Offline MFA supports secure user access to meet state regulatory requirements

Offline MFA supports secure user access to meet state regulatory requirements

  • Customer

    Brooklyn-based nonprofit for housing and social services

  • Industry

    Nonprofit

  • Geography

    United States

  • Challenge: To meet New York regulations, the Brooklyn-based nonprofit was looking to implement MFA that supports secure offline access across the entire user base for the first time as smoothly as possible.

  • Solution: With UserLock, the IT manager quickly rolled out MFA across all users. The organization chose UserLock’s push app for its ease of use, even for offline MFA. When a user’s laptop isn’t connected to the internet, UserLock maintains MFA by prompting the user to enter a TOTP code available on the push app.

  • Result: UserLock and the UserLock push app are simple to manage for admins and easy for users in all situations, including when they are offline. By implementing secure MFA across all users, even when offline, the organization can comply with regulatory requirements.


For the last 25 years, this nonprofit has provided transitional, low-income and affordable/supportive housing, along with accompanying social services to New Yorkers experiencing homelessness. Today, it operates eleven facilties across the city with 350 employees, and continues to grow.

The Challenge Implement remote and offline MFA across the entire organization without making it a chore for users

Historically, the nonprofit has operated a hybrid environment with a roaming profile base, which brings some inherent risks. So when mandates required it to implement MFA, the IT team knew they had to secure the entire 350-person workforce, across twelve offices and facilities.

The chosen system needed to offer a wide range of features which made finding a solution a challenge. Priorities included that it be able to secure Windows laptops even when they were offline, in order to meet the standards of best practice.

MFA also had to be as simple as possible so authentication didn’t become a chore for users. With an ambitious timeline for rollout, it had to be simple to implement as well as affordable.

A particular sticking point was that Microsoft tools could not easily authenticate users when they were offline. This meant that users could bypass MFA by disconnecting from the network, and this was a clear risk should a device fall into the wrong hands.

The chosen MFA solution also had to be able to secure all connection scenarios in an organization where enabling remote work had become a priority.

There was a possibility of using Microsoft 365’s on-premise authentication but it didn’t have the right balance of features and wasn’t the right product.

Nonprofit’s IT specialist, who was responsible for the project.

The Solution A smooth MFA implementation across online, offline, and remote working scenarios

The nonprofit adopted push authentication as the simplest MFA solution. This required users to install UserLock Push on a company or personal smartphone. A key concern here was whether users would be willing to do this.

The IT department was keen to complete the rollout without any delays or when using an unfamiliar type of authentication. However, push notifications sent via UserLock Push made authentication swift and hassle-free.

IT needs to be simple. It’s already going to bother people that they have to install an application on their phone or authenticate every time. UserLock is simple because with push notification it means that the users don’t have any hassle. The app asks them to tap ‘approved,’ and as a bonus, I’ve got offline protection.

Importantly, in remote working scenarios where a laptop has no Internet connection, UserLock still prompts users for MFA following their Windows login. UserLock push app users can enter a time-based one-time password (TOTP).

The Benefits The entire organization now authenticates using UserLock Push, even when they are offline, supporting regulatory compliance

The nonprofit was able to implement MFA across its organization for the first time using push notification, an authentication method that keeps life simple for users unfamiliar with the technology. UserLock’s offline capability was a big advantage over rival systems, agrees its IT specialist.

And even when the computer is offline and push is unavailable, it still allows MFA to complete with a six-digit TOTP. Having that level of offline protection is important for us.

The IT Specialist also emphasizes that being able to protect laptops in this scenario is a huge gain. It would not have been possible to have implemented MFA for 350 employees without this feature as doing so would have opened dangerous security gaps.

UserLock has also been simpler to set up and configure than using Microsoft’s native implementation. The nonprofit also tested Duo but it lacked the flexibility of UserLock’s offline push notification MFA and was expensive, says the IT Specialist.

Most of all, by covering every base, UserLock is the simplest solution to the challenge of MFA in an organization rolling it out for the first time.

IT needs to help but it also has to be simple.

30-DAY FREE TRIAL

Get your 30-day free trial now and secure your Windows network with UserLock

Download Free Trial Discover UserLock

More Case studies?

Read more reviews from our UserLock customers.

Discover