Description
Indeed AM Windows® Logon features
The Indeed AM Windows® Logon product provides the users with following capabilities:
- Logging in to the system with account password
- Logging in to the system with Indeed AM authentication technology
- Access to remote desktop with Indeed AM authentication technology
- Logging in to the system with cached authenticator when connection to Indeed server cannot be established.
To provide for user data security when user is not at his/her workplace, the Indeed AM Windows® Logon supports both manual locking of workstation, and automatic one. The latter is triggered when authentication device is removed or when screen saver becomes active. To unlock the workstation, it is always necessary to confirm user identity again with authenticator, regardless of the locking method.
Advanced features
The Indeed AM Windows® Logon provides for the following advanced features:
- Registration of authenticator by user and authenticator management using the Indeed AM – Authenticator management application.
- Indeed AM Paste function, that pastes the user password in hidden form into required field upon pressing the set hotkey combination.
Supported authentication technologies
The Indeed AM Windows® Logon product supports more than 20 modern authentication technologies. These are: two-factor authentication, biometric authentication, certificates, proximity cards, one-time passwords, SMS technologies etc.
You can define the most suitable authentication technology for each category of Indeed AM Windows® Logon users. The users can also be allowed to use several technologies:
- authentication technology, adapted for remote use;
- combination of authentication technologies (multi-factor authentication).
Operation of Indeed AM Windows® Logon
This section contains description of the main Indeed AM Windows® Logon operation scenarios:
- The first authenticator registration
- Access to system using an authenticator
- User authenticator caching
- Password changing by user
Installation
To install the Indeed -Id AM Windows® Logon component, run the IndeedID.WindowsLogon.msi installer and follow the Installation wizard instructions.
After the installation is complete, system has to be restarted. Click Yes to restart the system immediately or No, if you plan to do this later manual.
| Info | ||
|---|---|---|
| ||
Files for installation Indeed AM Windows Logon placed:indeed AM\Indeed AM Windows Logon\<version number>\
|
| Info | ||
|---|---|---|
| ||
To deploy the Indeed AM Windows® Logon at user workstations in automatic mode, the group policy mechanism (Microsoft Group Policy) can be used. Or you can use any other tool that allows batch copying and installation of msi packages to user workstations (for example, Microsoft System Center Configuration Manager). |
Update and removal of Indeed AM Windows® Logon
The product removal/restoring is carried out using the standard procedure for the supported operating systems, via Control panel menu.
| Note | ||
|---|---|---|
| ||
Local Administrator privileges are required for the Indeed AM Windows® Logon removal. After the Indeed AM Windows® Logon package is removed, the system has to be restarted. |
You don’t have to remove the current version of the software to update it. In the course of update, the installed components are replaced by newer ones.
| Info | ||
|---|---|---|
| ||
To update the Indeed AM Windows® Logon at user workstations in automatic mode, the group policy mechanism (Microsoft Group Policy) can be used. You can also use the deployed Microsoft System Center Configuration Manager for this purpose. |
The methods of Indeed-Id system component update in automatic mode are detailed in the Indeed AM. System Deployment manual.pdf.
Configuration
Configuration from regedit
- Open regedit Windows.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\SrvLocator2.
- Change string parameter ServerUrlBase and set URL your Indeed Access Manager Server (example http(s)://dc.indeed-id.local/easerver/).
Configuration from GPO
| Info | ||
|---|---|---|
| ||
Group Policy Templates placed: indeed AM\Misc\GroupPolicyTemplates |
Add policy IndeedID.ServerUrl.admx on workstantion, with installed indeed AM Windows Logon.
Open gpedit.msc and go to Конфигурация компьютера - Административные шаблоны - Indeed ID - ClientConnection - Настройки подключения к серверу
. Включите политику. Enable policy.
В поле "URL-адрес АМ сервера" укажите значение URL вашего Indeed Access Manager Server (например http(s)://dc.indeed-id.local/easerver/).
Using the Indeed AM Windows® Logon
The following must be installed at your workstation to provide for access to the system using the Indeed-Id authentication technology:
- Indeed AM Windows® Logon module, that provides for access to system using an authenticator.
- Indeed AM Provider module, that corresponds to the selected authentication technology.
- Hardware authentication device (if required).
| Note | ||
|---|---|---|
| ||
Logging in with authenticator and authenticator management are only available if permitted by the system administrator. |
The first login to the system
After the necessary software is installed onto your workstation, the first login to the system is performed with the user domain password.
After the operating system is loaded, the Windows welcome screen is displayed. Press Ctrl+Alt+Del and select your account. If you need to login under another account, click Other user.
The opened Windows Logon window displays the last username used to login and the authentication method used. Do one of the following:
- In the Windows Logon window select the Password login method, then enter your password and click Login (see Figure 1).
Backtotop
| Table of Contents | ||
|---|---|---|
|