Windows Logon Manager (WLM)
      Back to home
      1. Knowledge Base
      2. Windows Logon Manager (WLM)

      Basic Windows Authentication Process with WLM

      A general description of the operation of our WLM on Windows

      Our Multi-Factor Authentication (MFA) solution integrates seamlessly with Windows systems by adding our custom Windows Login Manager (WLM) to Windows targets. To enforce security, we apply a credential provider filter that hides other login options on the Windows login screen. This ensures that users authenticate through our secure WLM interface. 

      How It Works:

      When a user attempts to log in to a Windows machine, our WLM displays fields for entering their username and password, with an optional field for a passcode (One-Time Password or OTP). Upon entering their credentials and pressing "Enter" or clicking the arrow next to the passcode field (if shown), the user may be prompted to authenticate using any of the supported MFA methods.

      Supported MFA Methods:

      • Passcode-Based Methods:
        • One-Time Password (OTP): Enter a passcode generated by an authenticator app.
        • SMS OTP: Receive a one-time password via SMS.
        • Email OTP: Receive a one-time password via email.
      • Approval-Based Methods:
        • Push Authentication: Approve or deny the login request via a push notification sent to our mobile app.
        • SMS Prompt: Respond to an SMS prompt to approve or deny the login request.
        • IVR Prompt: Receive a call with an option to approve or deny the login request.
      • Security Key:
        • FIDO2 Security Key: Use a FIDO2-compatible hardware security key for authentication (not supported in RDP sessions).
      • Interactive Voice Response (IVR) for OTP:
        • IVR OTP: Receive a call to obtain an OTP for login.

       

      Remote Desktop Protocol (RDP) Compatibility:

      All MFA methods listed above, except for the FIDO2 security key, are compatible with Remote Desktop Protocol (RDP) sessions. When MFA enforcement is active on an RDP target, users will be presented with our WLM interface, requiring them to authenticate using one of the supported MFA methods. This enforcement is effective even if Network Level Authentication (NLA) is enabled, which typically pre-passes user credentials to the target system.

      Our MFA solution provides robust security by ensuring all users authenticate through a secure process, reducing the risk of unauthorized access and enhancing overall system security.