- Knowledge Base
- Windows Logon Manager (WLM)
-
General Support
-
Technical Guides
-
SurePassID Authentication Server
-
Authenticators ("Tokens")
-
Windows Logon Manager (WLM)
-
ADFS Adapter
-
SAML2 IdP
-
LDAP
-
Self Service Portal (SSP)
-
LDAP Gateway
-
FIDO2/WebAuthn
-
License Management
-
Third Party Integrations
-
Twilio
-
Announcements and Alerts
-
Office 365
-
SurePassID Authentication Server VLE
-
SurePassID VLE
-
WLM Session Manager
-
RADIS
-
RADIUS
Which token does Windows Logon Manager cache for offline OTP authentication?
Offline authentication set-up
Windows Logon Manager will only cache the OTPs from the first enabled event-based token assigned to the user. If that token is not currently used by the user (not provisioned on the mobile authenticator app and does not have a hard token) then the WLM will not cache OTPs for a token the user does not have, and offline authentication will fail.
To correct this situation, make sure the user has only one enabled event-based token assigned to their account.
Best Practices:
- Event-based tokens (OATH HOTP) should only be used for offline authentication.
- Time-based tokens (OATH TOTP) should be used for authenticating in all other systems.