We have a component named 'Strong Authentication for Windows Login', which provides 2-factor Authentication during windows login. Following are some of the details about the component.
What It Does
This Packaged Work Product shall integrate CA Advanced Authentication with Microsoft Windows Server & Desktop and provide 2-factor Authentication during windows login.
Benefits That Deliver Value
- Single component which integrates with both Microsoft Windows Servers & Desktops.
- Closely integrates with CA Advanced Authentication for CA AuthID/CA Mobile OTP and Step-up can be performed by OTP sent via email or SMS. CA Mobile OTP can be used as step-up authentication during offline windows logon.
- Can differentiate (using Credential Provider) privileged windows accounts. So that step-up can be initiated only for privileged accounts (administrators) and not for non-privileged (normal users) accounts when they login.
- Client components can be installed/uninstalled by the Admin user with appropriate access which can be enforced by GPO policies.
- If the Windows Server/Desktop does not have network connectivity and/or CA Advanced Authentication servers are not reachable, the user will be authenticated per the process in place today, using cached AD password and CA Mobile OTP as 2-factor authentication.