Secure Active Directory User Logins with
Multi-Factor Authentication (MFA)

UserLock makes it easy to enable MFA on Windows logon, RDP and VPN connections. Verify the identity of all Active Directory accounts and secure access to your network.

Start a free trial Book a Demo

On-Premise Two-Factor Authentication
for Windows Active Directory

UserLock supports MFA using authenticator applications which include Google Authenticator, Microsoft Authenticator and LastPass Authenticator, or programmable hardware tokens such as YubiKey and Token2.

Google Authenticator application Yubikey Token2 miniOTP-3

Relying on cryptographic algorithms for Time-based and HMAC-based One-Time Passwords (TOTP and HOTP), all options offer strong and simple two-factor authentication to better protect access across an entire organization.

Offline Multi-Factor
Authentication

Secure On-Premise Hosting.
No internet connection is needed.

MFA for Windows users
not connected to the LAN

Protect access to any machine even when disconnected from the corporate network.

MFA and Remote Desktop
(RDP) Connections

Enable MFA on all RDP logons, or for every RDP logon from outside the corporate network – including RD Gateway connections.

MFA and
VPN Connections

Enable MFA for Virtual Private Network (VPN) connections managed by Microsoft Routing and Remote Access Service (RRAS).

MFA on Workstation
and RDP UnLock

Choose to include MFA for when a user is unlocking a logged-in workstation.

MFA for All Users, including
Privileged Accounts

Protect workstation and server connections from even the most privileged system and admin accounts.

Deploy Easily alongside
On-Premise Active Directory

UserLock teams up seamlessly with on premise Active Directory to make it easy to scale
multi-factor authentication, across an organization.

Activate MFA by User, Group or Organizational Unit to make it easy even for larger user bases. Manage the time users have to enroll in MFA, by allowing them to skip configuration and highlight any problems.

For example, enable MFA for an Active Directory group "HR".

Deploy Easily, At Scale and Alongside Active Directory

Coming soon

SSO & MFA for Microsoft 365 & other SaaS Applications.

Intuitive Self Enrollment for the User

Once activated by the administrator, enrollment is intuitive
and simple for users to do on their own.

Authenticator Application
YubiKey

Self-Enrollment with an Authenticator Application

1
They install the authenticator app on their phone.
2
They scan the QR code displayed at login.
3
They enter a code which confirms activation.

Self-Enrollment with YubiKey

1
They insert the YubiKey into a USB port of their computer.
2
They log in to their computer, confirm they want to use YubiKey, and select the available YubiKey slot.
3
They click ‘Link YubiKey’ to confirm configuration and press the YubiKey button. This will automatically enter the code to confirm activation.

Thereafter, users’ log in using their credentials, and then when prompted either with a code shown on the app/token, or by pressing the YubiKey button which automatically enters the code. A request for help from the user immediately notifies the administrator, so they can react quickly.

MFA - Userlock

Customize MFA
for your Organization

Administrators may want to avoid prompting the user for MFA each time they log in. With UserLock you can define under what circumstances MFA is asked for:

By connection type (local logins and RDP sessions)
By RDP connections that originate from outside the corporate network
By workstation and/or server connections
By frequency and circumstances of authentication requests

Track and React
to MFA

Reporting and insights across your organization
Real-Time alerts on user requests for help
One-click response to reset an MFA key or temporarily disable MFA for a user.

Enforce Context-Aware
Authorization

Once authenticated, UserLock’s logon restrictions help further verify all users’ claimed identity and secure network access.

Set policies to authorize, limit or deny access attempts by machine, device, location, time, session type, initial access point and number of simultaneous sessions.

Learn more

« UserLock is the best 2FA solution I've seen. It's affordable, integrates with Active Directory, is easy to install and maintain. It's basically an IT Manager's dream. »

« UserLock's solution makes implementing
multi-factor authentication (MFA) extremely easy. »

« The MFA for RDP significantly enhances security,
especially today with a boom in remote working. »

« Stolen user credentials were at the root of some of the biggest hacks in the last few years. UserLock is a powerful product that focuses on preventing the internal and external threats related to compromised credentials, by providing the administrators with detailed options for restricting and monitoring access to their Windows-based networks. »

Bill Hopkins
Network Administrator - City of Keizer