What do my End-Users need to know?

Passly supports several different types of access and endpoints. This guide will reference the possible areas of concern. 

Enrollment in Passly 

All users will receive an email from the system once they are added by an Administrator.

  • Authenticator setup. All users will need to install the Passly authenticator app or program a Yubikey to use the system. Your users just need to click on the mountains and follow the on-screen directions. 
    Download the agent here
    The Yubikey Programmer is available here
    Note: Yubikeys do not support PUSH. 
    Note: Yubikeys can be purchased directly from Yubico via their site.

  • How do you send the enrolment email? Please check out this article for more information. 
  • Missing enrollment email? Check this article if the user did not receive their email.

Once the users are enrolled and in active status they are able to use endpoints. 

Authentication Endpoints

Passly Administrators can configure several different authentication endpoints. Here are the most common used endpoints. 

Windows logins - Once the agent is deployed to the end-users machine they can expect the following. 

  1. User will initiate login via RDP etc... or direct machine login. 
  2. User will enter their Windows Username/Password. 
  3. Agent will then prompt for 2FA IF the user is required to use 2FA. All users are required to use 2FA unless they are manually added to the PasslyOverride Group. 

RADIUS connections - When you configure a VPN to use Passly via RADIUS the users should expect the following. 

  1. Users will connect the VPN the same way post installation that they use today.
  2. Users will use their Passly username / password when prompted.
  3. Users will be prompted for 2FA based on the policy assigned to the agent. Users simply approve PUSH to complete the connection request.

Legacy SAS URL Connections 

These are endpoints that were created under the legacy AuthAnvil brand. This is used in the following endpoints.

  • Kaseya VSA r9.x.
  • Autotask.
  • Continuum.
  • Naverisk.
  • NCentral.
  • Connectwise Manage. 

Users will be prompted by the endpoint to enter their endpoint username/password. Users will then see a new prompt "AuthAnvil Passcode". Users can enter the following.

  • Passly Password. Users will then get prompted to accept a PUSH notification on their mobile device. 
  • Enter a one-time passcode in the prompt. Users can open their Authenticator app and tap their username. This will review an 8 digit one-time passcode. 

Other Authentication endpoints. 

In general if users are accessing an Authentication endpoint they should expect the following. 

  • Required to enter username. 
  • Required to enter password. 
  • Required to use 2FAS (PUSH/Passcode).

Note: 2FA enforcement is governed by the Authentication policy assigned to the endpoint. 

Single Sign On Endpoints

Passly administrators can configure SAML applications by following the guides located here

In general if users are accessing a SAML endpoint they should expect the following. 

  • Required to enter username. 
  • Required to enter password. 
  • Required to use 2FAS (PUSH/Passcode).

Apps will be available via the Launchpad when logged in to the tenant or via The SSO Browser extension. 
Some applications will allow for direct Passly logins. These are typically SP-Init Redirects or WF-Federated Apps. 

Password Manager

Password Record access

  • Passly administrators can give access to their end users to access Password records stored in the Password Manager Vaults.
  • Users will access those passwords from the My Passwords tab either while logged into the Passly tenant or via the Browser Extension.
    To install the extension please see this section

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section