, scroll down to the end – Update Configuration

      4. After adding the configuration , Download the configuration

  5. Save the application.

  6. If further configuration is needed later, note the Application details (shown below) of the Windows application from the AuthX portal

Enroll a user

  1. Create your Windows user

  2. The username must match the Windows user’s logon name (UPN).

    1. If it’s an AD user – add your domain name to the Username (name@domain.com)

  3. Users must complete enrollment to activate their profiles. If the user logging into Windows does not exist in AuthX, the user may not be able to log in.

Policy Management

  1. Utilize the available default policy or create your own policy to restrict the following

    1. Authentication

    2. Browsers – Desktop & Mobile

    3. Operating System

    4. IP address

Windows Agent – Configuration

  1. Download and install AuthX Windows Authenticator here: https://dl.authx.com/AuthX-Windows-Authenticator-2.3.182.0.msi

  2. After the installation, on Windows Search – type AuthX Configuration

  3. Once the AuthX Configuration setup opens up, you can do the configuration in 3 ways

    1. Input your details Manually in AuthX Configuration

    2. Import file in Configuration

    3. Silent Configuration

  4. Input your details Manually in AuthX Configuration

    1. Enter your details under Application Settings manually (Refer Windows Application Creation → Step 6)

  5. Import file in Configuration

    1. Import your Windows configuration file in AuthX Configuration. If the configuration XML file exists in the same directory as the application installer when it is run, the installer will automatically apply these settings. Otherwise, follow the manual import directions below:

      1. Download Windows XML file from Windows Application (AuthX portal)

      2. Click Import Configuration File in AuthX Configuration

      3. Choose the XML file

      4. Save the configuration

  6. Windows Agent – Silent Configuration

    1. Go to Windows Search

    2. Open Command Prompt and run as Administrator

    3. With Appinfo XML file

      1. Paste the following command, “C:\Program Files\AuthX\AuthX Windows Agent\AuthX.Config.exe” config “C:\Users\UserName\Downloads\AppInfo.xml”

        1. Provide the file path for Appinfo xml

      2. (OR)

    4. Without Appinfo XML file

      1. Paste the following command, “C:\Program Files\AuthX\AuthX Windows Agent\AuthX.Config.exe” -i “Application ID” -k “Application Key” -c “Hostname” -e “prod” -t 1

        1. Fill in the Windows application details from the company mentioned in Windows Application Creation → Step 6

        2. Arguments Info:

          -i “<Application ID>”

          -k “<Application Key>”

          -c “<Company Hostname>”

          -e “<Environment>” // portal environment, values should be “prod””

          -t <Install Type> // 1 for Single, 2 for Citrix, 3 for Shared

    5. Go to AuthX configuration & cross check the respective Windows application details got setup.

AuthX Windows Agent Launch

  1. Go to Windows Search and type AuthX Windows Agent

  2. On the system tray, right click on the AuthX icon and select User Configuration

  3. You can also launch the registered AuthX user portal from the Windows agent

    1. On the system tray, right click on the AuthX icon and select My Applications

    2. You will be redirected to a browser with the AuthX user account logged in

  4. Make sure your Profile details are Active.

  5. Navigate to the Authentication tab & enroll your details

    1. Fingerprint

    2. Face

    3. Palm

    4. RFID

  6. Remote Lock from App

    1. Enable – When this option is enabled, user can lock / unlock their respective PC using mobile app (Refer to the Remote Device Management document for further details)

    2. Disable – This feature will be disabled

  7. On the Windows login screen, you can select Sign-in options and pick the AuthX option

  8. AuthX authentication factors displayed here – Face, Fingerprint, RFID, Push Phone SMS, Phone Call, TOTP, Hardware Token, and Offline Login

  9. After successful authentication, you can access your system

Note – The first time you log in, you need to use your password to access your system. Other authentication factors become available after the second time logging in.

Delegated Access Management

Delegated Access Configuration Setup

  1. You can enable Delegated access for users to have access to a specific system in within AuthX Configuration -> Advanced Options

  2. When this option is enabled, you will get to see the additional fields (Current User and Password) to create user’s access

  3. Save the configuration

Delegated User Access Management – AuthX Portal

  1. Login to the AuthX Admin portal

  2. Navigate to Device Management → User Assignment

  3. You can see the devices here

  4. Edit the device and you can assign your delegated Users / Groups

  5. Only the assigned users will be able to login

  6. When you are assigning users, if you want an additional / new user to be added you should have the user enrolled in the Admin portal

    1. Go to Users and add an user

    2. Make sure the added user is in Active status

Benefit of Delegated Access Control

  1. Now after you have successfully configured the delegated user access in AuthX Configuration and by assigning users to the device in the AuthX Admin portal, you have successfully created the access for a system that can be accessed by Delegated users

  2. When a user is trying to login to the system they will be able to use their AuthX Username & credentials to get access

  3. Note: To login as an Admin user, the username as an admin and system password to login

Windows Agent – Smart Card setup

On the AuthX Windows Agent app, the Smart Card tab will be hidden by default. To enable the Smart Card, follow the below steps:

  1. Connect to your VPN

  2. Go to AuthX configuration

  3. In the Alternate Authentication Mode, enable the following factors

    1. Certificate Based Authentication

    2. Smart Card Authentication

  4. Save the configuration

  5. Now go to AuthX Windows Agent & the Smart Card menu should be enabled now

  6. Click Enroll and wait for the AuthX Windows Agent to begin the smart card enrollment.

  7. Now the smart card is enrolled.

  8. If required, can deactivate or delete the enrolled smart card.

Windows Agent – Version Updates

  1. Open Windows Agent app & select Auto Updates

  2. Click Check for Updates for any new version

    1. System will check for the updates

  3. If any new updates, they system will progress on the update

  4. If there is no updates, it will show Your software is up to date

Network Diagram

Leave a Reply