Secure Active Directory User Logins with
Multi-Factor Authentication (MFA)

UserLock makes it easy to enable MFA on Windows logon, RDP and VPN connections. Verify the identity of all Active Directory accounts and secure access to your network.

Start a free trial Book a Demo
Multi-Factor Authentication (MFA)

On-Premise Two-Factor Authentication
for Windows Active Directory

UserLock supports MFA using authenticator applications which include Google Authenticator, Microsoft Authenticator and LastPass Authenticator, or programmable hardware tokens such as YubiKey and Token2.

Google Authenticator application Yubikey Token2 miniOTP-3

Relying on cryptographic algorithms for Time-based and HMAC-based One-Time Passwords (TOTP and HOTP), all options offer strong and simple two-factor authentication to better protect access across an entire organization.

Offline Access

Offline Multi-Factor

Secure On-Premise Hosting.
No internet connection is needed.

MFA for Windows users not connected to the LAN

MFA for Windows users
not connected to the LAN

Protect access to any machine even when disconnected from the corporate network.

MFA and RDP Connections

MFA and Remote Desktop
(RDP) Connections

Enable MFA on all RDP logons, or for every RDP logon from outside the corporate network – including RD Gateway connections.

MFA and Remote Desktop

MFA and
VPN Connections

Enable MFA for Virtual Private Network (VPN) connections managed by Microsoft Routing and Remote Access Service (RRAS).

MFA on Workstation

MFA on Workstation
and RDP UnLock

Choose to include MFA for when a user is unlocking a logged-in workstation.

For All Users, including Privileged Accounts

MFA for All Users, including
Privileged Accounts

Protect workstation and server connections from even the most privileged system and admin accounts.

Deploy Easily alongside
On-Premise Active Directory

UserLock teams up seamlessly with on premise Active Directory to make it easy to scale
multi-factor authentication, across an organization.

Activate MFA by User, Group or Organizational Unit to make it easy even for larger user bases. Manage the time users have to enroll in MFA, by allowing them to skip configuration and highlight any problems.

For example, enable MFA for an Active Directory group "HR".

Deploy Easily, At Scale and Alongside Active Directory

Now released in Beta

MFA & Single Sign-On for Microsoft 365 & other Cloud Applications.

Discover UserLock 11.0 Beta

Intuitive Self Enrollment for the User

Once activated by the administrator, enrollment is intuitive
and simple for users to do on their own.

Self-Enrollment with an Authenticator Application

Self-Enrollment with an Authenticator Application

  1. 1

    They install the authenticator app on their phone.

  2. 2

    They scan the QR code displayed at login.

  3. 3

    They enter a code which confirms activation.

Self-Enrollment with YubiKey

Self-Enrollment with YubiKey

  1. 1

    They insert the YubiKey into a USB port of their computer.

  2. 2

    They log in to their computer, confirm they want to use YubiKey, and select the available YubiKey slot.

  3. 3

    They click ‘Link YubiKey’ to confirm configuration and press the YubiKey button. This will automatically enter the code to confirm activation.

Thereafter, users’ log in using their credentials, and then when prompted either with a code shown on the app/token, or by pressing the YubiKey button which automatically enters the code. A request for help from the user immediately notifies the administrator, so they can react quickly.

MFA - Userlock

Customize MFA
for your Organization

Customize MFA for your Organization

Administrators may want to avoid prompting the user for MFA each time they log in. With UserLock you can define under what circumstances MFA is asked for:

  • By connection type (local logins and RDP sessions)
  • By RDP connections that originate from outside the corporate network
  • By workstation and/or server connections
  • By frequency and circumstances of authentication requests

Track and React
to MFA

  • Reporting and insights across your organization
  • Real-Time alerts on user requests for help
  • One-click response to reset an MFA key or temporarily disable MFA for a user.
Track and React to MFA

Enforce Context-Aware

Once authenticated, UserLock’s logon restrictions help further verify all users’ claimed identity and secure network access.

Set policies to authorize, limit or deny access attempts by machine, device, location, time, session type, initial access point and number of simultaneous sessions.

Learn more


Request a personalized demo now

Discover how UserLock can help you meet your needs.

Download UserLock

The trial version offers:

  • 30-day full version
  • no user limits
  • free technical support

Supported systems

Release Date : 6/4/2020
Version : UserLock 10.2
What's new in this version ?

Please read the Beta Testing Procedure before installing this version.

The beta version includes:

  • 30-day full version
  • no user limits
  • free technical support

Release Date : 8/2/2021
Version : UserLock 11.0 beta
What's new in this version ?

Supported systems