- Created by Vladislav Fomichev on Mar 27, 2020
Indeed AM RDP Windows Logon module makes it possible to implement two-factor authentication with Indeed AM technology when connecting via RDP or Remote App. Master password (Passcode provider), one-time password, generated by mobile application (Software OTP provider) or the one sent via SMS or email can be used as the second factor.
Files of Indeed RDP Windows Logon reside in: indeed AM\Indeed RDP Windows Logon\<Version number>\
- Indeed.AM.RDPWindowsLogon-x64.msi is the installation package of Indeed RDP Windows Logon for 64-bit operating systems.
- Indeed.AM.RDPWindowsLogon-x86.msi is the installation package of Indeed RDP Windows Logon for 32-bit operating systems.
Installation and configuration of RDP Windows Logon.
- Install Indeed RDP Windows Logon by running the installer corresponding to your system bitness.
- Run Windows registry editor.
- Create Indeed-ID key with nested RemoteAuth key in HKEY_LOCAL_MACHINE\SOFTWARE\ section.
- Create the following in the RemoteAuth key:
ProviderId string parameter and set it to the value of the provider used.
id parameter of ProviderId have different provider ID
{EBB6F3FA-A400-45F4-853A-D517D89AC2A3} - SMS OTP
{093F612B-727E-44E7-9C95-095F07CBB94B} - EMAIL OTP
{F696F05D-5466-42b4-BF52-21BEE1CB9529} - Passcode
{0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0} - Software OTP
{AD3FBA95-AE99-4773-93A3-6530A29C7556} - HOTP Provider
{CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05} - TOTP Provider
{DEEF0CB8-AD2F-4B89-964A-B6C7ECA80C68} - AirKey Provider
- Create LSEventCacheDirectory string parameter. Specify the path to local cache storage folder as the value.
- Modify the following parameters in HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\AuthProxy section:
- ServerUrlBase parameter. This parameter defines the URL of your Indeed server.
IsIgnoreCertErrors parameter with the value of 0 or 1.
This parameter is intended to verify the Indeed server certificate. Value of 1 means that certificate errors are ignored.
- AppId parameter with the value of RDP Windows Logon.
- To configure selection of authentication provider at user side, proceed as follows:
- Create DWORD parameter named IsAuthSelectionEnabled in the HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\RemoteAuth section of Windows registry.
- Set the value of IsAuthSelectionEnabled parameter to 1. If the parameter is not defined or its value is equal to 0, then selection of authentication provider would not be possible. In this case, the provider defined by ProviderId parameter is used, or Indeed AM Passcode Provider, if ProviderId is not defined. If IsAuthSelectionEnabled=1 and ProviderId parameter is specified, then this provider is selected upon the user connection, but the latter can select any other one from the list of supported providers.
- Authentication of users without license for Indeed AM.
By default, Indeed AM RDP Windows Logon works with users who have licenses for AM RDP Windows Logon. To enable authentication for users without license for
RDP Windows Logon, proceed as follows:
- Run Windows registry editor.
- Create DWORD parameter named AllowNonEAUsers in the HKEY_LOCAL_MACHINE\SOFTWARE\Indeed-ID\RemoteAuth section of Windows registry.
- If AllowNonEAUsers = 1, then the users with no RDP WL license can authenticate with domain password (Indeed technology is not used).
- If AllowNonEAUsers parameter value is 0 or not defined, then authentication is performed only for users with RDP WL license. Authentication of users with no license is not possible in this case.
Example of extension operation.
- Connect to a PC with WL RDP installed.
- Specify the username and domain password, then click "Ок".
- Enter one-time password.
- No labels