Contents

Set Up the Logon App

The Logon app is used to require authentication when users log on to a computer or server. This includes protection for RDP and RD Gateway. At the logon screen, users must type their password and then choose one of the allowed methods of authentication (push notification, one-time password, or QR code).

There are two parts to the Logon app:

  • The application you install on a computer or server
  • The resource you configure in AuthPoint

Configure a resource for the Logon app in the AuthPoint management UI and then install the Logon app on each computer or server that you want to protect. When the Logon app is installed on a computer and an access policy is defined for the resource in AuthPoint, authentication is required to log on.

If your Logon app resource is removed, users can log on to their computers with just their password.

To authenticate and log on, all domain and local users must have an active AuthPoint user account with an access policy for the Logon app. Users that do not have an AuthPoint user account with an active token cannot authenticate and log on to a computer with the Logon app installed.

You can download the Logon app from the Downloads page in the AuthPoint management UI.

Do not install the Logon app on computers that run Windows 7 or older or on servers that run Windows 2008 R2 or older.

Requirements

When you set up and deploy the Logon app, be aware of these requirements:

  • All domain and local users must have an active AuthPoint user account and be part of an AuthPoint group with an access policy for the Logon app to authenticate and log on
  • The user name for local and domain users must be the same as their AuthPoint user name
  • To log on as a local user (not part of the domain), you must have an AuthPoint user with an active token
  • If your local user has the same user name as your domain user, you can use the same AuthPoint user to authenticate and log on to both accounts
  • If your local user name is different from your domain user name, you must have a separate AuthPoint user for each user account (one for the domain user and one for the local user)
  • When you install the Logon app, the computer must be connected to the Internet before you log on for the first time

Add a Logon App Resource

To start, you must add a resource for the Logon app. Once you have added a Logon app resource in AuthPoint, you must add an access policy for the Logon app to any user groups that must authenticate to log on to their computers.

You do not need a separate Logon app resource for each computer that the Logon app is installed on, regardless of the OS. One Logon app resource can be used to create access policies for every group.

  1. Select Resources.
  2. From the Choose a resource type drop-down list, select Logon App. Click Add Resource.

  1. On the Logon App page, in the Name text box, type a name for this resource.
  2. In the Support Message text box, type a message to display on the logon screen.
  3. Click Save.

  1. Add an access policy for the Logon app resource to one or more user groups (see Access Policies). We recommend that the access policy for the Logon app includes the QR code or OTP authentication options so users can authenticate when they are not connected to the Internet.

Download and Install the Logon App

When the Logon app is installed, authentication is required. Users can log on with domain or local user accounts, but all users must have an active AuthPoint user account with an access policy for the Logon app.

Users that do not have an AuthPoint user account with an access policy for the Logon app cannot authenticate and log on to a computer with the Logon app installed.

When you install the Logon app, the computer must be connected to the Internet before the user logs on for the first time. This is required so that the Logon app can communicate with AuthPoint to check the access policy. A copy of the access policy is stored locally on the computer. This local policy is used when a user authenticates offline, and it is updated when the computer has an Internet connection.

To download and install the Logon app:

  1. Select Downloads.
  2. In the Logon App section, next to your operating system, click Download Installer.
  3. Click Download Config to download the configuration file for the Logon app. You can use the same configuration file for every installation of the Logon app, regardless of the OS.

  1. On your computer, move the downloaded configuration file to the same directory as the Logon app installer (.msi file).
  2. Run the Logon app installer and install the Logon app.

Authentication with the Logon App

When the Logon app is installed, authentication is required to log on. At the logon screen, users must type their password and then choose one of the allowed methods of authentication. Which authentication methods are available is determined by the access policy of the Logon app for that user's AuthPoint group.

If your Logon app resource is removed, users can log on to their computers with just their password.

To log on to a computer with the Logon app installed:

  1. In the User name text box, type the user name for your domain user. To log on as a local user, type your user name as <hostname>\<username>.
  2. In the Password text box, type your Windows or Mac password. For Active Directory user accounts, type your AD password.
  3. Click Next.
    If MFA is required, you see the authentication screen If the access policy for your group only requires a password, you are logged in.
  4. If MFA is required, below Sign-in options, select an authentication option. Push is the default authentication option. If you select a different authentication option, that becomes the default authentication method.

    If your computer does not have an Internet connection and MFA is required, you must select the one-time password or QR code authentication options to authenticate offline.

  5. Press Enter or Return and authenticate.
    • Push — Approve the push notification that is sent to your phone
    • QR Code — Use the AuthPoint mobile app to scan the QR code, then type the verification code shown in the app
    • One-Time Password — Type the one-time password for your token

If you do not have your token, you must use the Forgot Token feature to log on to a computer with the Logon app installed. For more information, see Authentication Without Your Mobile Device.

See Also

About Resources

Access Policies

About Authentication

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search