You can specify an Advanced Authentication server on a workstation that can be used when a workstation is not joined to a domain. You can also use this option when the user wants to force a connection to a specific Advanced Authentication server when a workstation with Windows Client is joined to a domain.
In the C:\ProgramData\NetIQ\Windows Client\config.properties file, configure discovery.host: <IP_address|domain_name>.
For example, discovery.host: 192.168.20.40 or discovery.host: auth2.mycompany.local.
You can specify multiple Advanced Authentication servers separated by a semicolon (;):
discovery.hosts: aaf-1.domain.com;aaf-2.domain.com;....;aaf-n.domain.com
You can specify a port number (optional parameter) for the client-server interaction: discovery.port: <portnumber>.
The Advanced Authentication server receives the client connections through the port 443 by default. However, if the port redirection is configured on the network between the client and server then you can customize the port number manually. In the config.properties file of the client, you must use discovery.port parameter to enable the client to discover and pair with the Advanced Authentication server.
NOTE:For Windows logon event, select the OS Logon (local) Event type if you want to use Windows Client on non-domain joined workstations.