MFA for Computer Logon


DualShield MFA for Computer Logon adds multi-factor authentication to Windows Logon, Mac Logon and Linux logon. It is the ideal on-premises multi-factor authentication system for business and government organisations who have deployed computers with a mix of operating systems.

DualShield MFA for Computer Logon helps customers ensure that computers (Windows PCs and servers, Mac and Linux workstations), and network resources (shared network drive) are accessible only by authorized users, whether working locally inside the corporate firewall or remotely via remote desktop. Once fully implemented and enforced, users will be authenticated with two factors in order to gain access to the protected computers and network resources.

DualShield MFA for Computer Logon can be easily integrated into the customer’s existing network infrastructure without the requirement of any modification. The entire process of installation and integration can be completed within just hours instead of days.

DualShield MFA supports direct integration with the Active Directory server. It does not require change to the AD database schema, does not require import from the database and does not require synchronization. Changes made to the Active Directory are immediately effective in DualShield in real time.

DualShield MFA for Computer Logon provides multi-factor authentication even when the computer is offline (disconnected from the corporate network or even disconnected from the Internet). The offline logon feature allows users to logon into their computers using their domain profiles and cached credentials when the computer is offline, with multi-factor authentication, providing both convenience and security.

The unique Offsite Logon (or Logon Anywhere) feature provided by DualShield MFA enables users to be online authenticated with multi-factor authentication when their computers are disconnected from their corporate networks (but connected with the Internet). Basically, users can login to their computers with multi-factor authentication anywhere as long as they have an Internet connection.

When a user attempts to unlock the Windows screen, DualShield MFA for Windows will prompt and ask the user to authenticate with MFA, if the Screen Unlock Protection is enabled.

When a user attempts to elevate their access privileges, such as to run an application as administrator, DualShield MFA for Windows will prompt and ask the user to authenticate with MFA, if the UAC Elevation Protection is enabled.

When a user attempts to access a shared network drive, DualShield MFA for Windows will prompt and ask the user to authenticate with MFA, if the Network Drive Protection is enabled.

DualShield MFA for Computer Logon supports all authentication methods that are supported by the DualShield MFA platform. These include:

  • On-Demand Password
    (code by sms, email and call)
  • One-Time Password
    (hardware token & software app)
  • Out-of-Band Authentication
    (mobile push authentication)
  • Security Questions
  • FIDO USB Key
  • Grid Card
  • Access Card (Proximity Card)
  • Smart Card
  • Keystroke Dynamics
  • Fingerprint Recognition
  • Face Recognition
  • Voice Recognition

DualShield MFA provides a set of authentication and access control policies that enable granular administrative access control down to a user, machine, group or unit. For instance, in a circumstance where a user or machine needs to be exempted from two-factor authentication, the network administrator can put the user or machine in the exception list.

DualShield MFA for Computer Logon supports the concurrent use of both AD password authentication and a strong 2nd-factor authentication for different users within the domain. The requirement for multi-factor authentication is controlled by a set of polices which can be applied to users, AD groups and OUs. This enables a staged, non-interruptive migration of users to strong authentication when convenient & appropriate.

Supported OS

  • Windows :: Windows 10/11, Windows 2012/2016/2019/2022
  • MacOS :: Big Sur, Monterey
  • Linux :: Ubunto, Fedora, CentOS, Redhat