View Source

There may be a requirement to protect a PC that is not joined to the domain or even connected to the same network. We have a solution for this. It is fairly easy to set up, but there are a few extra prerequisites needed in order to get this working

Prerequisites

Make a note of the host name of the computer. In this case it is 'ABC'

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > NoDom1.png

Create some local user accounts and make sure the Administrator account is active.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > NoDom3.png

Create a Virtual Domain

Login to the DualShield Administration Console and go to Identity>Identity Sources

Click on on the top right.

It is recommended to specify the hostname of the Non-Domain joined machine as the friendly name of this identity source.

Also, make sure the Type is set to SQL

Click Finish

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > nondom11.png

In the Logon Steps Dialogue box, click the button.

Tick the desired authentication method, e.g. Static Password

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-14_16-24-14.png

Click Save.

Repeat to add extra steps.

I have added two steps; Static Password and One-Time Password

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-14_16-28-16.png

Create an Application

Authentication> Applications

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > CompleteFTP5.png

Click on on the top right.

In the new Application window, please enter the following information:

Option	Value
Name:	Enter a friendly name
Realm:	Select your Realm
Logon Procedure:	Select the Logon Procedure you had created in the previous step

Click: Save

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera3.png

Bind the Application to an SSO Server Agent

Select the drop down menu corresponding to the Application you will be using and click on Agents.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera4.png

Tick the box of the SSO Server you will be using and click Save below.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-14_17-55-0.png

Create a Service Provider Profile

Go to SSO>Service Providers

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera19.png

Click on on the top right.

Fill in the details as per screenshot on right and make sure you select SAML 2.0(Without Metadata) as Type.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera5.png

Now fill out Entity ID and ACS URL.

Option	Value
Entity ID:	https://prefix.yourdomainname.com
ACS URL:	https://prefix.yourdomainname.com/ServicesPortal/saml

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera6.png

The completed Service Provider dialogue box will look like this:

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > Ctera7.png

Click Save.

Download the IDP Metadata file.

Go to SSO>SSO Servers

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-15_14-49-15.png

Select the drop down menu corresponding to the SSO server you will be using and click on Download IDP Metadata.

DualShield MFA Platform > Windows Logon MFA for Non-Domain Joined Machines > image2020-10-15_14-51-57.png