If your AD domain is visible in the public network and has a public DNS server, then follow the guide below to set up offsite logon
The "hostname" can be anything you like, such as "dsmfa". However, you need to be careful with the hotsname "dsagent" as it is used for onsite logon. If you need to deploy both onsite and offsite MFA logon, then you must not use "dsagent" as the public hostname for your computer logon agent.
The example below created an A record with the hostname "dsmfa" in the domain "la.deepnetid.com"
hostname | dsmfa |
|---|---|
domain name | la.deepnetid.com |
ip address | the public IP of your Computer Logon Agent |
Otherwise, follow the guide below to set up offsite logon
Click its context menu
Select "Edit"
Enter the Agent's Public URL in the format "tcp://hostname.domain-name", e.g. tcp://dsmfa.la.deepnetmfa.com
Click Save.
Important: if you have multiple Computer Logon Agents, then repeat the steps above on every Computer Logon Agent entry.
If you implement offsite Computer MFA logon with a public URL, then your users must make sure that they have completed an online MFA logon on their laptop computers before they take the laptop computers offsite. This is because the public URL of the logon agent has to be downloaded to the laptop computers, and download can only be carried out in an online MFA logon process.