2.15 Configuration to Enable the Authentication Agent Chain

The Authentication Agent allows you to authenticate on one computer where all the devices required for authentication are connected to get authorized access to another computer or z/OS mainframe, where one of the following condition is true:

  • It is not possible to redirect the authentication devices.

  • It does not support the devices used for authentication.

The Authentication Agent can be installed only on the Windows computer.

You must select Authentication Agent from the Chains list of Windows Client to initiate the authentication process on another Windows computer where the Authentication Agent is installed.

To enable the Authentication Agent chain on the Windows Client, perform the following steps:

  1. Navigate to C:\ProgramData\NetIQ\Windows Client path and open the file config.properties.

    If the configuration file does not exist, you must create it.

  2. Specify authentication_agent_enabled = true in the configuration file.

  3. Click Save.

  4. Restart your computer.

An Example Scenario of Using the Authentication Agent

This scenario describes how you can perform authentication on one Windows computer and auto-sign in to another Windows computer using the Authentication Agent.

Thomas uses two Windows computers simultaneously. However, the devices required for authentication such as FIDO U2F token and card reader are connected to one Windows computer. He cannot get authenticated to the other computer because there are no authentication devices connected to this computer and cannot redirect the devices. In this case, Thomas can use Authentication Agent to perform authentication on one Windows computer and get seamless access to another Windows computer without the authentication devices.

Consider the following setup:

  • Windows A is a computer with the Authentication Agent installed and is connected with the devices used for authentication such as FIDO U2F token and card reader.

  • Windows B is computer without the authentication devices and the Authentication Agent chain is enabled using the config.properties file.

The following sequence describes the authentication process using the Authentication Agent:

  1. Specify user name and select the Authentication Agent chain in Windows B computer.

  2. The Authentication Agent on Windows A computer launches a restricted browser.

  3. Select the chain mapped to Windows log on in the restricted browser.

  4. Perform the authentication using the FIDO U2F token and card reader in the restricted browser.

    Thomas is logged in to Windows B computer automatically.