Version Affected: All
Description:
While attempting to login to a Login for Windows device, MFA options are not properly showing.
Cause:
Login for Windows defaults to offline mode.
Resolution:
While using Cached Mode, the initial login for a Login for Windows device must be TOTP so that the Seed gets stored to the local device, which allows offline mode to work.
If TOTP is not wanted during initial login, a configuration change must be made to the config.json file used to install Login for Windows. The key, store_seeds, must be set to false in the config file and then once updated, all options will be available upon initial login.
Below is a properly configured configuration file if store_seeds is not wanted:
{
"multiple_user": true,
"conf_version": 4,
"adaptive_enabled": false,
"idm_sspr_url": "",
"idm_sspr_label": "Password Reset",
"alternate_providers": [],
"version": "v2",
"platform": "windows",
"type": "idp",
"apis":[
{ "host": https://my-a.l4w.comp/SecureAuth2,
"id": "****",
"secret": "****"
},
{ "host": https://my-b.l4w.comp/SecureAuth2,
"id": "****",
"secret": "*****"
}],
"access_level": 0,
"group_bypass": ["MFA Bypass"],
"store_seeds": false,
"allow_self_signed": true
}
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Thanks Stephen for writing this article.
Please sign in to leave a comment.