Guide for free trial projects
IPI Authentication Service – 30 days free trial
Last updated
IPI Authentication Service – 30 days free trial
Last updated
Your trial lasts for 30 days, giving you enough time to fully evaluate our product. This extended period ensures you can make an informed decision.
In your IPI portal account, you can:
Check the remaining trial days
Access the Dashboard (trial days, server link)
View Subscriptions (Server name, Employee Count, Trial Status, End Date)
Find Instances (Trial server address)
Get Software (links for IPI Server On-Premise, Desktop App, Mobile App)
Access Documentation (guides for the trial stage)
Edit your Profile (name and Passkeys)\
After registering your trial server, it's accessible in the cloud with full resource access. You can also deploy the server On-Premise for better performance. Download the server image for local deployment from the Software section on your portal.
Make sure to use the credentials of your Administrator account:
We advocate for the adoption of additional security measures and are actively transitioning away from the reliance on login credentials for authentication. To enhance the security of your Administrator account, consider implementing the following authentication methods:
Go to Profile and set up an additional authentication method for the Admin's account:
After that, you can start adding employees to your server. There are two options:
Send email invitations to employees, allowing them to self-enroll. You will need to enable Single Sign-On (SSO) for each employee and decide whether you want them to sign in without having to enter usernames and passwords at all, or simply add passwordless MFA to the traditional password-based authentication.
Please ensure that you use a valid email address for new employees. They must accept the invitation within 24 hours, as the link will expire otherwise.
At this stage, the Administrator should choose one of the two SSO options :
Passwordless Authentication: This method eliminates the need for a traditional username and password. Employees will utilize one of the following options for authentication:
FIDO Security Key (e.g. IPI Key, YubiKey)
Passkey or platform authenticator (e.g. native biometric authentication on Android devices, Touch ID / Face ID on iOS devices, Windows Hello)
IPI Authenticator App
Two-Factor Authentication: In this case, the user will have to enter their username and password as usual, and then use one of the passwordless methods to complete the two-factor verification:
FIDO Security Key
IPI Authenticator App
OTP Authenticator App (e.g. Microsoft Authenticator)
You can import up to 100 users from your Active Directory, saving time and effort. Additionally, you can choose the option of domain password changing.
Ensure that you provide the correct data while syncing your Active Directory.
IPI Server allows you to enable passwordless Single Sign-On (SSO) based on the SAML and OpenID Connect (OIDC) protocols. These protocols are utilized to verify a user’s identity when an employee tries to access web or mobile applications.
To configure IPI Server as an Identity Provider for passwordless SSO, go to Settings → Parameters → SAML / OIDC, and proceed with SAML or OIDC configuration:
After employees have received the invitation letter, they are prompted to finish self-enrollment by choosing one of the available passwordless authentication methods:
They may include:
Biometric authentication using Android devices;
Touch ID / Face ID using iOS devices;
Windows Hello;
External security keys (like IPI Key or YubiKey).
Cross-platform authenticators can be used across different operating systems (Windows, macOS, Android, iOS, etc.). Examples include FIDO security keys (Passkey) and biometric methods like fingerprint or facial recognition, which are supported on a wide range of devices.
Platform authenticators are unique to a specific platform. For example, Windows Hello facial recognition for Windows-based devices and Touch ID for Apple devices.
You can find our mobile app on Google Play and the App Store.
IPI Authenticator enables passwordless Single Sign-On (SSO) through the use of one-time QR codes. This is particularly valuable for users with smartphones lacking biometric capabilities. The app serves as a substitute for biometric login methods while ensuring a secure passwordless experience.
In addition to passwordless SSO, IPI Authenticator allows users to enable passwordless desktop login to Windows PCs. This feature is described in Step 5.
After creating the user profile, employees can enhance security by adding more authentication methods. They can enroll additional devices (smartphones/tablets/laptops) as FIDO2 authenticators or register the IPI Authenticator app.
You can utilize the IPI Authenticator mobile app to unlock your PCs running on Windows 10/11. To do this, ensure the following three conditions are met:
Open and proceed with all steps, then click Install:
Configure your IPI Client in Wizard:
This step is very important to configure the IPI Client on your Workstation
Go to the section Workstation on your server, select Workstation, and click Approve:
Restart your PC or click Reconnect on IPI Authenticator:
The indicator of connection of your server will have a green color:
There are two methods for unlocking your PC using the Authenticator. Depending on the method, you'll need to use your IPI Authenticator mobile app with the IPI Client desktop program.
That method requires config:
The workstation should have:
Domain user account
TPM 2.0 module
Open IPI Client→Mobile Authenticator→ Passwordless Authorization-> Setup
Open IPI Authenticator and select the QR scanner.
Scan the QR code on the computer by smartphone.
Confirm action on IPI Authenticator and wait until the account is created. The account will appear in the section Accounts→ Workstation.
Passwordless PC Authorization allows you to unlock the Workstation when it is offline using codes. Learn more about this feature at this link.
Open IPI Client→Mobile Authenticator→ Password-bassed Authorization→ Setup
Open IPI Authenticator and select the QR scanner.
Scan the QR code on the computer by smartphone.
Confirm action on IPI Authenticator
Choose Account type and put User name, Domain, Password, and click **Safe.**The account will appear in the section Accounts→ Workstation.
The process of enrolling IPI Authenticator for unlocking the Workstation is the same for both the Android and IOS platforms.
Open IPI Authenticator.
Scan the QR code on the log screen.
Select an account on the IPI Authenticator app.
Please, make sure that you enable to display QR code on the log on screen of your Workstation.
In the IPI Client, open Settings -> Logon section -> Always shows authorization QR on logon screen:
After IES setting up you have 3 options that you can try either separately or together:
If you have any questions on the deployment or configuring IES, please contact our Customer Care team at support@ipi.com. We’ll be happy to help!