How to authenticate with a mobile device on a Windows PC
Evidian Authentication Manager allows you to authenticate using different strong authentication methods. This page describes how to configure a mobile device to authenticate on a Windows workstation with QRentry.
Evidian QRentry replaces the static password by a One-Time Password (OTP). This strong authentication method can be used for internal and external users, including customers, partners and employees. With Evidian QRentry, your users authenticate with their smartphone by scanning a QR Code.
QRentry for Windows Authentication
With QRentry, your users log on to their Windows session by scanning a QR Code with their smartphone. This access is available, in online or offline mode, connected or not connected to the corporate network and Active Directory. QRentry works even if the PC’s network, mouse, USB port and authentication devices are broken. It also works for remote troubleshooting.
3 steps to prepare a mobile device for QRentry:
- Allowing users to enroll a mobile device.
- Installing QRentry on your mobile device.
- Enrolling your mobile device.
Allowing users to enroll a mobile device
Allow the following administration role:
- In classic administration mode: Security object administrator.
- In advanced administration mode, your role must contain the following rights:
- User Security Profile: creation/modification.
- Mobile devices: Display mobile details.
- Mobile devices: Management.
- A User Security Profile is created and the Mobile Authentication method is selected (Authentication tab).
- An Access Point Security profile is created and the Mobile Authenticationmethod is selected (Security Services tab).
1. In the EAM console, click the User Security Profile that contains the users for whom you want to allow the use of QRentry for emergency access.
2. Click the Mobile Device tab.
3. Complete the Security tabbed panel and click Apply.
a. The users associated with the selected User Security Profile can enroll their mobile device.
b. The enrollment wizard will be automatically launched upon their next authentication.
c. Everybody can use QRentry.
d. The configuration of QRentry is updated every x days. For example, if a new application for QRentry has been created in E-SSO, it will be available at the next configuration update.
Installing QRentry on your mobile device
QRentry is available for Android and iOS mobile devices. Depending on the mobile device you own, start the corresponding application
from the Applications menu:
- Android: Play Store
- iOS: App Store
In the Search menu, type QRentry.
Select the QRentry application and tap Install.
QRentry needs your authorization to access the Calls feature of your mobile device to be installed.
From the Applications menu, tap the QRentry icon to start QRentry.
Enrolling your mobile device
The enrollment of a mobile device can be done through Authentication Manager or through the EAM portal Depending on the configuration defined by the EAM administrator:
- The enrollment wizard can start automatically when opening your Windows
session, or you must start it manually.
- You might have to define a PIN to access QRentry.
As long as you have not enrolled any mobile device, the enrollment wizard may start automatically when you log on to your Windows session. Otherwise, if you need to start it manually, right-click the Authentication Manager icon located in the notification area, and select Mobile Device Enrollment.
- The following window appears:
- Click Add.
- Complete the enrollment wizard as showed on the tutorial.
Evidian takes care of everything related to your Identity and Access Management with IDaaS
Learn more >
Identity Governance and Administration
Manage access and authorization of all your users in your company
Learn more >
Web Access Manager
Gateway for web apps with SSO, multi-factor authentication, identity federation
Learn more >
Enterprise multi-factor & passwordless authentication on Windows PCs
Learn more >
Enterprise Single Sign-On (SSO)
Secure access to legacy and web apps on PCs & mobiles with SSO