Professional Documents
Culture Documents
Workstation Login Installation & Configuration For Windows - 1kosmos Product Documentation
Workstation Login Installation & Configuration For Windows - 1kosmos Product Documentation
Workstation Login
Installation &
Configuration for
Windows
Overview
BlockID Workstation Login for Windows is a Credential Provider that supports
passwordless and MFA logins on Windows for Active Directory users (for domain-
joined machines).
This document guides Administrators through the steps necessary to install and
configure Workstation Login for Windows.
CAUTION
pin
face (live ID)
If your organization is using a proxy, you must also add your details. Click the
Advanced tab and enter your proxy information.
After you have completed the configuration, you will need to restart the
BlockID service:
Click the General tab.
Click Stop, located under BlockID service, near the bottom-left of the
application, to stop the BlockID Service.
Click Start to rerun the BlockID service.
NOTE
If you encounter any issues during installation, please consult the generated
log file located at C:/Program
Files/1kosmos/BlockID/log/blockId.InstallUtil_log
The command line flags -i <package name> should be used for installation and -c
<config file> for updating the configuration.
Installation and Configuration
Example:
BlockIDConfiguration.bat -install BlockID_1.05.00.61B74507.exe -configure
CONFIG -restart
Installation Only
Example:
BlockIDConfiguration.bat -install BlockID_1.05.00.61B74507.exe -restart
Configuration Only
Example:
BlockIDConfiguration.bat -c CONFIG -restart
CONFIG
CONNECTION PROTOCOL=https://
CONNECTION PORT=443
TENANT ID=demo.1kosmos.net
TENANT TAG=1kosmos
COMMUNITY=default
AUTHZ TYPE=fingerprint
REQUEST TIMEOUT=45
CONN TIMEOUT=5
ERROR MSG=Error while receiving a response
PROXY URL=
PROXY USER=
PROXY PWD=
ENABLE OFFLINE OTP=1
ENABLE ONLINE OTP=0
PASSWORD FACTOR=0
HARDWARE OTP=0
TILE IMG=
OTP TILE IMG=
ENABLE MOTD=1
MOTD=BlockID Version: &v
OTP MOTD=Login with OTP
DENY PASSTHROUGH=0
DISABLE PASSWORD PROVIDER=0
ENABLE CAD=0
ENABLE FIDO=0
Please see the table below for information on the different CONFIG file options:
TIP
The Keys and Values should not have any leading or trailing whitespaces
Expected
Name of Configuration Description Samp
Values
To define
whether the
connection http://,
CONNECTION_PROTOCOL https://
should be https://
secured or
unsecured.
Value of the
port on the Default
tenant URL on values are
CONNECTION_PORT which the 80 for http & 443
connection 443 for
would be https
established.
connect to the
admin
console.
Contains the
TENANT_TAG <tenant tag> abcinc
Tenant Tag.
Contains the
<community
COMMUNITY community default
name>
name.
The duration
for which the
credential Value
provider will should
wait for a ideally be
REQUEST_TIMEOUT 45
response from kept in the
the admin range of 10
console. The to 240.
value is in
seconds.
The timeout
value for the Value
connection to should
be ideally be
CONN_TIMEOUT 5
successfully kept in the
established. range of 2 to
The value is in 10.
seconds.
Expected
Name of Configuration Description Samp
Values
Default error
message to
<error
ERROR_MSG be displayed Error while rec
message>
on the lock
screen.
URL of the
proxy. A URL to
a direct proxy
PROXY_URL <proxy url> http://12.12.12.
or a PAC file
can be given
here.
Username in
case of
PROXY_USER <proxy user> proxyuser
authenticated
proxy.
Password in
case of <proxy
PROXY_PWD proxypasswo
authenticated password>
proxy.
"0" or empty
value
Configuration
disables the
to enable
functionality,
ENABLE_OFFLINE_OTP offline 1
and any
authentication
other value
through OTP.
enables it.
Default is 1
"0" or empty
Configuration value
to enable disables the
online/offline functionality
PASSWORD_FACTOR authentication and any 0
through other value
Password + enables it.
OTP. The default
is 0
"0" or empty
Configuration value
to enable disables the
online functionality,
HARDWARE_OTP authentication and any 0
through other value
Hardware OTP enables it.
Token. The default
is 0
a custom tile.
Leaving the
field empty
uses the
default
BlockID image
on the tile lock
screen.
Can be used
to change the
image on the
BlockID tiles at
the OTP lock
screen. It
should Should be
contain the left empty if
path to a the default
OTP_TILE_IMG bitmap file for image is to D:\SampleIco
a custom tile. be used or
Leaving the the path to
field empty a bitmap file
uses the
default
BlockID OTP
image on the
tile lock
screen.
MOTD
(Message of
the Day) string
to display on
the BlockID
tile for QR on
the lock
screen. Valid
MOTD substitutions: <motd> BlockID Versio
%m - Machine
name, %d -
Today's date,
%i - IP
address, %n -
DNS name, %v
- BlockID
version
DNS name, %v
- BlockID
version
When
enabled, this
setting does
"0" or empty
not pass
value
credentials
disables the
from the local
functionality
DENY_PASSTHROUGH machine to 0
and any
the remote
other value
machine
enables it
when
Default is 0
establishing
an RDP
connection
Disables the
"0" or empty
default
value
Windows
disables the
username and
functionality
DISABLE_PASSWORD_PROVIDER password 0
and any
authentication
other value
and sets the
enables it
BlockID as
Default is 0
default
"0" or empty
Enforces value
Ctrl+Alt+Del to disables the
be used to get functionality,
ENABLE_CAD 0
to the and any
Windows login other value
screen enables it
Default is 0
Expected
Name of Configuration Description Samp
Values
"0" or empty
value
disables the
Configuration
functionality,
to enable
ENABLE_FIDO and any 0
login using
other value
FIDO.
enables it.
The default
is 0
TIP
For any ENABLE flag, a "0" or empty value disables the functionality. Any other
value enables it.
NOTE
Additional Information
Please see Workstation Login for Windows for additional information on the
different settings available for BlockID Workstation Login for Windows.
Yes No