DualShield for Windows Logon helps enterprise customers ensure that PCs, workstations and network resources are accessible only by authorized users, whether working locally inside the firewall or remotely via remote desktop. Once fully implemented and enforced, only users who have been issued a two-factor authentication tokens will be able to gain access to the protected PCs, workstations and network resources.

The complete solution consists of the following components:

  • DualShield Authentication Server
  • DualShield Windows Logon Agent
  • DualShield Windows Logon Client for Windows, Mac

Windows Logon Agent

Windows Logon Agent is the bridge that connects the Windows PCs and Mac workstations and the DualShield Authentication Server.

Logon Client for Windows and Mac

DualShield Logon Client for Windows and Mac interacts with the user in the authentication process and communicates with the DualShield Windows Logon Agent to process the two-factor authentication requests.




Windows MFA Logon 5.x

___________________________________________

Windows MFA Logon 6.x (G2)

___________________________________________

Computer MFA Logon

___________________________________________

Remarks



Operating System

Windows 


  • Screen Unlock


  • UAC Elevation Prompt

Run as Administrator, Run as a different user
  • Network Drive Mapping

(Requires DC Agent)


MacOS


  • Screen Unlock

 (Prior to Big Sur)


Linux 

  (Supports PAM Radius)

(Supports PAM Radius)


CPU Architecture

x86 / x64


ARM 64

 

 

(from v2.6.1)


User Accounts

AD Domain User Account


Local User Account 


Authentication Methods


Online Logon






  • One-Time Password

hardware and software OTP
  • On-Demand Password

SMS and email code
  • Out of Band Authentication

Push Authentication, OOBA
  • Access Card

Proximity cards (HID and MiFare), RFID & NFC cards
  • Smart Card (Certificate)

Smart card with PKI certificate
  • Grid Card

Grid Card as OTP
  • FIDO/U2F


  • FIDO2


  • Computer Fingerprint

DevicePass
  • Fingerprint Recognition


  • Type Recognition

        

TypeSense
  • Face Recognition

FaceSense
  • Voice Recognition

VoiceSense
  • Security Questions


  • Challenge/Response

MobileID C/R, GridID C/R


Anywhere Logon 



same as online logon


Offline Logon





  • One-Time Password

hardware and software OTP
  • On-Demand Password

SMS and email code
  • Out of Band Authentication

Push Authentication, OOBA
  • Access Card

HID cards, prox cards, Mifare cards, RFID cards, NFC cards
  • Smart Card (Certificate)


  • Grid Card


  • FIDO/U2F


  • FIDO2


  • Computer Fingerprint

DevicePass
  • Fingerprint Recognition


  • Type Recognition

        

TypeSense
  • Face Recognition

FaceSense
  • Voice Recognition

VoiceSense
  • Security Questions


  • Challenge/Response

MobileID C/R, GridID C/R


RDP Logon




  • One-Time Password

hardware and software OTP
  • On-Demand Password

SMS and email code
  • Out of Band Authentication

Push Authentication, OOBA
  • Access Card 

HID cards, prox cards, Mifare cards, RFID cards, NFC cards
  • Smart Card (Certificate)


  • Grid Card


  • FIDO/U2F

(Run RDP client in Admin mode)

(Run RDP client in Admin mode)


  • FIDO2


  • Computer Fingerprint

DevicePass
  • Fingerprint Recognition


  • Type Recognition

        

TypeSense
  • Face Recognition

FaceSense
  • Voice Recognition

VoiceSense
  • Security Questions


  • Challenge/Response

MobileID C/R, GridID C/R

  • No labels