How to authenticate with a mobile device on a Windows 10 client

Evidian Authentication Manager allows you to authenticate using different strong authentication methods. This page describes how to configure a mobile device to authenitcate on a Windows workstation with QRentry.

Evidian QRentry replaces the static password by a One-Time Password (OTP). This strong authentication method can be used for internal and external users, including customers, partners and employees. With Evidian QRentry, your users authenticate with their smartphone by scanning a QR Code.

QRentry for Windows Authentication

With QRentry, your users log on to their Windows session by scanning a QR Code with their smartphone. This access is available, in online or offline mode, connected or not connected to the corporate network and Active Directory. QRentry works even if the PC’s network, mouse, USB port and authentication devices are broken. It also works for remote troubleshooting.

3 steps to prepare a mobile device for QRentry:

1. Allowing users to enroll a mobile device.

2. Installing QRentry on your mobile device.

3. Enrolling your mobile device.

Allowing users to enroll a mobile device

Allow the following administration role:

  • In classic administration mode: Security object administrator.
  • In advanced administration mode, your role must contain the following rights:
    • User Security Profile: creation/modification.
    • Mobile devices: Display mobile details.
    • Mobile devices: Management.
  • A User Security Profile is created and the Mobile Authentication method is selected (Authentication tab).

  • An Access Point Security profile is created and the Mobile Authenticationmethod is selected (Security Services tab).

1. In the EAM console, click the User Security Profile that contains the users for whom you want to allow the use of QRentry for emergency access.

2. Click the Mobile Device tab.

3. Complete the Security tabbed panel and click Apply.

a. The users associated with the selected User Security Profile can enroll their mobile device.

b. The enrollment wizard will be automatically launched upon their next authentication.

c. Everybody can use QRentry.

d. The configuration of QRentry is updated every x days. For example, if a new application for QRentry has been created in E-SSO, it will be available at the next configuration update.

Installing QRentry on your mobile device.

QRentry is available for Android and iOS mobile devices. Depending on the mobile device you own, start the corresponding application
from the Applications menu:

  • Android: Play Store
  • iOS: App Store

In the Search menu, type QRentry.

Select the QRentry application and tap Install.

QRentry needs your authorization to access the Calls feature of your mobile device to be installed.

From the Applications menu, tap the QRentry icon to start QRentry.

Enrolling your mobile device

The enrollment of a mobile device can be done through Authentication Manager or through the EAM portal Depending on the configuration defined by the EAM administrator:

  • The enrollment wizard can start automatically when opening your Windows
    session, or you must start it manually.
  • You might have to define a PIN to access QRentry.

As long as you have not enrolled any mobile device, the enrollment wizard may start automatically when you log on to your Windows session. Otherwise, if you need to start it manually, right-click the Authentication Manager icon located in the notification area, and select Mobile Device Enrollment.

  • The following window appears:

  • Click Add.
  • Complete the enrollment wizard as showed on the tutorial.