Multi-Factor Authentication and Access Management

Designed for on-premise and hybrid Active Directory environments


The Challenge

Whether your goal is to meet compliance requirements or prevent a data breach (or both!) you need to secure employee access to Active Directory – without frustrating end users or creating more work for IT.

The majority of data breaches stem from compromised credentials. To stop unauthorized access, you need logon security that goes beyond the password, for all users. Any account with access to sensitive, valuable data is at risk – not just privileged users/administrators.

You know the best way to develop a multi-layered approach to security is with comprehensive MFA and access management.

But most MFA and access management solutions are cloud-first, with on-premise capabilities as an option. For on-premise and hybrid environments, this means you add complexity before you even unpack the solution. Whether you now manage another directory in the cloud, are juggling between two tools to get visibility on user access, or are constantly correcting changes to your AD schema – it can be a lot.

So you end up paying for a tool that makes it harder to get work done. Productivity goes down, and so do profits. There has to be a better way.

A Comprehensive Solution

Stop unauthorized access to Active Directory with effective, granular MFA and access management – designed for on-premise and hybrid Active Directory environments like yours.

Thanks to seamless integration with Active Directory, UserLock alleviates complexity for IT teams while delivering a user-friendly experience.

Now you can secure, monitor and respond to user access, preventing damage before it’s done. Access to any data or resource is easy to identify and attribute to one individual user. This accountability discourages an insider from acting maliciously, and makes all users more careful with their actions. Not to mention, it’s also a common compliance or cyber-insurance requirement.

Microsoft estimates that multi-factor
authentication (MFA) prevents 99.9%
of all attacks on user accounts.

Learn more

Stop security breaches across common use cases

  • Secure access for all employees and privileged users
  • Extend secure access to cloud apps
  • Protect remote access, including off-domain and offline
  • Apply MFA on all session types: Wi-Fi, IIS, VPN, Remote Gateway and RDP, SaaS
  • Streamline session management
  • Get accurate logon logoff forensics
  • Manage working hours
  • Meet compliance and insurance requirements
Two Factor Authentication - Settings Two Factor Authentication - qrCode Two Factor Authentication - Statistics

Secure the logon with
two-factor authentication

Verify the identity of all users with strong two-factor authentication (2FA) across Windows logons, Remote Desktop (RDP & RD Gateway), IIS, VPN, Wi-Fi, and SaaS. Thanks to granular controls, administrators control how often and under what circumstances to prompt users for 2FA.

Choose up to two MFA methods

  • Push notifications
  • Hardware tokens or keys (YubiKey or Token2)
  • Authenticator applications

Make 2FA even easier with single sign-on (SSO)

Make 2FA easier to roll out across all employees with UserLock SSO. Employees authenticate just once with their on-premise AD credentials, then get frictionless access to Microsoft 365 and cloud apps. And thanks to SAML 2.0 federated authentication, UserLock SSO allows you to keep using AD as the authoritative identity provider, while extending it to work with the cloud. So you can secure SaaS access without the added complexity of managing a cloud-based directory.

Single Sign-On Single Sign-On Single Sign-On
Contextual Access Policy and Restrictions Contextual Access Policy and Restrictions Contextual Access Policy and Restrictions

Control how and when to allow access with context-based access management

Set rules to authorize, deny or limit any login (including remote access) based on contextual factors like machine, location, time, session time, or number of initial access points. You can also apply role-based restrictions to respect least privilege and change management best practices.

Monitor and respond to user activity in real-time with session management

Get real-time visibility into all user access so you can quickly spot potential threats.

Set up IT and end-user alerts to warn IT and end users of inappropriate logon activity and failed attempts.

Respond immediately to logon behavior to lock sessions, block users with one click, or interact remotely with any session directly from the console.

Users connected Users connected Active sessions
Real Time Monitoring and Reporting Real Time Monitoring and Reporting Real Time Monitoring and Reporting

Audit and report on all user access activity

Access a centralized audit for reporting on all AD user login activity. Track and report on who was connected, from which system(s), since what time, for how long, and more.

Give IT access to UserLock from anywhere with the UserLock Web App

Unlock the power of remote IT management with the UserLock Web App. Monitor, create reports, and work in UserLock from anywhere. The latest monitoring and reporting enhancements also go live first in the UserLock Web App, making your team more efficient than ever.

An Immediate Response to Logon Behavior

The go-to access management partner for on-premise and hybrid Active Directory environments

Simplify IT operations

Integrate your MFA and access management seamlessly with Active Directory, reducing complexity and frustration for IT teams. UserLock doesn’t make changes to accounts, structure or schema.

Empower your workforce

Easily adopted by end-users, UserLock lets you pick the right balance between security and usability. Granular controls allow for customized restrictions that protect access without getting in the way of employee productivity.

Say goodbye to complex setups

UserLock is quick to deploy and a breeze to manage. Administrators can have it up and running on a standard Windows Server in just minutes.

Scale effortlessly

Whether you have a handful of users or an entire organization to secure, UserLock has you covered. With AD Group level controls and an automated deployment engine, implementation is a breeze for any number of users.

Choose cost effective security

"Build on your investment in AD with UserLock, empowering cost-effective security enhancements for your organization."

Technical Capabilities:

Powershell Integration

Run Powershell commands to expedite and/or schedule certain tasks and execute personalized requests on the information within UserLock.

Webhooks & API

Integrate the valuable data managed by UserLock with other solutions to improve overall IT security management.

Failover Safeguards

A UserLock backup server can be installed to guarantee failover.

System Requirements

Supported operating systems include Windows Server 2003 or higher and Windows 7 or higher.

System Requirements


Active Directory required (for workgroups, see the Standalone Terminal Server UserLock server type).

Functional level of forest and domain: Windows Server 2003 or higher.

Operating systems

UserLock supports the following operating systems:

  • For UserLock Server: Windows Server 2012 and above.
  • For UserLock Console: Windows 7 and above, Windows Server 2012 and above.
  • For workstations to protect: Windows 7 and above.
  • For servers to protect: Windows 2008 R2 and above, Citrix, any terminals using RDP sessions or ICA sessions, RD Web and RemoteApp.

For all information on requirements


Try the full version for free
with our 30 day trial

IS Decisions: your trusted partner for MFA and access management

At IS Decisions, we’re dedicated to elevating your security game with MFA and access management solutions designed for on-premises and hybrid Active Directory environments. With a track record trusted by over 3,400 organizations worldwide, our solutions provide effective access security for a diverse range of clients – from nimble SMBs to the world’s most highly-regulated and security-conscious enterprises.

Partner with IS Decisions to elevate your AD access security. We’re good for business.

Download this DataSheet in PDF

PDF Version - 610 KB

Client - UserLock