We continue to improve Rohos Logon Key towards intelligent Multi-Factor Authentication decision framework. With new Rohos Logon Key 4.6 you can use multiple kind of authentication methods and devices in parallel. Now you can introduce a new MFA authentication procedure on-the-fly without stopping using the current old one. Starting a pilot with a new authentication device was never such easy as now with Rohos Logon.
What’s new in Rohos Logon Key v.4.6:
- Allows to set up and login by using different type of Authentication methods. This allows to combine 2FA devices and use a particular available device depending on use case: at home, work or remote desktop access.
- Improved MFA control for “Remote Desktop users from AD user group” rule.
- Fixed FIDO U2F implementation for long usernames and long KeyHandle length (used in EsecuFIDO Thetis FIDO U2F BLE )
- Improved “Smartphone” MFA method (MFA Push token) to login into workstations joined to Active Directory.
- Added experimental support of 3rd party OTP verification services: added LinOTP verification protocol support.
- Improved password renewal support for AD networks.
Rohos Management Tools v4.5 update:
How to add a set of Authentication Methods in Rohos Remote Config tool.
In order to use a list of available MFA methods you just need to check them in a dialog and click “Save”. After that Rohos Logon Key on workstations allows to use any of listed type of devices\method to be used for logon.
About LinOTP support
How to integrate Rohos Logon with LinOTP server for Windows Logon:
Install Rohos Logon Key and choose “Google Auth” MFA method. Choose MFA control as “for user group in Active Directory”. Create a user group named ‘rohos’ and add some users into it.
1. On a workstation Create a registry value with your LinOTP url:
URL = https://192.168.1.50/validate/check?pass=%pass%&user=%user%
2. Open Rohos > Setup OTP and setup any user with “Google Auth TOTP”. Click Setup OTP button.
(this setup needed just for test)
3. Open Rohos Logon > Setup OTP > OTP Settings.
Click on that user, enter OTP from your OTP generator. Click “test OTP” and LinOTP URL will be called with your OTP and username.
Rohos will display a message box with Verification Status.
If this test will work OK, then you can continue to setup on AD user group. In case of any issues, please send us troubleshooting logs.
(Rohos Logon > Options > More… > open troubleshooting logs)
About Rohos Logon Key software
Rohos Logon Key adds strong two-factor authentication control for Windows login. Rohos allows implementing multi-factor authentication decision solution, where you can combine different authentication devices: password, PIN code, regular USB stick, Smartphone or strong authentication devices like U2F key, YubiKey, Google Authenticator one-time password codes, SafeNet iKey tokens or RFID cards. With Rohos you can protect standalone computers , Active Directory workstations and Terminal Servers as well.