Enterprise Connect


Before beginning the installation you must:

  • Have administrative privileges on the target Windows machine.

  • Obtain the Windows Workstation Authentication installation file from Backstage.

    You must have a Backstage account and be logged in to view the download.

  • Create a service account user for the Windows RADIUS proxy to run as. The minimum account privileges this user needs are:

    • Enable Log on as a service. For more information, refer to Microsoft’s documentation.

    • Write permission to C:\windows\system32 to have access to create the logs folder.

    • Write permission to C:\Windows\System32\logs folder.

  • Pre-configure journeys and services, as described in Create authentication journey(s).

  • Ensure all usernames (profiles/accounts) match from Windows (or the authoritative source) > ForgeRock and vice versa.

    • Set up a connector from ForgeRock to the datastore (for example, AD) and sync the data.

  • For push and Offline OTP (TOTP/OATH)authenticator methods, users pre-register in the appropriate journeys.

    It is crucial for users to pre-register; otherwise, these MFA methods will not work through the RADIUS proxy.

    Your RADIUS client must support the exchange of the TOTPs from ForgeRock journey > RADIUS proxy > RADIUS client and vice versa for the Offline OTP method to work. This includes handling challenge-response flows. If your client cannot handle the calls, use the push method instead.

  • Users install the ForgeRock Authenticator application to their smartphone via the Apple store or Google Play store.

  • For high availability/disaster recovery, it is recommended to deploy the necessary amount of Windows Workstation Authentication behind load balancers. Additionally, only one instance per machine is allowed.

Supported environments

Windows Workstation Authentication can only be installed on the following operating systems:

  • Windows 10

  • Windows 11

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

Windows 8.1 and Windows Server 2012 are not supported.

Copyright © 2010-2024 ForgeRock, all rights reserved.