Description
Indeed AM Windows® Logon features
The Indeed AM Windows® Logon product provides the users with following capabilities:
- Logging in to the system with account password
- Logging in to the system with Indeed AM authentication technology
- Access to remote desktop with Indeed AM authentication technology
- Logging in to the system with cached authenticator when connection to Indeed server cannot be established.
To provide for user data security when user is not at his/her workplace, the Indeed AM Windows® Logon supports both manual locking of workstation, and automatic one. The latter is triggered when authentication device is removed or when screen saver becomes active. To unlock the workstation, it is always necessary to confirm user identity again with authenticator, regardless of the locking method.
Advanced features
The Indeed AM Windows® Logon provides for the following advanced features:
- Registration of authenticator by user and authenticator management using the Indeed AM – Authenticator management application.
- Indeed AM Paste function, that pastes the user password in hidden form into required field upon pressing the set hotkey combination.
Supported authentication technologies
The Indeed AM Windows® Logon product supports more than 20 modern authentication technologies. These are: two-factor authentication, biometric authentication, certificates, proximity cards, one-time passwords, SMS technologies etc.
You can define the most suitable authentication technology for each category of Indeed AM Windows® Logon users. The users can also be allowed to use several technologies:
- authentication technology, adapted for remote use;
- combination of authentication technologies (multi-factor authentication).
Operation of Indeed AM Windows® Logon
This section contains description of the main Indeed AM Windows® Logon operation scenarios:
- The first authenticator registration
- Access to system using an authenticator
- User authenticator caching
- Password changing by user
Installation
To install the Indeed-Id Windows® Logon component, run the IndeedID.WindowsLogon.msi installer and follow the Installation wizard instructions.
After the installation is complete, system has to be restarted. Click Yes to restart the system immediately or No, if you plan to do this later manual.
Information
Files for installation Indeed AM Windows Logon placed:indeed AM\Indeed AM Windows Logon\<version number>\
- IndeedID.WindowsLogon.msi - installation package for Indeed AM Windows Logon on 32 bit OS.
- IndeedID.WindowsLogon.x64.msi - installation package for Indeed AM Windows Logon on 64 bit OS.
Information
To deploy the Indeed AM Windows® Logon at user workstations in automatic mode, the group policy mechanism (Microsoft Group Policy) can be used. Or you can use any other tool that allows batch copying and installation of msi packages to user workstations (for example, Microsoft System Center Configuration Manager).
The methods of Indeed AM system component deployment in automatic mode are detailed in the Indeed AM. System Deployment manual.pdf.
Configuration
Configuration from regedit
- Open regedit Windows.
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\SrvLocator2.
- Change string parameter ServerUrlBase and set URL your Indeed Access Manager Server (example http(s)://dc.indeed-id.local/easerver/).
Configuration from GPO
Information
Group Policy Templates placed: indeed AM\Misc\GroupPolicyTemplates
Add policy IndeedID.ServerUrl.admx on workstantion, with installed indeed AM Windows Logon.
Open gpedit.msc and go to Конфигурация компьютера - Административные шаблоны - Indeed ID - ClientConnection - Настройки подключения к серверу. Включите политику.
