Cybersecurity
DevOps Cloud
IT Operations Cloud
This document provides information on how to configure Advanced Authentication for workstations that are not domain joined (e.g. meeting room laptops etc).
The solution allows (domain) users to login using 2-Factor authentication instead of login with the local account.
To configure you’ll have to perform the following configuration tasks:
Instead of specifying the discovery.host you may configure your DNS to discover the AAF server using the steps mentioned in the documentation:
https://www.netiq.com/documentation/advanced-authentication-61/windows-client-installation-guide/data/t484px11yu43.html#how_to_set_dns_for_server_discovery
In a non-DNS mode, it is recommended to disable the local accounts. For more information, see documentation:
https://www.netiq.com/documentation/advanced-authentication-61/windows-client-installation-guide/data/t47magk1zjg3.html#b1mmuyk7
Login with a domain user e.g. mydomain\bob
After the authentication you need to map the domain user account to the local account, this is done by login with the local account.
This step needs to be done for every domain user once, after that the users can login with their LDAP credentials and second factor (in this case Smartphone).