Two-Factor Authentication
Solution for Windows
& RDP Logons

11 Reasons to Choose UserLock

Two-factor authentication (2FA) with UserLock makes securing access to your Windows environment intuitive and easy. Get the best of both worlds – a secure network and a productive workforce.

1. Deploy 2FA alongside Active Directory

Simple to implement and intuitive to manage, UserLock works seamlessly alongside your existing investment in Microsoft Active Directory infrastructure. No modifications are made to accounts, structure or schema.

2. 2FA with time-based one-time password (TOTP)

UserLock leverages authenticator applications or programmable hardware tokens to generate a time-based one-time password (TOTP) for strong two-factor authentication.

Using a smartphone as a secure token frees the users from carrying a dedicated token device. Since the codes are generated and displayed on the same device, it removes the chance of hacker interception and means users can even authenticate offline. This is the best balance of security, usability and cost available today.

Programmable hardware tokens are a "drop-in" replacement of TOTP mobile apps. They are a great way to implement MFA for end-users who cannot use a corporate phone.

3. Customize how you
ask for 2FA

For any user, user group or OU, you can specify the circumstances under which 2FA is asked: by connection type, workstation or server connections and the frequency (every connection, every N days, first logon of the day, every new machine).

4. 2FA for all users, including the most privileged accounts

Securing access from all users aligns with most company’s desire to protect any Active Directory account with access to critical data and applications.

It also improves your ability to restrict and respond to the most privileged of accounts - Windows local administrator accounts, domain admin accounts, Active Directory service accounts.

5. Secure, always available, on premise hosting

UserLock is installed on your own on premise environment for maximum security, and can be administered from any workstation remotely. Get insights, alerts and reports on all 2FA activity across your organization.

6. One-click response
to help end-users

From the console, administrators can easily interact with any session and respond, reset or bypass authentication settings for any specific user.

7. 2FA in conjunction with contextual restrictions

With UserLock’s contextual restrictions in place, administrators can be confident in customizing 2FA controls that avoid prompting the user for a second authentication, each time they log in.

Transparent to the end-user, they create a significant barrier to any attacker but don’t impede on employee productivity. They also help administrators distinguish legitimate asks to bypass or reset 2FA.

Contextual factors include location, machine, time, session type and number of concurrent sessions.

8. Easy for both users and administrators

Enrollment is intuitive and simple for users to do on their own.

Alerts to warn end-users themselves when their own credentials are used (successfully or not) helps empower users to take responsibility for their own trusted access.

Help requests alert administrators in real-time, who can immediately respond with one-click actions, allowing users to get on with their job.

9. Offline 2FA

Authenticator applications using TOTP means end-users phones don’t need to have an online connection when authenticating. Employees can still login even when a phone has connectivity issues.

10. 2FA for Remote Desktop Connections

Choose to enable 2FA on remote connections. End-users connecting to another machine (remote computer or virtual machine) within the network, can still receive a 2FA challenge.

11. Cost effective 2FA

2FA doesn’t have to come at a high cost – but it does have to be effective in relation to its cost. UserLock offers enterprise caliber 2FA in terms of focus and effectiveness, but with SMB sensibilities in terms of implementation and use.

UserLock offers five primary functions, all working together, to secure access to a Windows Active Directory environment.

  • Two-factor Authentication (2FA) – Secure two-factor authentication on Windows logon and RDP connections. Define the circumstances to verify the identity of all users, using time-based one-time passwords.
  • Contextual Access Policy & Restrictions – Restrictions can be established to limit when an account can logon, from which machines, devices or IP addresses, using only approved session types (including Wi-Fi, VPN and IIS) and number of concurrent sessions, etc. helping to reduce the risk of inappropriate use.
  • Real Time Monitoring & Reporting – Every logon is monitored and tested against existing policies to determine if a logon should be allowed. Full visibility gives insight into any anomalous account behavior that may indicate a potential threat. Reporting helps ensure detailed insights for any investigations.
  • IT and End-User Alerting – Notifies IT and the user themselves of inappropriate logon activity and failed attempts.
  • Immediate Response – Allows IT to interact with a suspect session, to lock the console, log off the user, or even block them from further logons.

Download this White Paper in PDF

PDF Version - 180 KB

Download the fully functional free trial and see for yourself
how easily UserLock can help you secure network access.

Get a free trial