Authentication Passwordless For Workstations

Workstation Login Installation & Configuration For Windows

Workstation Login
Installation &
Configuration for
Windows
Overview
BlockID Workstation Login for Windows is a Credential Provider that supports
passwordless and MFA logins on Windows for Active Directory users (for domain-
joined machines).

This document guides Administrators through the steps necessary to install and
configure Workstation Login for Windows.

Manual Installation and

Configuration
Install BlockID Workstation Login for Windows

CAUTION

The Windows workstation must be joined to the Active Directory Domain.

We only support Active Directoy user login.

Copy the blockIdSetup.<version>.exe installer to your workstation and double-

click the file to launch the program.

Review and accept the license agreement. Click Next to proceed.

Select the installation folder and click Next.

Select a folder to use as a Start Menu shortcut if desired.

Choose whether or not you wish to create a Desktop shortcut. Click Next.

Review the information displayed and click Install.

 When prompted by Windows Security, click Install to start the installation.

Restart the machine

Configure BlockID Workstation Login for Windows

BlockID for Windows can be configured after installation by running the BlockID
Configuration program installed on the workstation.
To begin, launch BlockID Configuration.

Add your tenant details:

Transport Protocol: Select Secure Hyper Text Transport Protocol (HTTPS)

Tenant ID: Your tenant domain, e.g., blockid-trial.1kosmos.net
Tenant Tag: Your tenant tag, e.g.: 1kosmos
Community ID: Your community name, e.g., default

Optionally change additional parameters as desired:

Authz Type: Select between the following:

fingerprint (for touch ID or face ID)

pin
face (live ID)

Timeout in Secs: Select between '10 to 240` seconds

Connection Timeout: Select between 2 to 10 minutes
Custom Error Message: Enter a message to display when an error is
encountered

If your organization is using a proxy, you must also add your details. Click the
Advanced tab and enter your proxy information.
 After you have completed the configuration, you will need to restart the
BlockID service:
Click the General tab.
Click Stop, located under BlockID service, near the bottom-left of the
application, to stop the BlockID Service.
Click Start to rerun the BlockID service.

NOTE

If you encounter any issues during installation, please consult the generated
log file located at C:/Program
Files/1kosmos/BlockID/log/blockId.InstallUtil_log

Automated Installation and

Configuration via Batch Script
BlockID Workstation Login for Windows can be installed headless using a batch
script and a configuration file containing tenant details from a Powershell terminal.
The automated installation and configuration script only be run by a user with
Administrator privileges.

The command line flags -i <package name> should be used for installation and -c
<config file> for updating the configuration.
Installation and Configuration

BlockIDConfiguration.bat -install <installer_filename> -configure

<config_filename> -restart

Example:
BlockIDConfiguration.bat -install BlockID_1.05.00.61B74507.exe -configure
CONFIG -restart

Installation Only

BlockIDConfiguration.bat -install <installer_filename> -restart

Example:
BlockIDConfiguration.bat -install BlockID_1.05.00.61B74507.exe -restart

Configuration Only

BlockIDConfiguration.bat -configure <config_filename>

Example:
BlockIDConfiguration.bat -c CONFIG -restart

Sample CONFIG File

CONFIG

CONNECTION PROTOCOL=https://
CONNECTION PORT=443
TENANT ID=demo.1kosmos.net
TENANT TAG=1kosmos
COMMUNITY=default
AUTHZ TYPE=fingerprint
REQUEST TIMEOUT=45
CONN TIMEOUT=5
ERROR MSG=Error while receiving a response
PROXY URL=
PROXY USER=
PROXY PWD=
ENABLE OFFLINE OTP=1
 ENABLE ONLINE OTP=0
PASSWORD FACTOR=0
HARDWARE OTP=0
TILE IMG=
OTP TILE IMG=
ENABLE MOTD=1
MOTD=BlockID Version: &v
OTP MOTD=Login with OTP
DENY PASSTHROUGH=0
DISABLE PASSWORD PROVIDER=0
ENABLE CAD=0
ENABLE FIDO=0

CONFIG Description Table

Please see the table below for information on the different CONFIG file options:

TIP

The Keys and Values should not have any leading or trailing whitespaces

Expected
Name of Configuration Description Samp
Values

To define
whether the
connection http://,
CONNECTION_PROTOCOL https://
should be https://
secured or
unsecured.

Value of the
port on the Default
tenant URL on values are
CONNECTION_PORT which the 80 for http & 443
connection 443 for
would be https
established.

TENANT_ID Contains the <tenant url> abcinc.1kosm

Tenant URL to
 Expected
Name of Configuration Description Samp
Values

connect to the
admin
console.

Contains the
TENANT_TAG <tenant tag> abcinc
Tenant Tag.

Contains the
<community
COMMUNITY community default
name>
name.

Contains the Values can

authentication be
AUTHZ_TYPE fingerprint
mode for the fingerprint,
mobile device. face, or pin

The duration
for which the
credential Value
provider will should
wait for a ideally be
REQUEST_TIMEOUT 45
response from kept in the
the admin range of 10
console. The to 240.
value is in
seconds.

The timeout
value for the Value
connection to should
be ideally be
CONN_TIMEOUT 5
successfully kept in the
established. range of 2 to
The value is in 10.
seconds.
 Expected
Name of Configuration Description Samp
Values

Default error
message to
<error
ERROR_MSG be displayed Error while rec
message>
on the lock
screen.

URL of the
proxy. A URL to
a direct proxy
PROXY_URL <proxy url> http://12.12.12.
or a PAC file
can be given
here.

Username in
case of
PROXY_USER <proxy user> proxyuser
authenticated
proxy.

Password in
case of <proxy
PROXY_PWD proxypasswo
authenticated password>
proxy.

"0" or empty
value
Configuration
disables the
to enable
functionality,
ENABLE_OFFLINE_OTP offline 1
and any
authentication
other value
through OTP.
enables it.
Default is 1

ENABLE_ONLINE_OTP Configuration "0" or empty 0

to enable value
online disables the
functionality,
 Expected
Name of Configuration Description Samp
Values

authentication and any

through OTP. other value
enables it.
The default
is 0

"0" or empty
Configuration value
to enable disables the
online/offline functionality
PASSWORD_FACTOR authentication and any 0
through other value
Password + enables it.
OTP. The default
is 0

"0" or empty
Configuration value
to enable disables the
online functionality,
HARDWARE_OTP authentication and any 0
through other value
Hardware OTP enables it.
Token. The default
is 0

TILE_IMG Can be used Should be D:\SampleIco

to change the left empty if
image on the the default
BlockID tiles at image is to
the lock be used or
screen. It the path to
should a bitmap file
contain the
path to a
bitmap file for
 Expected
Name of Configuration Description Samp
Values

a custom tile.
Leaving the
field empty
uses the
default
BlockID image
on the tile lock
screen.

Can be used
to change the
image on the
BlockID tiles at
the OTP lock
screen. It
should Should be
contain the left empty if
path to a the default
OTP_TILE_IMG bitmap file for image is to D:\SampleIco
a custom tile. be used or
Leaving the the path to
field empty a bitmap file
uses the
default
BlockID OTP
image on the
tile lock
screen.

ENABLE_MOTD Configuration "0" or empty 1

to enable value
MOTD disables the
(Message of functionality,
the Day). Used and any
to enable the other value
user-defined
 Expected
Name of Configuration Description Samp
Values

label on the enables it.

BlockID tile for Default is 1
QR popup.

MOTD
(Message of
the Day) string
to display on
the BlockID
tile for QR on
the lock
screen. Valid
MOTD substitutions: <motd> BlockID Versio
%m - Machine
name, %d -
Today's date,
%i - IP
address, %n -
DNS name, %v
- BlockID
version

OTP_MOTD OTP MOTD <motd> Login with OT

(Message of
the Day) string
to display on
the BlockID
tile for OTP on
the lock
screen. Valid
substitutions:
%m - Machine
name, %d -
Today's date,
%i - IP
address, %n -
 Expected
Name of Configuration Description Samp
Values

DNS name, %v
- BlockID
version

When
enabled, this
setting does
"0" or empty
not pass
value
credentials
disables the
from the local
functionality
DENY_PASSTHROUGH machine to 0
and any
the remote
other value
machine
enables it
when
Default is 0
establishing
an RDP
connection

Disables the
"0" or empty
default
value
Windows
disables the
username and
functionality
DISABLE_PASSWORD_PROVIDER password 0
and any
authentication
other value
and sets the
enables it
BlockID as
Default is 0
default

"0" or empty
Enforces value
Ctrl+Alt+Del to disables the
be used to get functionality,
ENABLE_CAD 0
to the and any
Windows login other value
screen enables it
Default is 0
 Expected
Name of Configuration Description Samp
Values

"0" or empty
value
disables the
Configuration
functionality,
to enable
ENABLE_FIDO and any 0
login using
other value
FIDO.
enables it.
The default
is 0

TIP

For any ENABLE flag, a "0" or empty value disables the functionality. Any other
value enables it.

NOTE

TILE_IMG and OTP_TILE_IMG should contain a path to a custom image file to be

used for BlockID tiles on the Windows lock screen. Keeping this value blank
will use the default BlockID icon.

Additional Information
Please see Workstation Login for Windows for additional information on the
different settings available for BlockID Workstation Login for Windows.

Was this page helpful?

Yes No

Powered by Happy React