Authentication Agent enables you to perform multi-factor authentication on one computer to get authorized access to another computer, where it is not possible to display the user interface or connect any external authentication devices. You can install the Authentication Agent on a workstation or a laptop. When an authentication is initiated from a computer using Authentication Agent chain, the Authentication Agent on another computer prompts a restricted browser where you must perform authentication.
NOTE:You can install the Authentication Agent only on the Windows workstation.
IMPORTANT:If both the Windows Client and Authentication Agent are installed on the same workstation, the Authentication Agent is logged in automatically through the SSO feature. If the Windows Client is not installed, user must log in to the Authentication Agent manually.
Consider the following setup:
Windows 1 is computer without the devices required for authentication and where the Authentication Agent chain is enabled.
Windows 2 is Windows computer with the Authentication Agent installed and is connected with the devices used for authentication such as, FIDO U2F token and card reader.
To log in to Windows 1 using the Authentication Agent on Windows 2, perform the following steps:
Specify User name in Windows 1.
Click Next and select Authentication Agent from the Chains list.
For more information about enabling the Authentication Agent chain in Windows computer, see Configuring to Enable the Authentication Agent Chain.
The Authentication Agent that is active on Windows 2 launches a restricted browser.
IMPORTANT:If a restricted browser is not launched automatically, place the cursor on the Authentication Agent icon in System tray and ensure that the agent is logged in. If the agent is not logged in, double click the Authentication Agent icon to log in.
The restricted browser prompts the login page. The user name that you have specified in the Windows 1 is set in the login page by default.
Click Next.
Select and authenticate the preferred chain to log in to Windows 1 in the restricted browser.
For more information, see Logging In to Authentication Agent for Windows.
After successful authentication in the restricted browser, you are logged in to the Windows 1 automatically.