Need Help? We are right here!
With the pace of password-based security breaches, simply using usernames and passwords to secure a Windows login is no longer an option.That’s why it has become necessary to add an additional layer of two-factor authentication security to filter out unauthorised users.
miniOrange's Windows Two-Factor Authentication solution for windows logon prevents these sorts of Password-Based breaches and adds an additional layer of security to your Microsoft Windows account login.
Enabling Windows 2FA / MFA always verifies identities before allowing access, making it more difficult for unauthorized users to gain access to your Microsoft Windows account. miniOrange Credential Provider can be installed on Microsoft Windows Client and Server operating systems to enable the Two-Factor Authentication to Remote Desktop (RDP) and local Windows Login.
Windows 2FA solution is also responsible for your User Management with a Microsoft Active Directory or an LDAP directory. With this 2FA / MFA solution, users will get easy access to the endpoints they need to access by increasing identity assurance and reducing the risk and exposure. You can also enable offline access accordingly for secure authentication. miniOrange's advanced MFA solution organizations are able to get secure access to all work applications, for all their users, from anywhere, with any device they choose.
miniOrange 2FA Credential Provider for Windows Logon and Remote Desktop (RDP) access supports following Multi-Factor Authentication (MFA) Methods:-
|miniOrange Authenticator||Soft Token|
|miniOrange Push Notification|
|Mobile Token||Google Authenticator|
|SMS||OTP Over SMS|
|SMS with Link|
|OTP Over Email|
|Email with Link|
|Call Verification||OTP Over Call|
|Hardware Token||Yubikey Hardware Token|
|Display Hardware Token|
miniOrange Credential Provider for Windows Logon and RDP Access supports both client and server operating systems.
Supported Microsoft Windows Client versions:
Supported Windows Server versions(GUI and core installs):
miniOrange Two-Factor Authentication (2FA/MFA) Credential Provider for Windows Logon also requires .NET Framework 4.5 or later. If the correct .NET version is not present on your system then miniOrange Credential Provider setup prompts you to install the .NET Framework.
miniOrange 2-Factor Authentication (2FA/MFA) Credential Provider can also be installed via group policy software publishing and Group policy administrative templates.
miniOrange offers free help through a consultation call with our System Engineers to Install or Setup Two-Factor Authentication (2FA) for Windows Logon and RDP solution in your environment with 30 days trial.
For this, you need to just send us an email at firstname.lastname@example.org to book a slot and we'll help you setting it up in no time.
In this step, we are going to setup your 2FA preferences, such as:
We’ll do a simple test to see how 2FA prompt will show up on your logon screen and to check if everything was configured correctly.
The Username you are entering must exist and must have the same Username in the Windows and in the users list of your miniOrange account. Don’t pass the domain name while adding username in the command.
Group Policy provides centralized management and configuration of operating systems, applications, and users settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO).
Network administrators have one place where they can configure a variety of Windows settings for every computer on the network.
We are using GPO to simplify the installation of credential provider software and propagating windows registry settings of this software in one go for each computer joined to the domain.
Follow the steps to Setup miniOrange Multi-Factor Authentication (2FA/MFA) Credential Provider Group Policy:
miniOrange provides user authentication from various external sources, which can be Directories (like ADFS, Microsoft Active Directory, Azure AD, OpenLDAP, Google, AWS Cognito etc), Identity Providers (like Okta, Shibboleth, Ping, OneLogin, KeyCloak), Databases (like MySQL, Maria DB, PostgreSQL) and many more. You can configure your existing directory/user store or add users in miniOrange.
1. Create User in miniOrange
2. Bulk Upload Users in miniOrange via Uploading CSV File.
Here's the list of the attributes and what it does when we enable it. You can enable/disable accordingly.
|Activate LDAP||All user authentications will be done with LDAP credentials if you Activate it|
|Sync users in miniOrange||Users will be created in miniOrange after authentication with LDAP|
|Fallback Authentication||If LDAP credentials fail then user will be authenticated through miniOrange|
|Allow users to change password||This allows your users to change their password. It updates the new credentials in your LDAP server|
|Enable administrator login||On enabling this, your miniOrange Administrator login authenticates using your LDAP server|
|Show IdP to users||If you enable this option, this IdP will be visible to users|
|Send Configured Attributes||If you enable this option, then only the attributes configured below will be sent in attributes at the time of login|
Refer our guide to setup LDAPS on windows server.
miniOrange integrates with various external user sources such as directories, identity providers, and etc.
The user initiates the login to Remote Desktop Service (RDS) either through a Remote Desktop Client or via the RD Web login page from his browser, after which the RADIUS request is sent from the miniOrange RD Web component installed on the target machine to the miniOrange RADIUS server, which authenticates the user via Local AD, and after successful authentication, 2-factor authentication of the user is invoked. After the user validates himself, he is granted access to the Remote Desktop Service (RDP).
Additional Resources :
Our Other Identity & Access Management Products