The AuthAnvil Two Factor Auth Windows Credential Provider offers companies the ability to add strong two-factor authentication to Microsoft’s Windows client and server operating systems. It provides a simple and consistent logon experience no matter if they logon at the local desktop or through a terminal session. And it offers identity assurance by requiring users to provide their AuthAnvil Two Factor Auth passcode during the logon process.
Note: This installation guide is only compatible with this installer.
The AuthAnvil Two Factor Auth Windows Credential Provider is available for the following platforms:
- Windows Server 2008, 2008 R2, 2012, 2012 Essentials, 2012 R2
- Small Business Server 2008, 2011
- Small Business Server Essentials 2011
- Essential Business Server 2008
- Vista, Windows 7 and Windows 8, Windows 8.1
- Windows 2008, 2008 R2 and 2012 Terminal Server
- Windows Server 2008 R2 Core
- Hyper-V Server 2008
Note: This agent does not support Windows 10.
The following software must be installed before the Windows Credential Provider can be installed.
Note: These must be installed manually on 64-bit machines before installing the Windows Credential Provider as there is no prerequisite checking available. Installing the Windows Credential Provider without the prerequisites installed will leave the machine unable to successfully log in, and require the Credential Provider to be removed using the Emergency Uninstall Procedure
- .NET Framework 2.0 or later (Not required for Server Core and Hyper-V)
- Microsoft Visual C++ 2008 Runtimes (MSVC++ 9.0)
- MSXML 6.0
Windows Logon Credential Provider – Sometimes called a cred provider. Provides strong authentication for Windows Vista, Windows 7, Windows Server 2008, Windows Server 2012 and Windows Server 2012 Essentials. This is available in the AAWinLogonCP.exe installation file.
The installers of these agents provide installation for both 32bit and 64bit CPU targets. You can download these agents from https://help.scorpionsoft.com/entries/88997577.
The following steps should be used to install the Windows Credential Provider:
- Download the appropriate agent from https://kaseya.zendesk.com/hc/en-gb/articles/360034788711
Once downloaded. Run the EXE installer.
Update the SAS URL to reflect your AuthAnvil FQDN. Your SAS URL will be your tenant URL/AuthAnvil/SAS.asmx Example https://acme.my.authanvil.com/AuthAnvil/SAS.asmx
Once you have the correct SAS URL select Next.
Set the Override Group and Override password.
Note: This Override Group will need to be manually created in Active Directory or locally for stand alone machines.
Note: Always set an override Password to prevent errors during installation and testing. This password can be changed later as well.
Select Next once the Override settings are set.
Select Install to complete the setup.
Once the user is logged out you should now see a Windows credential provider prompt including an AuthAnvil passcode prompt.
When the user logs into a Windows Desktop locally or remotely they will see the following.
The AuthAnvil Passcode consists of a Pin+OTP.
Note: Users will need to enter a four digit pin here as well as the One Time Password.
For the Pin your users will use Pin: 1234
The actual Pin requirement was a hold over from the old On-Prem configuration. On-Demand does not use the Pin, however it respects the value being submitted.
Note: Offline caching mode is currently not compatible with AuthAnvil On-Demand user accounts.