UniOTP GINA Agent

From SecuTech Wiki
Jump to: navigation, search


This document details how to install and use the UniOTP Windows Logon Agent, intended for end users who want to use UniOTP authentication to log onto their system. The UniOTP Windows Logon Agent is used to integrate the UniOTP dynamic password authentication system with Windows. There are two versions of the UniOTP Windows Agent: GINA (Windows 2000, XP); and Credential Provider (Windows Vista, 7, Windows Server 2008). Both use two different Windows login architecture models. This document covers the installation and usage of the GINA agent.

Installation

Preparation

Before implementing the UniOTP Windows Logon Agent, please verify the following requirements:

  • The UniOTP authentication server is already configured and running.
  • The administrator has and is already using an active account for the agent on the server
  • The aforementioned account has been bound to the UniOTP device used.

UniOTP Windows Logon Agent implementation

1. Once the UniOTP Windows Distributable Package has been downloaded, locate and execute the installation file "setup.exe" to launch the installation process.

locating setup executable

2. Click on Next in the InstallShield Wizard welcome screen.

Install Wizard screen

3. Input your User Name and Company Name and click on Next.

input user and company name

4. Select Complete and click on Next.

finished WinLogon installation

Now that you have finished UniOTP WinLogon Agent installation, you now need to add a UniOTP account. If you try to close this tool without adding an account, you will get the following error message.

error message for not adding an account

5. Click the Add button in order to add an account for this computer.

adding new user account

Type in a valid UniOTP account name and the dynamic password displayed by UniOTP at this time (If you chose OTP+PIN as your authentication method, you need to input the static PIN just after the dynamic password in this same field). Check that the server address and port are correct and click on OK. If for a certain reason, you failed to add the account, the following message will appear:

failure message

If the account was added successfully, you will get the following message (In order to enable the account, don’t forget to click on the Apply button).

success message

6. When you finish adding a UniOTP user for this computer, restart the computer and enjoy the dynamic password authentication experience provided by UniOTP.

UniOTP Dynamic Password Authentication Experience

Once the installation has been completed, restart the computer and try to log on.

1. After restarting, the first thing we see is the usual login screen.

user login window

2. After entering username, password and Windows authentication, we also need to provide UniOTP authentication.

370px

3. Let’s fill in the username and dynamic password (depending on your settings OTP or OTP+PIN) for the account added in UniOTP management tool and you’ll be able to access the operating system. If username is wrong, you’ll get the following message. If the password is wrong, you’ll be redirected to the Windows Login screen.

370px

In safe mode, as the computer uses the local backup of user data to perform the user dynamic authentication, and often the data stored locally is not synchronized with the server, the dynamic password authentication will take a very long time in safe mode. We don’t recommend using safe mode when UniOTP authentication is installed on the computer. The picture below is the UniOTP dynamic password authentication screenshot in safe mode.

370px

370px

Important points

  1. When you finish installing UniOTP Windows Authentication Agent, if you cannot pass the authentication test, uninstall the software immediately to avoid being unable to log onto the operating system and the inconvenience brought with it.
  2. If failing to authenticate consecutively, please wait 10 minutes before attempting to authenticate again, if you still cannot authenticate, you need to ask an administrator to repair your device.
  3. In safe mode, UniOTP Authentication usually takes a very long time.