AuthX Integrations

AuthX – Windows Logon Integration

Posted authxwp

Overview

AuthX integrates with Windows Logon to add two-factor authentication (2FA) for Windows Desktop and server logins.

System Requirements

AuthX Authentication for Windows Logon supports both client and server operating systems.

  • Windows 10 1709 and above

  • Server 2016 and above

AuthX Factor Support

AuthX for Windows Logon supports the following factor types for 2FA:

  • Push

  • Time-Based One-Time Password (TOTP)

  • Face

  • Fingerprint

  • Phone SMS

  • Phone Call

  • RFID

  • Hardware Token

  • Pin

Windows Application Creation

  1. Sign up for an AuthX account.

  2. Go to Applications, click Protect Application, and select Windows.

  3. Enter information for Application Name, Description, and Policies. Click Save.
    Result: The Windows page will display.

    1. For additional configuration, scroll down to Application Configuration and click Edit next to Manage Configuration. Scroll down to set all preferences and click Add Configuration.

b. Under Application Configuration, click Download for Windows Authentication setup and XML Configuration.

Enroll a User

  1. Go to Users.

  2. Click Add User. Enter the user’s information and click Save.

Note: The AuthX username must match the user’s Windows logon name (UPN).

  • When adding an AD user, add the domain name to the username (i.e. username@domain.com).

Important: Users must complete enrollment to activate their profile. If the user logging into Windows does not exist in AuthX, they may not be unable to log in. See Users for details.

Policy Management

Use the default policy or create your own policy to restrict the following:

  1. Authentication

  2. Browsers – Desktop and Mobile

  3. Operating System

  4. IP address

See Policies for details.

Windows Agent – Configuration

  1. Download and install AuthX Windows Authenticator.

  2. After installation, open Windows Search, and type AuthX Configuration.

  3. When AuthX Configuration opens, you have 2 options to configure:

1. Import a file

2. Initiate a Silent Configuration

Option 1: Import File in Configuration

Import your Windows configuration file into AuthX Configuration. If the configuration XML file exists in the same directory as the application installer when it runs, the installer automatically applies the settings. Otherwise, follow the manual import directions:

  1. Download the Windows XML file from Windows Application in the AuthX portal.

  2. In AuthX Configuration, click Import Configuration File.

  1. Choose the AppInfo.xml XML file:

  1. Click Save Configuration.

Option 2: Windows Agent – Silent Configuration

  1. Open Windows Search and type Command Prompt

  2. Click Run as administrator.

With Appinfo XML file

Paste the following command:

“C:\Program Files\AuthX\AuthX Windows Agent\AuthX.Config.exe" config "C:\Users\UserName\Downloads\AppInfo.xml”

  • Provide the file path for Appinfo XML.

Without Appinfo XML file

Paste the following command:

"C:\Program Files\AuthX\AuthX Windows Agent\AuthX.Config.exe" -i "Application ID" -k "Application Key" -c "Hostname" -e "prod" -t 1

Enter the Windows application details for the company in Windows Application Creation

Arguments Info:

  • -i “<Application ID>”

  • -k “<Application Key>”

  • -c “<Company Hostname>”

  • -e “<Environment>” // portal environment, values should be “prod””

  • -t <Install Type> // 1 for Single, 2 for Citrix, 3 for Shared

  1. Go to AuthX configuration and cross-check to ensure the respective Windows application details were set up correctly.

AuthX Windows Agent Launch

  1. Go to Windows Search and type AuthX Windows Agent

  2. On the system tray, right-click the AuthX icon and select User Configuration.

  1. You can also launch the registered AuthX user portal from the Windows Agent.

    • On the system tray, right-click the AuthX icon and select My Applications.

Result: This redirects you to a browser with the AuthX user account logged in.

  1. Go to the Authentication tab and enroll your details:

    1. Fingerprint

    2. Face

    3. RFID

    4. Remote Lock from App

Enable: When this option is enabled, the user can lock / unlock their respective PC using the mobile app. See Remote Device Management for details.

Disable: When this feature is disabled, the user cannot lock / unlock their respective PC using the mobile app.

  1. On the Windows Login screen, select Sign-in options. Click the AuthX tile on the bottom left corner.

Result: The AuthX authentication factors display: Face ID, Fingerprint, RFID Card, Mobile Push, Phone SMS / Text, Phone Call, OTP, Hardware Token, and Offline Login.

  1. After successful authentication, you can access your system.

Note: The first time you log in, you need to use your password to access your system. Other authentication factors become available after your second time logging in.

Delegated Access Management

Use Delegated Access Management to set up user access for a specific system.

Delegated User Access Management – AuthX Configuration

  1. Go to AuthX Configuration  Advanced Options.

  1. Next to Delegated Access Management, click the Enable radio button.

Result: The Current User and Enter Password fields display to create the user’s access.

  1. Click Save.

Delegated User Access Management – AuthX Admin Portal

  1. Log in to the AuthX Admin portal.

  2. Go to Device Management → User Assignment.

Result: The User Assignments page displays a list of devices currently enrolled in AuthX.

  1. Click the Action menu for the device you want to manage. Click Edit.

  2. Assign your Delegated Users / Groups.

Note: Only assigned users will be able to log in.

  1. To add a new user, make sure they are enrolled in the Admin portal before assigning them.

    1. Go to Users and click Add User.

    2. Ensure the added user is in Active status.

Benefit of Delegated Access Control

Once you configure the delegated user access (in AuthX Configuration) and assign users to a device (in the AuthX Admin portal), delegated users can successfully access the system.

Users can now log in and access the system using their AuthX username and credentials.

Note: To log in as an Admin user, enter your AuthX admin username and system password.

Windows Agent – Smart Card Setup

On the AuthX Windows Agent app, the Smart Card tab is hidden by default. To enable the Smart Card:

  1. Connect to your VPN.

  2. Go to AuthX configuration.

  3. In the Alternate Authentication Mode, enable the following factors:

    1. Certificate Based Authentication

    2. Smart Card Authentication

  4. Click Save.

  5. Go to AuthX Windows Agent. The Smart Card menu should be enabled.

  6. Click Enroll and wait for the AuthX Windows Agent to begin the smart card enrollment.

Result: The Smart Card is enrolled.

Note: If needed, you can deactivate or delete the enrolled smart card.

Windows Agent – Version Updates

  1. Open the Windows Agent app. Select Auto Updates.

  2. Click Check for Updates.
    Result: The system will scan for new versions of AuthX and update your system accordingly. If no updates are available, the system will indicate your software is up-to-date.

Network Diagram

Leave a Reply