AuthAnvil Override Options

Most AuthAnvil agents support an override mechanism of some sort, with the procedure for adding a user varying depending on the agent.

Windows Logon Agent/Credential Provider

It is possible to assign a user to a Local or Active Directory Security Group which our agent will honor. If someone is a member of that group, they will not be required to enter their AuthAnvil passcode. They can leave that field blank.

During installation, the Active Directory Override Group is defined by the person running the installer (Default: AuthAnvilOverride). It is the responsibility of the Local or Domain administrator to create this Security Group and assign users as required by their corporate security policy if you wish to use this feature. After installation, the override group can be set using the AuthAnvil Logon Config control panel in the Windows control panel.

RWWGuard 2003

In the “AuthAnvil Settings”, click “Exception List”. The exception list is designed to override the default behavior of RWWGuard for certain users. If “Force OTP Auth” is enabled, everyone will have to provide an OTP Passcode except for those on the exception list.  If “Force OTP Auth” is NOT enabled, then only the users in the exception list are required to do so.

RWWGuard 2008/2011

RWWGuard is configured by using the RWWGuard configuration utility, located at Start > All Programs > Scorpion Software > RWWGuard > Configure RWWGuard.  In this utility, you can define the Active Directory Security Group Exception List that RWWGuard 2008/2011 uses to determine who is required to provide AuthAnvil credentials.  You can also define whether authentication is “Required only for users in the exception list”, or for users not in the exception list.

 

Kaseya Logon Agent

You will need to disable the 2FA logon requirement in the ksubscribers dbo.AA_Settings table. Change the value of TFALogonDisabled from 0 to 1.

 

Kaseya Addin

You will need to disable the 2FA logon requirement in the ksubscribers dbo.AA_Settings table. Change the value of TFALogonDisabled from 0 to 1.

 

LPI Logon Agent

In the AuthAnvil.config file in the C:\Program Files\Level Platforms\Service Center\SC\ directory, there are several whitelist settings defined:

  1. The UserWhitelist setting is a comma-separated list of usernames that needs to match the users’ LPI usernames.
  2. The IPWhitelist setting is a comma-separated list of IP subnets in CIDR format. ie: 192.168.1.0/24. This feature will only work if the computers are communicating with the LPI server via IPv4. It does not recognize IPv6 addresses.

The UsersWhitelistRequires2FA setting toggles the logon behavior between requiring all users to provide an AuthAnvil credential except those in the whitelist (False) and requiring only the users in the whitelist to provide an AuthAnvil credential (True).

 

RD Web Access Logon Agent

In the RD Web Access Login.aspx page located at C:\Windows\Web\RDWeb\Pages\en-US\login.aspx there are several whitelist settings defined:

  1. The UserWhitelist setting is a comma-separated list of usernames that needs to match the users’ LPI usernames.
  2. The IPWhitelist setting is a comma-separated list of IP subnets in CIDR format. ie: 192.168.1.0/24. This feature will only work if the computers are communicating with the LPI server via IPv4. It does not recognize IPv6 addresses.

The UsersWhitelistRequires2FA setting toggles the logon behavior between requiring all users to provide an AuthAnvil credential except those in the whitelist (False) and requiring only the users in the whitelist to provide an AuthAnvil credential (True).

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us