Hello there!

Need Help? We are right here!

support
miniOrange Support

Thanks for your inquiry.
One of our representatives will get in touch with you shortly via email.

miniOrange Authentication for Windows Logon and RDP

Logon to Windows and RDP using miniOrange Credential Providers.

​2 Factor Authentication ​for Windows Login and RDP Access

​Integrate hassle-free MFA for Windows login to stop password-based attacks. IT gets added security, and users get easy access to the apps and endpoints they need — with just their domain credentials. Always verify identities before allowing access to endpoints for increased identity assurance and reduced risk and exposure. miniOrange Credential Providers can be installed on Microsoft Windows client and server operating systems to add Two-Factor authentication to Remote Desktop and local windows logins.

miniOrange supports following Authentication Methods for 2FA-

  1. miniOrange Push (miniOrange Authenticator App)
  2. miniOrange Soft Token (miniOrange Authenticator App)
  3. Google Authenticator
  4. OTP Over SMS/EMAIL
  5. Hardware Token

System Requirements

miniOrange Credential Provider for Windows Login supports both client and server operating systems.

miniOrange Credential Provider for Windows Logon also requires .NET Framework 4.5 or later. If the correct .NET version is not present on your system then Duo setup prompts you to install the .NET Framework.

miniOrange Credential Provider can also be installed via group policy software publishing and group policy administrative templates.


miniOrange MFA Credential Provider for Windows Login

  1. Sign up for a miniOrange account.
  2. Log in to the miniOrange Admin Portal and navigate to Apps->Manage Apps->MFA.
  3. Search for Windows and you can find an app named Microsoft Windows.
  4. Select the app and you can find the download link to install the windows credential provider and link to setup instructions.
  5. Download the miniOrange Credential Provider for Windows Logon installer package.
  6. Once downloaded, double click on the .msi package to start the installation of the the software on your windows server with administrative privileges.

  7. mo-windows-cred-provider-installer

    Enroll a User

  8. Now, You should have a user created and activated in miniorange that matches your windows logon username. User can be added in miniOrange in two ways-

    a) Create a new user manually from miniOrange admin portal matching windows logon username.

    add user for windows login

    Here, fill the user details without the password and then click on the Create User button.


    add user details for window login

    b) You can configure your AD connection in miniOrange admin portal and import your existing users from AD into miniOrange.


    Add AD Connection

  9. Test Your Setup

    To test your setup, attempt to log in to your Windows PC as a user created in miniOrange matching your windows user. 2FA can be enabled in two ways-

    1. Prompt for 2FA on the same page - Show the OTP textbox along with username and password on windows login screen. This way is preferable and more user friendly when you want to use only Google Authenticator, Soft Token (passcodes from miniOrange Authenticator App) or Hardware Tokens as your authentication methods for all users.


    windows-2fa-login

    2. Prompt for 2FA Authentication Popup afterwards - Show the 2FA Method Selection Popup after submitting windows username and password on login screen.


    windows-2fa-login-popup

    Select the 2FA method of your choice and enter the one time passcode or accept the push notification on your mobile app. We also support Offline Access which allows users to login to windows when they are unable to contact miniorange cloud service by using miniOrange softtoken (Authenticator App).


    windows-login-accept-push
    windows-login-accept-push



    miniOrange MFA Credential Provider for Remote Desktop Service

    ​The user initiates the login to Remote Desktop Service either through a Remote Desktop Client or via the RD Web login page from his browser, after which the RADIUS request is sent from the miniOrange RD Web component installed on the target machine to the miniOrange RADIUS server, which authenticates the user via Local AD, and after successful authentication, 2-factor authentication of the user is invoked. After the user validates himself, he is granted access to the Remote Desktop Service.


    A user can try to connect to RDS (Remote Desktop Services) via 2 ways :

    1. RDC - Remote Desktop Client: If the RemoteApp is launched through a Remote Desktop client application, the users validate their 2-factor authentication while they enter the username and password to get access to the resources. ( as this method doesn't support access-challenge response, only out of band authentication methods are supported ).
    2. RD Web Access - RD login page via browser: If the desktop or RemoteApp is launched through a RD Web Login page, the initial user authentication is done from the machine's AD, after which miniOrange challenges the user for 2-factor authentication via a RADIUS challenge request. After the users correctly authenticate themselves, they get connected to their resources.

    2FA for RDS via RD Web

    How it works


    1. In this case, the user goes to RD Web login page from his browser to connect to the Remote Desktop Service.He enters his username and password, and on submission, the RADIUS request from RD Web component installed on target machine is sent to the miniOrange RADIUS server which authenticates the user via local AD in the target machine.
    2. Once authenticated, it sends a RADIUS challenge to RD Web, and the RD Web shows OTP screen on browser now. Once the user enters the One Time Passcode, the miniorange IdP verifies it and grants/denies access to the RDS.
    3. With this, after the user is connected to the Remote Desktop Service, the user can also gain access to published remote app icons on his browser screen, since the session has already been created for the user.

    demonstration user flow


    Steps to configure 2FA for RD Web


    1. Install the RD Web module provided by us. Unzip the module anywhere on your pc. C:/ for example.

    2. Take a backup copy of your C:/Windows/Web/RdWeb folder.

    3. Then open the RD Web module provided by us. Execute install.bat file. Once it is installed.

    4. Go to IIS Manager, Open Default Site -> Rd Web ->Pages.

    5. Open application settings, Change Radius Server IP and secret of IDP. Once that is configured.


    Demonstration of user flow


    1. User goes to the RD Web login page from his browser, and enters his username/password and clicks on Submit.



We offer Security Solutions of Single Sign-On, Two Factor Authentication, Fraud Prevention and much more.

Please call us at +1978 658 9387 (US), +91 77966 99612 (India) or email us at info@xecurify.com