Use Case
Air gap security for Active Directory
Bring modern access control to machines that have a logical or physical air gap from external networks. With UserLock, implement air gap security designed for on-premises Active Directory.
Why it’s hard to control access to isolated systems
Air-gapped networks provide strong data protection by design.
However, isolation is not enough to stop unauthorized access.
Common security gaps in air-gapped environments include:
No multi-factor authentication (MFA) for offline logins
No visibility into session history or anomalies
No centralized access control enforcement
Limited ability to audit access to critical systems
How UserLock secures air-gapped systems
Implement strong authentication, access controls, and auditing in airgapped environments. UserLock’s agent-based software enforces identity and access policies locally, even in isolated networks without an internet connection.
UserLock sits at the Active Directory authentication layer thanks to a custom credential provider. Built for on-prem AD, UserLock lets you set access policies by AD user, group, and OU.
Comprehensive air-gapped cyber security
)
)
Enforce MFA in an air-gapped network
Secure access to air gapped environments with Active Directory MFA that doesn't depend on a connection to the outer Internet. Set different MFA policies for different AD users, groups, and OUs, and adjust frequency according to session type.
)
)
Apply context-aware access controls
Enforce contextual logon requirements to limit user account access by location, time, device, and IP address. Limit concurrent logins and simultaneous sessions.
)
)
Monitor and manage sessions
Track all access to your air-gapped environment. Capture session data like time, user, device, and session type. Set up alerts to detect threats and remotely respond from the console.
)
)
Audit protected Windows access
Get accurate insights on all AD account access with tamper-proof, searchable audit logs.
)
)
Report on air-gapped system access
Produce clear reports of who accessed what, when, and from where across physically isolated or logically air gapped systems. Support full compliance auditing and reporting with tamper-proof, exportable reports.
Why security teams choose UserLock for air-gapped environments
Easy to use MFA at the sign-in screen
Add hardware or TOTP-based MFA at the credential provider level. Verify AD identities before a user session starts.
Context-aware access policies
Restrict logons by workstation, IP address, time of day, geolocation, or concurrent session count. Policies follow AD users, groups, and OUs, making setup easy and audits clean.
Built for legacy & locked-down environments
Bring modern controls to on-prem AD, terminal servers, and legacy apps.
Granular policies
Apply MFA differently by session type, and adjust how often you want to prompt users for each connection and session type.
Visibility and response
See who logs on, where, and how in real time. Block, log off, or disable an account with one click the moment a session looks risky.
Compliance-ready audit trail
Capture all access events in tamper-proof, searchable logs. Report on user session history, MFA events, administrator actions, and more to satisfy cyber-insurance and regulatory requirements.
)
)
)
)
Secure air-gapped networks with MFA and access controls
An air-gapped network has no physical connection to the public internet or to any other local area networks or systems that are not themselves air gapped. Here’s how UserLock enables secure multi-factor authentication (MFA) and access controls on air-gapped networks.
Read)
)
)
)
Securing a demilitarized zone (DMZ) network with MFA
Learn more about authentication in a DMZ and why securing a DMZ with MFA is both an art and a science.
Read)
)
)
)
Leading energy company simplifies compliance adherence with MFA and SSO
UserLock helps a leading energy company secure its OT network and fortify its DMZ with MFA, meeting strict compliance.
Read
Read the case studyStrong 2FA and concurrent login restrictions for HIPAA compliance.
I can’t trust that someone is a legitimate user or administrator just because they were on a computer on-site. Now I can verify who’s using our computers with UserLock. ”
Mark Shorts
Lead Support Tech | Meadville Medical Center
Read the case studyWindows MFA meets cyber-insurance requirements
I've seen a lot of software over the years. UserLock is one of the most simple and user-friendly I've ever used. ”
IT Supervisor
US City Government
Read the case studyUserLock MFA is a high quality, full-featured product that performs as advertised.
Michael Commons
System Administrator | Dobbs Peterbilt
