Enterprise Connect

Verify Windows Workstation Authentication functionality

Following installation, configuration, and deployment (on a test machine first), it is recommended to test the functionality of workstation authentication to verify that the Windows login process proceeds as expected.

Before beginning the verification process, make sure that the following prerequisites are met:

  • You can access the local machine with administrative permissions.

  • Users whose authentication will be tested are enrolled, enabled and allowed to log into the local machine.

  • Users to be tested have a smartphone with the ForgeRock Authenticator application installed.

  • User to be tested has been successfully enrolled to the relevant journey(s), such as push, TOTP (OATH or Offline OTP), or SMS/email/voice call, as defined as a prerequisite and in MSI Updater client configurations.

  • The ForgeRock Server URL (as defined in the MSI Updater client configurations) can be accessed from the test machine.

Test Windows login
See it in action
Verify Windows login. Login screen.
Figure 1. Example of a push login on Windows
  1. Access the Windows Login screen and select the authentication option.

  2. Enter the appropriate username and password.

  3. Select the relevant MFA method (Push, OTP or SMS).

    Then, provide the required MFA factor and verify successful login.

If Use Offline OTP was enabled during the MSI Updater client configuration, then post the first login (either using push, OTP email, or OTP SMS), an additional screen will appear to scan a QR code for an offline account to be created.

Offline QR code pop up post first login

Once scanned and the account is created in the ForgeRock Authenticator application, the end user must input the 6-digit code (as shown in the image above) and click Verify Code. For more information, refer to Offline OTP enrollment.

  1. Repeat steps 1-3 for each available MFA method assigned to the current user.

Windows Workstation Authentication installation/configuration checklist
  • Download and install the binaries from Backstage (you must be logged in). This includes the base MSI file as well as the MSI Updater client.

  • Pre-configure the relevant journey(s).

  • Install the MSI Updater client on an administrative Windows machine.

  • Configure the MSI Updater client specific to your organization’s needs.

  • (Optional) Consider additional configurations.

  • Deploy the generated MSI file through your desired mechanism.

  • Verify and test your deployment.

Copyright © 2010-2022 ForgeRock, all rights reserved.