3.2 Configuring Optional Settings

The following table describes the optional settings that you can do for Windows Client.

Setting

Description

disable_1N: true

To disable the automatic detection of username for Card and PKI methods. For more information, see Disabling 1:N

disable_local_accounts: true

In a non-domain mode, it is recommended to disable the local accounts. For more information, see Disabling the Local Accounts.

tenant_name

If you use Multitenancy, you must point Windows Client to a specific tenant. For more information, see Configuration Settings for Multitenancy.

event_name: <CustomEventName>

If you want to use DNS and non-domain based machines, you can use a custom event for the specific machines. For more information, see Selecting an Event.

card.timeout: X

To change a default Card waiting timeout. For more information, see Configuring Timeout for Card Waiting.

card.fail_on_timeout: true

To configure the login failure after the Card waiting timeout. For more information, see Enabling Login Failure After Card Timeout.

u2f.timeout: X

To configure the timeout for authentication with the U2F token. For more information, see Configuring Timeout for the U2F Authentication.

logo_path: C:\\dir\\filename.png

To customize a logo for Windows Client. For more information, see Customizing a Logo.

verifyServerCertificate: true

To configure the verification of server certificates for LDAP connection. For more information, see Configuring to Verify Server Certificates.

forceCachedLogon: true

To configure the cached login for client unlock. For more information, see Configuring the Enforced Cached Login.

sso_aaf_required: true

To configure single sign-on for Citrix and Remote Desktop. For more information, see Configuring Single Sign-on Support for Citrix and Remote Desktop.

select_terminal_client_user: true

To configure settings for a saved Remote Desktop session (.rdp file). For more information, see Configuring Settings for a Saved Remote Desktop Connection.

endpoint_name

To edit the name of an endpoint. For more information, see Changing an Endpoint Name.

authentication_agent_enabled = true

To enable Authentication Agent chain in the Windows Client. For more information, see Configuring to Enable the Authentication Agent Chain.

  • credprov_chaining_clsid

  • credprov_chaining_enabled

  • credprov_chaining_password_field

  • credprov_chaining_username_field

To integrate Advanced Authentication with the Sophos SafeGuard. For more information, see Configuring Integration with Sophos SafeGuard 8.

  • credprov_chaining_clsid

  • credprov_chaining_enabled

  • credprov_chaining_dump_fields

  • credprov_chaining_password_field

  • credprov_chaining_username_field

To configure the credential provider chaining. For more information, see Configuring the Credential Provider Chaining.

allowUnknownUserOfflineCredUI: true

To allow local users to log in to the remote desktop through offline mode. For more information, see Enabling Non-Enrolled Users to Log In to Remote Desktop and User Account Control through Offline Mode.

enableLinkedChainsOffline: false

To disable linked chains for offline login. For more information, see Disabling Linked Chains for Offline Login.

enable_last_chain_selection: false

To auto-select the last authenticated chain for login. For more information, see Enabling Last Logged In Authentication Chain for Login.

sso_flex_enabled: true

To enable flexible sign-on to skip LDAP password in authentication chain during Citrix or RDP login. For more information, see Enabling Flexible Sign-on for Citrix VDI or Remote Desktop Login

offline.port:<port number>

To configure the port that manages the Windows Client Cache Service. For more information, see “Configuring the Port for Windows Client Cache Service”.

provider.AuthenticationProtocol: value

To configure the authentication protocol that the Local Security Authority applies during Windows OS logon. For more information, see “Configuring the Authentication Protocol”.

show_copyright: false

To disable the copyright information on the login screen. For more information, see Hiding the Copyright Information.

rest_profiling: true

To enable the profiling tool that helps in analyzing the performance and CPU utilization of different programs. For more information, see Enabling the Profiling Tool.

allowedProviders: {classID of provider}

To configure the primary or third-party credential providers in Windows workstation that verify users’ identity during the logon process and grant access. For more information, see Enabling the Third-Party Credential Provider.

tlsVersion: value

To configure the TLS version that the network library of the Windows Client uses for establishing HTTPS connection with the Advanced Authentication server. For more information, see Configuring the TLS Version.

CLEIntegration: true

To integrate Windows Client with Client Login Extension that in turn leverages the password policies of Self Service Password Reset for change password process. For more information, see Integrating with Client Login Extension.

You can configure the following settings in the registry:

You can change the system locale for Windows Client with the setting, Changing the Locale for Windows Client.

You can localize the Advanced Authentication resources for your language with the instructions, Localizing the Messages for Clients