Integrate hassle-free MFA for Windows login to stop password-based attacks. IT gets added security, and users get easy access to the apps and endpoints they need — with just their domain credentials. Always verify identities before allowing access to endpoints for increased identity assurance and reduced risk and exposure. miniOrange Credential Providers can be installed on Microsoft Windows client and server operating systems to add Two-Factor authentication to Remote Desktop and local windows logins.
miniOrange supports following Authentication Methods for 2FA-
miniOrange Credential Provider for Windows Login supports both client and server operating systems.
Servers (GUI and core installs):
miniOrange Credential Provider for Windows Logon also requires .NET Framework 4.5 or later. If the correct .NET version is not present on your system then Duo setup prompts you to install the .NET Framework.
miniOrange Credential Provider can also be installed via group policy software publishing and group policy administrative templates.
a) Create a new user manually from miniOrange admin portal matching windows logon username.
Here, fill the user details without the password and then click on the Create User button.
b) You can configure your AD connection in miniOrange admin portal and import your existing users from AD into miniOrange.
To test your setup, attempt to log in to your Windows PC as a user created in miniOrange matching your windows user. 2FA can be enabled in two ways-
1. Prompt for 2FA on the same page - Show the OTP textbox along with username and password on windows login screen. This way is preferable and more user friendly when you want to use only Google Authenticator, Soft Token (passcodes from miniOrange Authenticator App) or Hardware Tokens as your authentication methods for all users.
2. Prompt for 2FA Authentication Popup afterwards - Show the 2FA Method Selection Popup after submitting windows username and password on login screen.
Select the 2FA method of your choice and enter the one time passcode or accept the push notification on your mobile app. We also support Offline Access which allows users to login to windows when they are unable to contact miniorange cloud service by using miniOrange softtoken (Authenticator App).
The user initiates the login to Remote Desktop Service either through a Remote Desktop Client or via the RD Web login page from his browser, after which the RADIUS request is sent from the miniOrange RD Web component installed on the target machine to the miniOrange RADIUS server, which authenticates the user via Local AD, and after successful authentication, 2-factor authentication of the user is invoked. After the user validates himself, he is granted access to the Remote Desktop Service.
1. Install the RD Web module provided by us. Unzip the module anywhere on your pc. C:/ for example.
2. Take a backup copy of your C:/Windows/Web/RdWeb folder.
3. Then open the RD Web module provided by us. Execute install.bat file. Once it is installed.
4. Go to IIS Manager, Open Default Site -> Rd Web ->Pages.
5. Open application settings, Change Radius Server IP and secret of IDP. Once that is configured.
1. User goes to the RD Web login page from his browser, and enters his username/password and clicks on Submit.