UserLock Documentation
UserLock Documentation

What’s New in UserLock 12

What's new in UserLock 12.2 beta

Download UserLock 12.2 beta

New: Enhance MFA experience and security with UserLock’s custom credential provider

UserLock multi-factor authentication (MFA) now looks and feels even more like part of the native Windows logon process thanks to the new custom credential provider, now in beta. Not only can you offer end users a more intuitive and familiar interface for MFA, but you can also now extend MFA capabilities beyond the Windows login.

Here’s how UserLock MFA now visually looks like part of the Windows login process, even when the user is offline:

The new credential provider also puts in place the necessary framework to tackle the most requested feature from our community: the ability to enforce MFA when a user asks to elevate privileges. You asked, we listened!

Thanks to the credential provider, you can enforce MFA on Windows UAC (user account control) credential prompts displayed when launching administrative tasks (e.g., when disabling the firewall) and during “Run as administrator” requests. This level of control over privileged access prevents lateral movement and stops privilege abuse.

Advantages of UserLock’s custom credential provider:

  • Deliver a seamless user experience by visually embedding UserLock MFA into the Windows login process, even when the user is offline.
  • Enhance security by enforcing MFA before your system logs a Windows session.
  • Extend UserLock MFA to non-interactive sessions, including MFA on Windows UAC (User Account Control) credential prompts displayed when launching administrative tasks and during “Run as administrator” requests.
  • Identify and remotely close an open session directly from the Windows login screen if you exceed your current session limit.

Learn more

New: Enforce MFA on Windows UAC (User account control) credential prompts displayed when launching administrative tasks

Thanks to UserLock’s custom credential provider, you can apply an extra layer of security on elevated privilege requests with MFA on Windows User Account Control (UAC) prompts (in beta) displayed when launching administrative tasks (e.g., when disabling the firewall).

You can set granular MFA policies for UAC prompts since UserLock recognizes UAC as a separate access type:

This ability to treat UAC as a separate access event also means you can manage, report on, and alert on UAC credential prompts displayed when launching administrative tasks, (e.g., when disabling the firewall) and during “Run as administrator” requests.

Here’s an example of UserLock’s UAC event alert options:

UserLock’s ability to apply UAC MFA on a granular level by protected account ensures you can more accurately report on, and better meet compliance requirements for, MFA on requests to elevate privileges. This is difficult to do with other MFA providers, which often only allow UAC MFA to be applied by machine, or show MFA on UAC requests as an RDP MFA event.

Here’s an example of a UserLock UAC event report:

When you require MFA on UAC events, users must complete MFA in addition to their password before they can perform actions requiring administrative privileges, such as permitting apps to make changes to the device. This added layer of security on privilege elevation requests significantly strengthens your security posture and hardens your Active Directory against common threats.

Advantages of MFA for UAC prompts:

  • Mitigate the risk of credential compromise
  • Block lateral movement
  • Reduce the risk of privilege abuse
  • Protect critical system files and folders from unauthorized modification or sharing
  • Minimize an insider threat attack
  • Meet compliance and cyber insurance requirements

Learn more

New: Enforce MFA on Windows UAC (User Account Control) credential prompts displayed during “Run as administrator” requests

You can now also apply MFA on “Run as administrator” requests, thanks to the UserLock custom credential provider. Not only can you effectively prevent unauthorized privilege elevation and lateral movement within your network, but you can also implement a key element of “never trust, always verify” zero-trust security.

New logon attempt

Advantages of MFA for “Run as administrator” requests:

  • Reinforce privileged access management (PAM) security by blocking privilege abuse
  • Prevent lateral movement
  • Meet cyber insurance requirements to protect all admin access with MFA
  • Protect against attackers’ ability to leverage stolen credentials


What's new in UserLock 12.1

Download UserLock 12.1

New: Enable MFA and access management for all RemoteApp applications

UserLock is now compatible with all RemoteApp applications (before this, only RemoteApp applications with a desktop were supported). You can protect RemoteApp sessions with all of UserLock’s access management capabilities as well as MFA using all available MFA methods: push notifications, OTP codes and USB keys.

MFA for RemoteApp allows you to reduce lateral movement by allowing you to control which apps users can access via Remote App.

Note: You need to enroll users in MFA before you can apply MFA to RemoteApp sessions. If you have remote users, follow these instructions to enroll remote users in MFA.

New: Configure MFA by session type

You now configure MFA by session type, including:

  • Workstation
  • Server
  • IIS
  • VPN
  • SaaS

When you enable MFA, you’ll see two edit modes available for modifying the MFA settings. In each case, make sure you’ve read the documentation for the use case on each type of session to ensure MFA will be prompted.

  • All session types at once: By selecting this option, you can apply the same policy for all session types that are protected by UserLock.
  • By session type: Select this option to apply different MFA policies for each session type.

For example, you can create different policies for local Server sessions and IIS sessions connecting from outside the network.

New: Configure MFA frequency for every n minutes/hours/days

You now have more granularity to choose how often you want to prompt for MFA. You can prompt users for MFA after a specific time period defined by minutes, hours, or days.

This means that, for each session type, you have new options to select how often you want to prompt the user with MFA (see current options for UserLock 12.0 here):

  • After a given time: prompt users with MFA at their next logon after a specific time period defined by minutes, hours, or days (the option to choose minutes or hours is new in UserLock 12.1).
  • After a given time since the last logon from each IP address: Same as the above, except the amount of time will be counted from the last connection to that IP address, not the last connection.
  • Not configured: MFA will not be prompted unless another policy is applied through another protected account.

New: Configuration wizard

With UserLock 12.1, a new configuration wizard guides you step-by-step to configure the following features:

  • UserLock server: server type, protected zone, etc.
  • UserLock Web App
  • MFA for IIS applications
  • UserLock Anywhere

Learn more

Improved: Support proxy for UserLock Anywhere

UserLock Anywhere now supports HTTP Proxies. Now, UserLock allows you to validate a list of trusted proxies to recover the real client IP address for the agents communicating through UserLock Anywhere.

Learn more

Improved: View notification history for UserLock Push

Now users can view the notification history in the UserLock Push app. This allows users to show admins what IP address notifications are coming from, to more easily spot suspicious behavior. It also builds end-user awareness (and responsibility).

This update concerns only Push notifications. OTP accounts do not have history.

Learn more


What's new in UserLock 12.0

New: MFA push notifications & the UserLock Push App

UserLock push notifications are a subscription-only feature.

You can now choose to enable push notifications as the main or as an additional MFA method, giving you more flexibility to select the MFA method that works best for your team.

The all-new UserLock Push app provides safe, secure push authentication synced directly with UserLock.

UserLock Push App

Learn more about onboarding end users with push notifications

Learn more about setting up the UserLock Push app

Improved: UserLock SSO for Microsoft 365 and Google Workspace

UserLock SSO

  • Federate to multi tenants for Microsoft 365 with UserLock SSO. Learn more.
  • Use Google Profiles to configure MFA for Google Workspace with UserLock SSO. Learn more.

Improved: New features added to the UserLock Web App

UserLock Web App

The new features in the UserLock Web App include:

  • Reporting: Access even more reports now added to the Web app from the UserLock Desktop app, get powerful filtering capabilities, and easily export reports in .csv, .pdf and .xsl format. Learn more.
  • Server properties: Modify server properties from the UserLock Web app. Learn more.
  • An improved user dashboard: Easily see primary and secondary MFA methods configured for each user along with the number of recovery codes available. Learn more.

Powerful filtering capabilities

To use the Web App in parallel to your use of the full-feature desktop software, download UserLock 12.

New: UserLock MSP Console

A web-based licensing management platform, the UserLock MSP console offers customized licensing and pricing options that align with an MSP business model.

UserLock MSP console

Learn more about the UserLock MSP Console.

New: UserLock VPN Connect

The UserLock VPN Connector allows users to select their VPN, enter their credentials and complete MFA on Windows VPN connections without leaving the easy-to-use interface. You can access this tool when you download UserLock 12, or you can download it separately here.

UserLock VPN Connect UserLock VPN Connect - MFA code UserLock VPN Connect

Learn more about UserLock VPN Connect.

See UserLock's full version history

> Download UserLock