IS Decisions logo

Enterprise Distributor Easily Scales MFA Protection for Active Directory, Even for Offline Access

  • Wholesale Distribution Group
  • Distribution
  • France
Enterprise Distributor Easily Scales MFA Protection for Active Directory, Even for Offline Access

Our client is a leading distributor of fresh produce in France.

"UserLock was easy for IT admins to install and configure. And users easily completed the MFA self-enrollment process."

IT Manager

The Challenge

Maintaining constant MFA access security for offline and RDP connections

After an internal audit, our client’s IT manager, and his team identified the need for a multi-factor authentication (MFA) solution. They wanted to implement Active Directory MFA as an extra security layer to protect user access for on-premise AD identities across multiple sites.

Our client operates across several locations in France, with over 2,000 employees nationwide. While most employees are on-site, many are frequently mobile and work remotely.

The IT manager wanted to protect remote access to the organization's networks by applying MFA to secure RDP connections. He also knew that employees often require access to company resources when they’re on the road or in a place that doesn’t have a reliable internet connection, so the MFA solution needed to maintain all access restrictions, even when employees logged on without an internet connection.

"We wanted to protect our networks 24/7. And an MFA solution that worked without an internet connection was a key requirement."

IT Manager

The Solution

Scaling easy-to-use MFA across many admin and user groups

Most MFA solutions don't maintain MFA on logins without an internet connection, or at least not without asking users or admins to set and maintain special settings. Others require changes to the existing AD infrastructure. Our client’s IT manager and his team quickly saw that UserLock was one of the few solutions that fit their requirements.

They liked that UserLock's offline MFA maintains access controls without an internet connection. The solution also doesn’t require any changes to AD schema.

After a short free trial, our client implemented UserLock site-by-site, starting with admin accounts and moving to less-privileged accounts group-by-group.

"The support team resolved our questions quickly and helpfully during the trial period. Knowing that support would listen to and work to resolve our issues quickly gave us confidence moving forward."

IT Manager

The Result

Secure MFA for on-site, remote, and offline connections across multiple sites

UserLock’s MFA now provides peace of mind and 24/7 access security for our client’s networks across multiple sites.

The IT team found UserLock’s MFA setup to be straightforward, and they used the self-enrollment process.

"We sent employees an email beforehand with instructions on how to set up MFA. The self-enrollment process was easy."

IT Manager

After testing a few security keys, they opted to use the Google Authenticator app. Each site manager helped their users configure MFA, allowing users to skip configuration for 10 days while they completed onboarding. That way, the help desk had time to respond to questions and get feedback throughout the onboarding process.

Within just a few weeks, our client had all of their admin accounts and most of their privileged accounts configured with MFA.

"UserLock was easy for our team to install and configure. And we look forward to beta testing new features as UserLock’s developers continue to add new functionalities to the product."

IT Manager