laptop-img

TecMFA: Desktop MFA

Enforce two-factor authentication based on Okta policies.
Self-Service Password Recovery.

Anywhere, anytime, even when offline.

What is TecMFA?

TecMFA is a Credential Provider / authorization plugin developed on top of Okta's MFA & Policy framework and extends the Okta's MFA policy to Windows/Mac desktop & laptops.

TecMFA prevents vulnerability and threats associated with login by verifying the identity of all users (Employees, Partners, Contractors) with Okta supported 2 Factor authentication before granting access to the desktops/laptops.

With TecMFA, during the login process, the user will be presented with the MFA factors configured in Okta after primary authentication is successful. This ensures that the user will have to successfully authenticate with both the primary and secondary factors, thereby increasing security for the organizations. It mitigates common credential theft methods such as keyloggers or tools capable of harvesting plaintext passwords.

TecMFA supports both Windows & Mac.

Supported Scenarios

Online Scenario

In the online scenario, the user’s Desktop/laptop is connected to the internet and can reach Okta cloud.

After successful authentication of 1st factor (Username & password), TecMFA will present the factors configured in Okta for secondary authentication.

Only after both the factors have been verified by Okta will the user be allowed to login to their desktop/laptop.

This scenario supports the following 2 Factors in Okta:

  • Okta verify
  • SMS
  • Voice
  • Custom TOTP
  • Google Authenticator
  • Yubikey
  • RSA SecureID
  • Security Question

Offline Scenario

In the offline scenario, the user’s Desktop/laptop is not connected to the internet and cannot reach Okta cloud.

In this scenario, TecMFA will perform the primary and secondary authentication. For secondary authentication, the Okta Verify app is leveraged. The OTP generated by the Okta Verify App will have to be entered during the 2 Factor prompt.

The user will have to scan a QR code using the Okta Verify app on first login to complete the enrollment process for offline 2 Factor authentication.

This scenario supports Okta Verify TOTP and U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO) for 2FA.

Does TecMFA support Windows 10?

TECMFA has been tested on Windows 10. If you are using an older version of Windows, we strongly recommend to first upgrade to Windows 10 before starting the installation.

Is Windows 7/8 supported?

We do not support Windows 7 or Windows 8 but support can be provided on a case to case basis as a Professional Services engagement. There will be a separate fee for this service.

Does TecMFA support MacOS?

Yes, TecMFA supports MacOS in online mode.

MacOS offline support is expected by Q4 2020.

What is the Hardware/Software requirements for deploying TecMFA?

Desktops with Windows 10 for deploying TecMFA Credential Provider (CP). The CP can be deployed through GPO.

What are the prerequisites for deploying & testing TecMFA?
  • Okta tenant is configured & users can login to Okta.
  • Users are active in Okta and have enrolled in at least 1 Factor type supported by TecMFA.
  • Sign-on policy is configured in Okta for enforcing or bypassing MFA for desktop users.
  • TecSSPR Windows Credential Provider installation on Desktops through GPO.
Which online factors does TecMFA support?
  • Okta Verify
  • SMS
  • Voice
  • Google Authenticator
  • Yubikey
  • RSA SecureID
  • Security Question
  • Custom TOTP
Which offline factors does TecMFA support?
  • Okta Verify (TOTP)
  • U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO)
Is TecMFA compatible with Remote Desktop sessions?

Yes.

Is TecMFA compatible with VDI environments?

Yes. TecMFA is compatible with VDI environments.

Can TecMFA be configured to enforce MFA once per day for a device?

Yes this is supported through Factor Lifetime policy configuration in Okta.

Does offline enrollment with the Okta Verify app conflict with my account Enrolled with Okta?

No, during offline enrollment, the new account gets registered with the Okta Verify app.

Does TecMFA support non-domain joined computers for desktop MFA?

As long as the Okta password and Windows local password are same, TecMFA will also work for computers which are not joined to the domain.

How do I install TecMFA?

TecMFA supports silent installation or installation via GPO or any standard software distribution tools like Microsoft System Center Configuration Manager.

Can MFA for Windows be bypassed for specific users?

TecMFA is developed on top of Okta’s MFA and policy framework. It totally relies on Okta policy to enforce MFA. To bypass MFA for specific users, Okta policy can be configured accordingly. Please contact the technical team to understand how this can be optimally configured without impacting any existing Okta integrations and policies.

Does TecMFA support Okta’s Factor Sequence and Behavior Detection?

This feature is supported in our other Product (TecZERO) which supports Passwordless Desktop login for Okta customers. Please send an email to support@tecnics.com or help@tecnics.com for additional information.

What should I do if I have a new mobile device?

TecMFA Windows Credential Provider UI provides an option to re-enroll a new device.

What do Okta users need to use TecMFA ?

TecMFA is developed on Okta's MFA framework and leverages on the policies and factors (Okta Verify) configured in Okta. The only requirements from end user perspective are, access to a Desktop with TecMFA Windows Credential Provider installed and at least 1 MFA factor configured in Okta.

Does TecMFA support UI branding?

TecMFA provides an option to add company logo for corporate branding.

Does TecMFA support Windows 10?

TECMFA has been tested on Windows 10. If you are using an older version of Windows, we strongly recommend to first upgrade to Windows 10 before starting the installation.

Does TecMFA support Mac?

Yes. TECMFA is currently being tested on Mac and is expected to be available for customers by the end of June 2020.

Is Windows 7/8 supported?

We do not support Windows 7 or Windows 8 but support can be provided on a case to case basis as a Professional Services engagement. There will be a separate fee for this service.

Does TecMFA work on VDIs?

Yes. TecMFA has been tested on VDIs.

What is the Hardware/Software requirements for deploying TecMFA?

Desktops with Windows 10 for deploying TecMFA Credential Provider (CP). The CP can be deployed through GPO.

What are the prerequisites for deploying & testing TecMFA?
  • Okta tenant is configured & users can login to Okta.
  • Users are active in Okta and have enrolled in at least 1 Factor type supported by TecMFA.
  • Sign-on policy is configured in Okta for enforcing or bypassing MFA for desktop users.
  • TecSSPR Windows Credential Provider installation on Desktops through GPO.
Which online factors does TecMFA support?
  • Okta Verify
  • SMS
  • Voice
  • Google Authenticator
  • Yubikey
  • RSA SecureID
  • Security Question
  • Custom TOTP
Which offline factors does TecMFA support?
  • Okta Verify (TOTP)
  • U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO)
Can Desktop MFA be enforced for Safe Mode and Remote Desktop Sessions?

Yes. Our support team will assist you with the configuration.

Can TecMFA be configured to enforce MFA once per day for a device?

Yes this is supported through Factor Lifetime policy configuration in Okta.

Does offline enrollment with the Okta Verify app conflict with my account Enrolled with Okta?

No, during offline enrollment, the new account gets registered with the Okta Verify app.

Does TecMFA support non-domain joined computers for desktop MFA?

As long as the Okta password and Windows local password are same, TecMFA will also work for computers which are not joined to the domain.

Does TecMFA support English and non-English versions of Windows 10 operating system?

TecMFA is currently supported on the English and Spanish version of of Windows 10 operating system. If there is a specific language requirement for a customer, we may provide support through PS engagement.

How do I install TecMFA?

TecMFA supports silent installation or installation via GPO or any standard software distribution tools like Microsoft System Center Configuration Manager.

Can MFA for Windows be bypassed for specific users?

TecMFA is developed on top of Okta’s MFA and policy framework. It totally relies on Okta policy to enforce MFA. To bypass MFA for specific users, Okta policy can be configured accordingly. Please contact the technical team to understand how this can be optimally configured without impacting any existing Okta integrations and policies.

Does TecMFA support Okta’s Factor Sequence and Behavior Detection?

This feature is supported in our other Product (TecZero) which supports Passwordless Desktop login for Okta customers . Send email to support@tecnics.com or help@tecnics.com for additional information.

What should I do if I have a new mobile device?

TecMFA Windows Credential Provider UI provides an option to re-enroll a new device.

What do Okta users need to use TecMFA ?

TecMFA is developed on Okta's MFA framework and leverages on the policies and factors (Okta Verify) configured in Okta. The only requirements from end user perspective are, access to a Desktop with TecMFA Windows Credential Provider installed and at least 1 MFA factor configured in Okta.

Does TecMFA support UI branding?

TecMFA provides an option to add company logo for corporate branding.