TecZERO: Passwordless Login for Desktops
For Okta users with the freedom to securely access corporate resources without passwords.
One less thing to remember, you can forget your password now.
What is TecZERO for?
TecZERO is a Windows Credential Provider developed on top of Okta's Factor Sequencing framework that allows users to login to their Desktop without passwords. It authenticates users via one or more factors configured by their Okta admin as part of the sign on policy.
It prevents vulnerability and threats associated with passwords that are becoming increasingly outdated as a measure of security. It also provides a better experience for your users with a simple and secure login, without burdening them with having to remember complex or frequently updated passwords.
TecZERO also has the ability to eliminate a large portion of IT costs associated with password retrieval and reset, and users can access all corporate resources with zero need to maintain a password.
In the online scenario, the user’s Desktop/laptop is connected to the internet and can reach Okta cloud.
After entering the AD username(no password) and clicking login, the user is challenged to authenticate via one or more factors that have been configured by their Okta admin as part of the sign on policy. After successful 2FA, the users will be logged in to their Desktop and automatically taken to their Okta dashboard page.
This scenario supports the following 2 Factors in Okta:
In the offline scenario, the user’s Desktop/laptop is not connected to the internet and cannot reach Okta cloud.
In this scenario, TecZERO will perform the 2FA. For secondary authentication, the Okta Verify app is leveraged. The OTP generated by the Okta Verify App will have to be entered during the 2F prompt.
The user will have to scan a QR code using the Okta Verify app on first login to complete the enrollment process for offline 2FA.
This scenario supports Okta Verify TOTP and U2F Keys (Security Keys like Yubikey, Hypersecu and HyperFIDO) for 2FA.
With TecZERO all the pains & vulnerability associated with passwords are eliminated (ZERO passwords).
User enters their AD username on their Desktop. After entering their AD username and clicking login, the end user is challenged to authenticate via one or more factors that have been configured by their Okta admin as part of the sign on policy. After successful 2FA , the users will be logged in to their Desktop and automatically taken to their Okta dashboard page.
TecZero has been tested on Windows 10. If you are using an older version of Windows, we strongly recommend to first upgrade to Windows 10 before starting the installation.
We do not support Windows 7 or Windows 8, but support can be provided on a case to case basis as a Professional Services engagement. There will be a separate fee for this service.
- Desktops with Windows 10 for deploying TecZERO Credential Provider (CP)
- Okta tenant with Factors Sequencing enabled
- Active users in Okta that are able to login to Okta
- Users are enrolled in all the factors which are part of authentication chain
- Okta username should match the Windows login name
- Windows 2012 server or above to deploy light weight TecZERO proxy
TecZERO supports both online & offline scenario.
- Okta Verify
- Google Authenticator
- RSA SecureID
Currently this is in development. It will support the following factors:
- Okta Verify (TOTP)
- U2F Keys (Security Keys like Yubikey, Hypersecu etc.)
TecZERO supports silent installation, installation via GPO, or any standard software distribution tools like Microsoft System Center Configuration Manager.