laptop-img

TecUPS: Desktop User Provisioning

User Provisioning & Password Sync. for Okta mastered users on Non-Domain Joined Machines

TecUPS Provisioning Features

Centralized User Management and Authentication with Okta
Local user accounts in Windows are provisioned & deprovisioned from Okta as the authoritative identity provider

Just-In-Time User Provisioning
Simplify local user account provisioning & access with dynamic provisioning

Sync. Passwords for Local Desktop Users
Push Okta password to local user account on non-domain joined computers

Centralized Policy Enforcement
Okta sign-on and 2FA policies for desktop users

Password Recovery at the Press of Ctrl + Alt + Del Keys
Securely recover password from Windows logon screen

Login Once to Gain Access to All Corporate Resources
Better user experience since users have to login only to their workstation to access all corporate

TECHNICAL ARCHITECTURE

Should the computer be connected to domain for TecUPS to work?

No. TecUPS is designed to work on computers which are not joined to domain. Okta UD is used as the directory in such scenarios. 

Which Windows versions does TecUPS support?
  • Windows 10
  • Windows 7
  • Windows Server 2016
  • Windows Server 2019
What is the Hardware/Software requirements for deploying TecUPS?

Desktops with Windows 10 for deploying TecUPS Credential Provider (CP). The CP can be deployed through GPO.

What are the prerequisites for deploying & testing TecUPS?
  • Okta tenant is configured & users can login to Okta.
  • Users are active in Okta and have enrolled in at least 1 Factor type supported by TecUPS.
  • Sign-on policy is configured in Okta for enforcing or bypassing MFA for desktop users.
  • TecSSPR Windows Credential Provider installation on Desktops through GPO.
Which online factors does TecUPS support?
  • Okta Verify
  • SMS
  • Voice
  • Google Authenticator
  • Yubikey
  • RSA SecureID
  • Security Question
  • Custom TOTP
Which offline factors does TecUPS support?
  • Okta Verify (TOTP)
  • U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO)
Can TecUPS be configured to enforce MFA once per day for a device?

Yes this is supported through Factor Lifetime policy configuration in Okta.

Does offline enrollment with the Okta Verify app conflict with my account Enrolled with Okta?

No, during offline enrollment, the new account gets registered with the Okta Verify app.

Does TecUPS support inline enrollment with Okta?

Yes, TecUPS supports inline enrollment with Okta through SMS as a factor.

How do I install TecUPS?

TecUPS supports silent installation or installation via GPO or any standard software distribution tools like Microsoft System Center Configuration Manager.

Can MFA for Windows be bypassed for specific users?

TecUPS is developed on top of Okta’s MFA and policy framework. It totally relies on Okta policy to enforce MFA. To bypass MFA for specific users, Okta policy can be configured accordingly. Please contact the technical team to understand how this can be optimally configured without impacting any existing Okta integrations and policies.

Can MFA be prompted for elevated access (UAC)?

Yes, TecUPS can prompt for MFA during elevated access (UAC).
This option is configurable during TecUPS installation. 

Does TecUPS support Okta’s Factor Sequence and Behavior Detection?

This feature is supported in our other Product (TecZERO) which supports Passwordless Desktop login for Okta customers . Send email to support@tecnics.com or help@tecnics.com for additional information.

What should I do if I have a new mobile device?

TecUPS Windows Credential Provider UI provides an option to re-enroll a new device.

What do Okta users need to use TecUPS?

TecUPS is developed on Okta's MFA framework and leverages on the policies and factors (Okta Verify) configured in Okta. The only requirements from end user perspective are, access to a Desktop with TecUPS Windows Credential Provider installed and at least 1 MFA factor configured in Okta.

Does TecMFA support UI branding?

TecUPS provides an option to add company logo for corporate branding.