News
/
/
Two-Factor Authentication at the Windows Desktop – Offline

privacyIDEA Credential Provider

Two-Factor Authentication at the Windows Desktop – Offline

The new version 3.0 of the privacyIDEA Credential Provider is available now. It allows easy authentication with push notifications via smartphone and offline functionality with HOTP tokens like the Yubikey.

privacyIDEA Credential Provider Version 3.0 available

As of today the new version 3.0 of the privacyIDEA Credential Provider is available. The privacyIDEA Credential Provider allows users to securely log on to a Windows desktop or terminal server with a second factor. The user can use a smartphone app, a one-time password token, Yubikeys or Nitrokeys. Alternatively, the authentication backend sends the user an email or SMS with a one-time code for the login.

New in Version 3.0

The Credential Provider was completely revised in version 3.0 in C++. The new code structure now allows easier customization and faster release cycles.

In version 3.0 the following functions have been added:

Easy Push Authentication

Since version 3, the privacyIDEA backend supports authentication via push tokens, where the user only has to confirm the login by clicking on his smartphone. Now the push authentication is also seamlessly integrated in the credential provider for logging on to the Windows Desktop.

Realm-Mapping for complex scenarios

If users need to log on to multiple domains or multiple realms are managed in privacyIDEA, this is no longer a problem with the new credential provider. In the new version, the administrator can define a flexible mapping from Windows domains to privacyIDEA realms.

Offline: Failsafe and mobile users

The privacyIDEA Credential Provider now supports logon with HOTP tokens when the privacyIDEA server is not reachable. This is useful if the user wants to log on to his notebook with a smartphone HOTP token or with a Yubikey while on the road.

In order to be able to deal with network failures in critical scenarios, the administrator can now also define a privileged account with which the user can log on without authentication against privacyIDEA.

Download

The privacyIDEA Credential Provider is available for download for registered customers. Interested users can evaluate the software in an extensive test phase. Please contact us to obtain a demo version.

About the privacyIDEA Credential Provider

The Credential Provider is installed on Windows client or server systems. During logon, it asks the user for a second factor in addition to the Windows password.

The authentication is carried out against the privacyIDEA backend, in which the administrator manages all user tokens at a central location on Premises.

The administrator can completely customize the appearance of the privacyIDEA Credential Provider to the corporate design. Logos and texts can be adapted according to the corporate design.
The privacyIDEA Credential Provider integrates seamlessly into the existing Windows landscape. It supports Network Level Authentication (NLA), User Access Control (UAC) and Over-The-Shoulder (OTS). The password can be changed both during logon and while unlocking a session.
privacyIDEA Credential Provider is available as a signed MSI package. Companies can thus easily install the software on Windows 8, Windows 10, Server 2012, 2016 and 2019 via their preferred software distribution system.
By authenticating against the privacyIDEA backend, which is available under an open source license and is also operated in the company’s own network, companies not only have freedom of choice when it comes to using the second factors, but also have full control over the entire logon process at all times.