MFA for Windows PCs

Protect Your PCs

Securing your private business application data requires a comprehensive strategy. Of course you need to secure access to applications to ensure only valid users have access. But you also need to secure the underlying resources that power those apps, as well as the devices used to access them.

When it comes to protecting devices, it’s clear that Windows PCs present the largest attack surface, based on their huge deployment numbers. With Centrify Identity Service, IT can integrate hassle-free MFA for Windows login, so that users can get secure access to their PCs, as well as the resources and applications they need to be productive.

How it Works

When users log in to their PCs with their domain credentials, they simply present a second factor of authentication as well. There’s no extra authentication screen, or separate application — simply the native Windows login prompt. Centrify then validates the second factor, and makes the appropriate authentication decision. Authenticated users are then granted access to their local machine, securely and easily.

In order to make login a simple and fast as possible for employees, Centrify supports a flexible set of “possession factors,” including:

  • Secure mobile push notification
  • SMS/text message
  • Interactive phone call
  • Third party RADIUS- or OATH-compliant tokens
  • Yubikeys

MFA+SSO=Security and Convenience

Centrify Identity Service also provides the ability to leverage Integrated Windows Authentication (IWA) once the user has authenticated, to provide seamless single sign on to applications from that machine, all based on policy. This means IT can revoke access across devices and apps from a single console, and users have no per-application passwords to enter or remember.

Because MFA policy across all apps, resources and endpoints is tied to a single platform, IT has comprehensive control over user access policy. Since authentication decisions are made based on context, users get seamless, secure access to the tools they need to do their job – all without constant prompting for authentication.