Login for Windows not showing proper MFA options

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  All

    Description:  

    While attempting to login to a Login for Windows device, MFA options are not properly showing.

    Cause:  

    Login for Windows defaults to offline mode.

    Resolution:  

    While using Cached Mode, the initial login for a Login for Windows device must be TOTP so that the Seed gets stored to the local device, which allows offline mode to work.

    If TOTP is not wanted during initial login, a configuration change must be made to the config.json file used to install Login for Windows. The key, store_seeds, must be set to false in the config file and then once updated, all options will be available upon initial login.

    Below is a properly configured configuration file if store_seeds is not wanted:

    {
      "multiple_user": true,
      "conf_version": 4,
      "adaptive_enabled": false,
      "idm_sspr_url": "",
      "idm_sspr_label": "Password Reset",
      "alternate_providers": [],
      "version": "v2",
      "platform": "windows",
      "type": "idp",
      "apis":[
      { "host": https://my-a.l4w.comp/SecureAuth2,
                 "id": "****",
                 "secret": "****"
       },
       { "host": https://my-b.l4w.comp/SecureAuth2,
                                                    "id": "****",
                                                    "secret": "*****"
       }],
      "access_level": 0,
      "group_bypass": ["MFA Bypass"],
      "store_seeds": false,
      "allow_self_signed": true
    }

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    1 out of 1 found this helpful

    Comments

    1 comment
    • Thanks Stephen for writing this article.

      0
      Comment actions Permalink

    Please sign in to leave a comment.