Desktop Multi-Factor Authentication (MFA)

Christopher Dakin

Introduction

From LogonBox version 2.3, Desktop MFA is now possible with the Desktop Credentials Provider.

This article will guide you through the setup.

 

Install feature (not required on public cloud).

Desktop MFA requires the Windows Desktop feature to be installed.

If this is not installed, navigate to Updates, Features & Licensing->Authentication and download the Windows Desktop feature.

 

Accept the prompt and restart the LogonBox service once downloaded with the power icon at bottom right.

 

Install Desktop Credentials Provider

Now install the Desktop Credentials Provider and configure it to point to your LogonBox server.

Details on the install can be found here.

 

Configure Authentication Flow

After the feature has been installed, navigate to Authentication Flows. You should now see a Windows Login flow.

Edit this flow and add in authentication modules of your choice, then Save the changes.

 

All that remains now is to test the MFA on a Windows Login

 

Testing MFA log in to Windows

If the Desktop Credentials Provider is working, then on the Login or Lock screens you should see 2 new links underneath the password:

Reset Password

Unlock Account

These can be used as part of the usecase as detailed in the Desktop Credentials Provider document.

 

Just log into your system as usual. If the username is synchronized on your LogonBox server you should then be prompted for your MFA.

If this if your first time logging on to LogonBox, you will also be asked for any missing information in order to complete your profile, such as this request to validate your mobile number.

 

Now we have our MFA prompt, which in this case was an OTP sent via SMS.

Enter the code and click Next.

 

You should now be logged on.