Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
A few things you should know before starting the deployment.
Keyless Workforce Access for Windows installer.
Service Host URL.
Tenant Name.
API key.
.NET 4.8+
Windows 10 Editions: Home, Pro, Enterprise.
Windows 64-bit 7*, 10 (1709+)
If you think that you are missing one or more of these prerequisites, please reach out directly to support@keyless.io.
Use Keyless Workforce Access to login to your Windows 7, 10 workstations securely!
Keyless Workforce Access allows you to eliminate passwords from your Windows 7 and 10 employee login experience and improve security with just a look.
Deploy it in less than an hour on any Windows workstation.
How to configure Keyless Workforce Access after installation.
Keyless Workforce Access can be configured at install time via the command line at install time, or manually via the Keyless Login Manager.
Administrator privileges are required to configure Keyless Workforce Access.
Keyless Login Manager is installed as part of the product installation flow and can be accessed with administrator privileges by searching for "Keyless Login Manager" application in Windows.
By default Keyless Login Manager is installed in the C:\Program Files\Keyless Technologies\Bin\ directory.
After MSI installation, unless you supplied command line configuration parameters, the following configuration is applied:
Activate Keyless authentication: (Disabled by default) To enable Keyless Workforce Access, make sure this option is checked. If at any time you wish to disable Keyless Workforce Access on this workstation you may simply uncheck this option. Note: that activation will have no effect unless the following three fields are defined.
Service Host: (Undefined by default) The URL to the service host, provided to you by Keyless.
Tenant Name: (Undefined by default) Your organization's tenant name, provided to you by Keyless.
API Key: (Undefined by default) This is specific to your Keyless tenancy and will be provided to you by Keyless.
Log File: the location in which you would like to save the logs produced by Keyless Workforce Access. By default this option will save logs to a sub-folder of the installation path.
Log Level: (Default 4) The level of log detail that will be saved (1-least detailed, 5-most detailed).
Enable Passwordless Login: (Enabled by default) Check this option to allow Windows authentication via Keyless only (no password input required) on this workstation. If the option is not checked, Windows authentication will require user's password and Keyless as an additional factor.
Click "Apply" to save your changes.
The Group Assignment tab allows optional assignment of specific groups to Keyless authentication.
By default all local user and all Active Directory users who are not administrators are assigned to Keyless authentication.
Keyless Workforce Access is applied to all users except for Administrators by default.
To include admins for Keyless authentication, uncheck the "Exclude Admins from Keyless Authentication" checkbox. Note: excluding administrators is highly recommended as part of the initial deployment.
To apply Keyless Workforce Access only on specific Active Directory groups on this workstation, select "Assign Keyless authentication on following group(s)" option in the dropdown under "Keyless Policy".
Next, click the "+" or "-" buttons on the right to add or remove Active Directory or local groups:
Use the dropdown labeled "From this location" to select between Active Directory and local groups.
Click the "Show All" button to display a list of all groups. From here the groups required can be selected.
Click "OK" to complete the group selection.
The Keyless Login Manager will display the groups that Keyless Workforce Access will be enabled on.
After you've configured Keyless Workforce Access and defined the set of users that will require Keyless authentication on this machine, you can test Keyless for specific users from the Test Authentication tab.
To validate your configuration, enter the User Principal Name of a user who has previously enrolled a trusted device for Keyless authentication and click "Test".
This should trigger an authentication request on the trusted device. Presenting the user's face and completing authentication will result in the message shown above.
Failure to authenticate will time out the test after 60 seconds.
Make sure that the user you are testing on has already enrolled with Keyless. The test will send a push notification to the user's Keyless app on his mobile device.
This page explains how to configure Offline Access Mode for the user.
Offline Access Mode enables a user to perform a workstation login when there is no internet connection either on the workstation or the user's mobile device. There are no additional steps needed in order to configure Offline Access Mode for users, but it is important that the IT teams understand how to operate the offline functionality.
All users with an enrolled authenticator device can enable and disable Offline Access Mode without escalated privileges.
Enabling and disabling Offline Access Mode is done via the Keyless tray application accessible on the tray bar:
By default, Offline Access Mode is disabled for all users on a given workstation. To enable Offline Access Mode, the user should click on the Keyless tray icon and select "Enable Offline Access".
To ensure maximum security, once enabled Offline Access Mode will only be available for 7 days and 10 login attempts. Once either of these criteria are met Offline Access Mode will be automatically disabled and users will need to re-enable Offline Access Mode or use the standard "online" login.
Each successful "online login" will reset the counter back to 7 days.
If, for example, a given user enabled Offline Access Mode 6 days ago and is now logging in via the standard "online" mode, the counter will reset back to 7 days upon successful login.
If you wish to change the default values of 7 days and 10 login attempts, please reach out to Keyless customer support.
A given user can view the current status of his Offline Access Mode by clicking on the "Show Status" option form the Keyless tray app:
Offline Status: Enabled or Disabled
Offline Sessions Remaining: the number of offline logins left for the given user on the given workstation.
Offline Time Remaining: the amount of time left for the given user on the given workstation for offline access. Resets on a successful "online" login.
How to install Keyless Workforce Access.
Keyless Workforce Access can be installed either manually via the MSI installation package wizard or silently via the command line interface.
Administrator privileges are required to install Keyless Workforce Access.
Rather than performing a silent install, you can use the MSI installation package provided by Keyless in UI mode. Double click the .msi installer provided to you and you will see the following Wizard:
1. Click "Next".
2. Select Installation Folder (the directory in which Keyless Workforce Access will be installed).
3. Click "Next".
4. Wait for installation to complete and click "Close".
Keyless Workforce Access can be installed silently from the command line using msiexec.
The following command line will install the product with default configuration (inactive).
It is also possible to install and configure Keyless Workforce Access at the same time, by including the following parameters on the command line;
** Activation will only happen if the three required parameters are properly configured (URL, TENANT, API).
The example below supplies the three required parameters and then enables Keyless Workforce Access immediately.
How to upgrade Keyless Workforce Access to a newer version.
Administrator privileges are required to update the application.
To upgrade from an older version of Keyless Workforce Access to the latest without removing the current configurations, use the following command:
How to remove the application.
Removal will delete all of the registry keys and installation artifacts from the target workstation. This action can be performed silently, with MSI Wizard, or with the Windows Control Panel.
Administrator privileges are required to remove the application.
Navigate to the application ‘Add or remove programs’.
From the menu of installed applications search and select ‘Keyless Workforce Access’ and select the option to ‘Uninstall’.
The uninstallation wizard will be initiated. Select ‘Yes’ to continue with the uninstallation. Windows will require an administrative prompt to complete this uninstallation.
Restart your workstation to complete the uninstallation.
Click to open the Keyless Workforce MSI file on your workstation.
Click "Next"
Select "Remove" Radio Button
Click "OK".
A silent uninstall can be executed using msiexec from the command line:
Parameter
Description
Values
Default
URL
Service Host URL for Keyless authentication
Value supplied by Keyless
"Undefined"
TENANT
Unique Tenant Name for your company
Value supplied by Keyless
"Undefined"
API
Unique API Key for your company
Value supplied by Keyless
"Undefined"
LOCAL_GROUPS
Comma separated list of local user groups for which Keyless Workforce Access will be active
Example:
"desktop_W53\Users"
"*"
AD_GROUPS
Comma separated list of AD user groups for which Keyless Workforce Access will be active
Example:
"keyless-lab\HR_ users"
"*"
ACTIVATE
Enable Keyless Workforce Access if possible**
"1" | "0"
"0"