|

Multi-Factor Authentication for Windows Desktop Login

Contents

Overview

CyLock MFA for Windows desktop logon is a crucial security measure that adds a significant layer of protection against various threats, ensures compliance with regulations, and helps protect sensitive data. It is increasingly important in the modern computing landscape where remote work and cyber threats are prevalent.

Architecture Overview

CyLock MFA steps in as the essential solution, requiring users to validate their identity through multiple distinct methods, reinforcing the safeguarding of Windows desktop access. This added layer of security is not merely a choice but an absolute necessity, critical for countering the perils of password compromise, maintaining compliance with industry regulations, and, most importantly, securing sensitive data.

CyLock supports the following scenarios during logon to Windows desktop and server through CyLock Credential Provider a custom credential provider built for enabling MFA:

  • Local or domain login (Windows Desktop)
  • Logins for incoming Remote Desktop (RDP) connections
    • Deployment Architecture diagram for Desktop Login

    Figure 1: Deployment Architecture diagram for Desktop Login

Prerequisites

  1. Securing an application requires an active CyLock MFA account. (Refer “Getting Started: Guide to CyLock MFA”to start using CyLock MFA to protect your applications).
  2. Login to “CyLock MFA Portal”
  3. Navigate to Application menu in the left menu panel
  4. Click “Add Application” button to secure an application. Locate and select “SSL VPN” from the list of application names. Click “+Secure” button to configure CyLock MFA for SSL VPN. Enter the details as requested and click “Save” button. Before leaving the page copy Application Key and Application ID, which are required during during CyLock MFA Credential Provider component installation. See “Securing an Application” for more information about protecting applications in CyLock MFA.
  5. To install the CyLock Credentials Provider, ensure your Windows system patches are up to date.
  6. Download the CyLock MFA Credential Provider component from the URL https://downloads.cybernexa.com/downloads/CyLock-Desktop.exe .
  7. Follow the instructions in “CyLock MFA Credential Provider Installation”section to enable Multi-Factor Authentication (MFA) for Windows Desktop login
  8. Download CyLock MFA Mobile App from Android or iOS store.
  9. Register Windows Desktop user using CyLock MFA Mobile app.

CyLock MFA Credential Provider Installation

The CyLock MFA Credential Provider can be installed on a physical Windows Desktop. We recommend a system with at least 4 vCPU, 200 MB disk space, and 8 GB RAM. Windows Credential Provider supports the following operating systems:

  •  Windows 10
  •  If you set DENY:Windows 11

Configuring CyLock Credential Provider component

Download the CyLock MFA Credential Provider component. Refer Prerequisites section above. After downloading, copy/move the Credential Provider Component to the respective system.

  1. Run the CyLock-Desktop.exe file with administrator privileges. Executing the Credential Provider

    Figure 2 – Executing the Credential Provider

  2. Enter your recovery password. This password is used for the Fallback Logon when the CyLock Authentication Server is unreachable.

    Note:

    1. The recovery password cannot be changed after the installation
    2. If you are giving different recovery password for each system, ensure you note it down or manage them to have business continuity
      3. Entering Recovery Password

      Figure 3 – Entering Recovery Password

  3. Enter the Server URL as (https://authv2.cybernexa.com/api/v2/srv/). Refer Point #4 in Prerequisites section above to get the Authorization Key and Customer ID. Entering Server URL, API Key and IDSP Key

    Figure 4 – Entering Server URL, API Key and IDSP Key

  4. Select the "I accept the agreement" option, then click Next. Accepting License Agreement

    Figure 5 – Accepting License Agreement

  5. Click on Install Button. Clicking on Install

    Figure 6 - Clicking on Install

  6. The CyLock Credential Provider will now install in your Windows System. Installing CyLock Credential Provider

    Figure 7 - Installing CyLock Credential Provider

  7. After the installation is complete, click the Finish button to complete the process, then restart the system. Completing the Installation

    Figure 8 - Completing the Installation

Test the Set up

  1. Log in to your Windows machine. Windows Login Screen

    Figure 9 – Windows Login Screen

  2. Once the user credentials are verified, MFA will be triggered based on your preferred authentication mode. Click the 'Authenticate' button to receive a push notification request on your registered mobile device Preferred Authentication Screen

    Figure 10 – Preferred Authentication Screen

  3. For More Authentication Options Click on “Try Other Authentication”. Try Other Authentication Page

    Figure 11 – Try Other Authentication Page

  4. You will get the Push Notification request as shown in the below Figure 12. Received Push Notification in registered mobile

    Figure 12 – Push Notification Request

  5. Click on ‘Accept’ to gain the access for Desktop Login.

    Figure 13 – Accepting Push Request

  6. After the authentication is approved, you will be logged in. Windows Desktop Screen

    Figure 14 – Windows Desktop Screen