laptop-img

TecMFA: Desktop MFA for Windows

Enforce two-factor authentication based on Okta policies.
Self-Service Password Recovery.

Online Mode

In the online scenario, the user’s Desktop/laptop is connected to the internet and can reach Okta cloud.

After successful authentication of 1st factor (Username & password), TecMFA will present the factors configured in Okta for secondary authentication.

Only after both the factors have been verified by Okta will the user be allowed to login to their desktop/laptop.

This scenario supports the following factors in Okta:

  • Okta Verify Push *
  • Yubikey *
  • Google Authenticator *
  • Security Question *
  • SMS *
  • Voice call *
  • RSA Secure ID
  • Hardware TOTP
  • FIDO2 with External Authenticators and NFC devices

* TecMFA supports Inline enrollment with Okta for these factors.

Offline Mode

In the offline scenario, the user’s Desktop/laptop is not connected to the internet and cannot reach Okta cloud.

In this scenario, TecMFA will perform the primary and secondary authentication. For secondary authentication, the Okta Verify app is leveraged. The TOTP generated by the Okta Verify App will have to be entered during the 2 Factor prompt.

The user will have to scan a QR code using the Okta Verify app on first login to complete the enrollment process for offline 2 Factor authentication.

The scenario supports following features:

  • Okta Verify TOTP
  • Hardware TOTP
  • U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO)
  • FIDO2 with External Authenticators

Supported Features

TecMFA supports following features:

  • Deep integration with Okta for Single Sign-on & MFA Policy enforcement
  • Provide Single Sign-on to Okta dashboard
  • Configurable MFA based on in-network and out of network policies
  • Bypass codes for Administrators
  • Enforce Okta MFA even when Windows username does not match with Okta Username
  • MFA based on User type(Local User, Local Admin, Domain User, Domain Admin, Azure User, Microsoft User)
  • MFA for Remote Desktops
  • MFA for UAC
  • Support for Cross Domain Scenarios

Supported Windows Versions

TecMFA supports the following Windows versions:

  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2012/R2
  • Windows Server 2016
  • Windows Server 2019
Which Windows versions does TecMFA support?
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2012/R2
  • Windows Server 2016
  • Windows Server 2019
What are the prerequisites for deploying & testing TecMFA?

TecMFA is developed on Okta's MFA framework and leverages on the policies and factors (Okta Verify) configured in Okta. The requirements to test TecMFA are:

  • Okta tenant is configured & users can login to Okta.
  • Users are active in Okta and have enrolled in at least 1 Factor type supported by TecMFA.
  • Sign-on policy is configured in Okta for enforcing or bypassing MFA for desktop users.
Which online factors does TecMFA support?
  • Okta Verify Push
  • Yubikey
  • Google Authenticator
  • Security Question
  • SMS
  • Voice call
  • RSA Secure ID
  • Hardware TOTP
  • FIDO2 with external authenticators
Which offline factors does TecMFA support?
  • Okta Verify TOTP
  • Hardware TOTP
  • U2F Keys
  • FIDO2 with external authenticators
Is TecMFA compatible with VDI environments?

Yes