For computer MFA logon, the type of logon procedure is called Windows. It is named as such due to historical reasons.
Below is the general guide for creating a logon procedure in DualShield
Click the "CREATE" button on the toolbar
In the "Name" field, enter a name for this new logon procedure, e.g. "Office 365"
In the "Type" field, select the type of the logon procedure from the drop list, e.g. "Web SSO"
Click the "SAVE" button to save it.
Now that a new logon procedure is created, you want to add logon steps.
Navigate to Authentication | Logon Procedures
Click the context menu icon "..." of the application to be edited, e.g. "Office 365"
select "Logon Steps" to bring up the logon steps editor
To add a logon step, click the "ADD" button
Select the one or multiple authentication methods that you want to add to this step, e.g. "One-Time Password"
Click the "SAVE" button to save it
You can change the order of the steps by clicking the "UP" and "DOWN" buttons.
Make sure that the type of the Logon Procedure you have created is Windows
Once a logon procedure has been created, you need to add logon steps into the newly created logon procedure.
Logon Step for Computer MFA Logon
The computer 2FA or MFA logon process is a 2-step or multi-step verification procedure. The first step is the AD credential (i.e. AD password) verification, and the second step is the second factor such as one-time passcode etc. The first factor, i.e. AD password, is always required and actually verified by the AD itself, and the second factor, such as an OTP token or FIDO key, is verified by the DualShield MFA server. Therefore, for 2FA, you only need to add one logon step into the logon procedure and you only need to add a second factor into the logon step.
The example below is a logon step that includes 2 authentication options, one-time password and on-demand password, which means that the users will be allowed to authenticate themselves using either of the credentials.
