Ensure the following prerequisites are met before you enable Support Assisted Logon:
Create a chain with any of the methods that support the Sharing Authenticator feature (TOTP, HOTP, Password, Fingerprint, Card, Flex OTP, FIDO U2F, and RADIUS Client.) and assign the chain to Windows Logon event.
NOTE:The LDAP Password method does not support Sharing Authenticator feature.
Support User (Helpdesk Administrator) must have enrolled for each method in the created chain.
Share each enrolled method of Support User with Managed User in Shared Authenticators of Help desk. For more details about Shared Authenticators, see Sharing Authenticators.
The user does not use multi-factor authentication. To let Advanced Authentication know the user's password, create a new custom event LDAP Password AutoUpdate, and assign an LDAP Password only chain to the event.