An overview on how to enroll with RFID and authenticate to Windows. This video is ideal for customers who are performing a POC or a pilot or just want to see how 2FA ONE supports RFID. In the video you will learn how to enroll an RFID card in 2FA ONE and logon to Windows. 2FA ONE supports over 40 different types of RFID cards (125 kHz and 13.56 MHz) and RFID reads from RFIDeas, OMNIKEY (HID Global), Dell, Panasonic, Feitian, and other embedded readers.
An overview of how to enroll fingerprint biometrics in 2FA ONE Client. This video is ideal for customers who are performing a POC or a pilot or just want to see how 2FA ONE supports fingerprint biometrics. In the video you will learn how to enroll fingerprint for use with 2FA ONE. By default each user must enroll a minimum of three fingerprints and select a PIN. 2FA ONE supports a broad range of fingerprint readers from Authentec, Digital Persona, Dell, Panasonic, Lumidigm, Fujitsu, and other manufacturers.
An overview of two-step authentication. In some cases it may be required to separate a Windows logon with username and password from strong or two-factor authentication. Two-step authentication can be accomplished with 2FA ONE in a number of ways. This video details three scenarios that achieve two-step authentication. The first scenario uses 2FA ONE’s risk-based authentication feature; whereby, the user logs on the local operating system with username and password, 2FA ONE identifies a risk with the logon and requires the user to authenticate with another enrolled method, such as RFID card and PIN. The second scenario leverages 2FA ONE’s Shared Workstation feature. The user logs on with an assigned username and password, Shared Workstation then locks access to the desktop and requires the user to authenticate with RFID and PIN, other methods may also be used. In the last scenario an “Enforce Authentication” policy is applied to a specific application. The user is first required to authenticate to 2FA ONE with two-factor authentication before entering a username and password for the specific application.
An overview of how smart card logon works with 2FA ONE. 2FA ONE provides a full-featured smart card management system (SCMS) that works with smart cards and tokens. The SCMS manages/secures default keys that are loaded on smart cards to reset PINs, facilitates the creation of certificates and associated keys that are used for authentication, digital signatures, encryption, and more. The system supports full life-cycle management of user activities such as PIN selection, card issuance, card replacement, certificate creation, certificate revocation, and a myriad of other tasks. 2FA ONE is tightly integrated with Microsoft Windows Server – Certificate Services and is one of the only systems on the market that provides full management of smart cards along with SSO, shared workstation, and a full authentication platform.
This video provides an overview of how Risk Based Authentication (RBA) works with 2FA ONE. Unlike traditional RBA systems that implement RBA on websites, 2FA ONE implements RBA at Windows logon. During enrollment a user token and profile information is built. User profiling, device identification, network information and pattern analysis is recorded and associate with the user’s profile every time the user logs on to a system on which 2FA ONE RBA is enabled. If 2FA ONE’s RBA algorithm determines a risk with a logon event, the session is locked and the user must authenticate with an enrolled authentication method. In the majority of cases the method used is high-risk challenge/response questions; however, other authentication methods can be enabled and required.
An overview of how to enroll a magnetic stripe card or barcode in 2FA ONE Client. This video is ideal for customers who are performing a POC or a pilot or just want to see how 2FA ONE supports magnetic stripe or barcode authentication. In the video you will learn how to enroll a magnetic stripe card for use with 2FA ONE. The system supports standard magnetic stripe card and barcodes as well as 2D barcode. 2FA ONE supports specific barcode scanners and magnetic stripe readers. Please contact 2FA ONE Sales or Support r more information on supported models. Lastly, magnetic stripe and barcode is supported through the implementation of a keyboard filter that is not included in the default installation of 2FA ONE that is available for download on the 2FA.com site. You must request the installer directly from 2FA Sales or Support and run the installer in administrator mode. Please see the 2FA ONE Client Administrator’s Guide for more information.
This video provides an overview of how to logon to Windows with an Near Field Communications (NFC) enabled smart phone. Many of the smart phones today contain NFC capabilities to process consumer-related transactions. By leveraging the embedded NFC (13.56 MHz) reader/writer 2FA ONE enables users to simply tap their phone on a connected RFID (13.56 MHz) reader and be logged on to Windows. When used in conjunction with 2FA ONE Server users can roam to any system in the environment and seamlessly be authenticated to Windows.
An overview of how to configure and use SSO with 2FA ONE. In this video you will learn how to set up a Secured Applications logon template using 2FA ONE’s field identification process using the drag-and-identify process. The demo application uses application specific credentials that are not known by Active Directory or the administrator. During the first time use workflow, the user enters their credentials and 2FA ONE learns the credentials for future use.
An overview of how officers currently interact with traditional Windows logon and application sign on, compared to how their workflow could be with 2FA ONE. In this video you will see that officers have to logon to Windows with username and password and login to each individual application with application specific credentials. In the comparison you will see that officer can simple sign on to Windows with Advanced Authentication and achieve auto-launch and single sign-on to various applications, saving the officer time and reducing risk by limiting the amount of interaction with the keyboard during authentication processes.
This video provides an overview of how users interact with 2FA ONE’s Shared Workstation. In this video you will see how a user can authenticate to a generically logged on shared workstation with user specific credentials then gain access to applications with user specific SSO credentials.
An overview of how users can authenticate to a generically logged on/kiosk/COW/shared workstation with fingerprint biometrics using 2FA ONE shared workstation. In this video a generically logged on account is used to logon to the operating system, following which 2FA ONE Shared Workstation locks access to the desktop. Users must first authenticate to Shared Workstation before being granted access to the shared workstation. Once authenticated, 2FA ONE auto-launches applications and performs SSO to the applications using streamlined or two-factor authentication. When users logoff the system or the session auto-locks the user’s open applications are closed by 2FA ONE.
An overview of how 2FA ONE Shared Workstation works in a mobile clinical environment with Citrix XenApp and XenDesktop. A provider is able to tap a card and get instant access to XenDesktop then lock the system with a tap of a card, following which they are able to roam to another system, tap their card and their prior session is immediately displayed. The solution in this video is specific to Citrix; however, 2FA ONE functions similarly with VMware Horizon View and Microsoft Remote Desktop Services.
This video provides an overview of how officers can gain access to CJI when generic or shared accounts are used to gain access to the desktop. In the past generically logged on accounts presented a security risk and a unique challenge for agencies attempting to achieve CJIS’ advanced authentication requirements, especially if the MDT’s were not joined to a domain, such as Active Directory. Now with 2FA ONE Shared Workstation, agencies can securely authorize who has access to a specific MDT and perform audits on who accessed each system.
An overview of how to manage 2FA ONE’s logon experience. Best practice is to manage the logon experience from 2FA ONE Server. In this video you will learn how to manage 2FA ONE’s logon experience from within 2FA ONE Client. This is ideal for POCs and pilots where it may not be practical to set up a full 2FA ONE client-server environment. Within the 2FA ONE client, administrators can turn off or on the tiles that are available for logon within the logon environment. By default, all tiles are turned on. This may cause confusion for users that only logon with RFID or fingerprint biometrics. The video will walk you through the steps to turn off unused logon tiles.
An overview of how to manage PIN policies in 2FA ONE Client. Best practice is to manage PIN policy from 2FA ONE Server. In this video you will learn how to set PIN policy in 2FA ONE Client. There are two types of PIN policy in 2FA ONE, the first type is PIN attributes, such as PIN length and complexity, the second type is PIN use, such as requiring a PIN at all times or only for logon, but not for unlock. 2FA ONE is designed to provide the appropriate level of security for your organization which can be balanced with user convenience.
This video provides an overview of how Windows passwords are changed in 2FA ONE. In many cases users will still maintain a Windows password even though they logon with another authentication methods. 2FA ONE provides an easy process for users to change or update their Windows password with 2FA ONE. The two primary scenarios are password expiry and a password change outside of 2FA ONE. These two scenarios are handled “in-the-flow” during the logon process. This video will walk you through the steps users will experience during password change and update events.
An overview of the Town of Addison’s deployment of 2FA ONE. In this video you will learn key details of the Town of Addison’s deployment of 2FA ONE to address CJIS’ Advanced Authentication compliance requirements. Listen to officers’ opinions on how the solution addressed several challenges they experienced as it related to password management and authentication.
A detailed discussion on how the Town of Addison addressed CJIS’ Advanced Authentications requirements for their officers. Some of the discussion points include how officers managed passwords prior to the deployment of 2FA ONE and challenges faced by the IT department due to systems in the patrol vehicles not being joined to the Addison domain. Addison addressed their challenges by deploying 2FA ONE in Shared Workstation mode on Panasonic CF-31’s and deployed RFID cards, tags, and readers to provide officers with a simple tap-in/tap-out environment in which they are now seamlessly signed into Windows, NetMotion, and Tiburon CAD.
An overview of The City of Fort Worth’s public safety IT refresh project that included a collaboration between CDW and 2FA to deliver advanced authentication on GETAC ruggedized notebooks.
An demonstration on the responsiveness of Panasonics embedded RFID (13.56 MHz – Contactless) reader.
In this video you will learn how to install and configure 2FA ONE Client for use in a proof of concept (POC). The video will walk you through the process of installing the 2FA ONE client for you with RFID, fingerprint Biometrics, Risk-Based Authentication, and Emergency Access. This video does not cover installation process for magnetic stripe or barcode. To install for magnetic stripe or barcode, please contact 2FA ONE Sales or Support to obtain the installer that includes the 2FA ONE keyboard filter.