Process Flow

CI Windows login is used to login to Windows based on an extra layer of security. It will be in two variants based on the API.

1. Domain-based login.
2. Standalone Windows login

Domain-based Login

Here, users are presented with a Cross Identity’s Windows login screen (Custom Credential Provider. The default Windows login screen is bypassed). Once the user provides the credentials, Cross Identity authenticates the user. Based on the users’ settings (Advanced Access Control Policies), this user is prompted for a single-factor or multi-factor authentication. Users get access to their desktops once they provide a valid MFA response.

The below figure shows this flow in detail:

Standalone Windows login 

1. Users accessing the machine from outside the organization network and having Internet. 

   In this scenario, when the user accesses the machine from outside the network, the solution checks for Internet connectivity in the machine. If the Internet is not established in the machine, the solution shows all surrounding network connections so that the user can choose one of the networks and get connected to that Internet.

   Once the Internet is established, it shows Cross Identity’s login page and based on user settings, this user is prompted for a single factor, or multi-factor authentication based on adaptive authentication rules.

   Note:

   For this use case, the proposed solution should be accessible over the Internet.

   
   

2. Users accessing the machine from outside the organization network and NOT having Internet.
   If the solution cannot establish an internet connection on the device, it prompts the user to authenticate using a Time-based OTP (via a Soft-token App on their mobile device). It then verifies the TOTP either locally or through the Passwordless MFA option, granting access to the machine upon successful verification.

The below figure shows this flow in detail: