IPI Authenticator guide
IPI Authentication Service – Mobile key pilot guide
IPI Authenticator App Solution Components
can be deployed on both Windows and Linux server
is deployed from source or run on Docker
must be deployed on the Customer's side and entered into the domain
in order to work with AD
IPI Client (desktop application)
can be installed centrally, .msi
is designed for Windows 10-11 only
You can register the server address on all Сlients centrally
IPI Authenticator (mobile app)
Compatible with Android and iOS devices
Mobile sign-ins to any Windows account type (via RDP as well; passwordless TPM-based, password-based)
Single sign-in option
OTP generation
If you ordered a pilot project and successfully deployed your IPI Enterprise Server, licenses will be issued for the required number of employees.
Use scenarios
You can use IPI Authenticator as only SSO method or you may try full functionality (which includes PC passwordless or password-based login).
There are 2 possible use scenarios:
Windows login (passwordless or password-based PC login)
Using IPI Authenticator for SSO login
Step 1
In a IPI Group email, you received the server address and access. Please go to the server and add one employee. At this stage, it is enough to fill in only his or her name and leave the rest of the data blank. How to add an Employee?
Step 2
Enable SSO for the employee. Administrators can log into the IES service and use the SSO service by default, but employees with user accounts cannot, so they first must have an explicit permission of the administrator.
Step 3
Install and set the IPI Authenticator for your OS:
Download the application - App Store, Play Market.
Step 4
Enroll the IPI Authenticator application on IES - iOS and Android guides.
Step 5
Then you can login on IES using the IPI Authenticator - iOS and Android guides.
Also now you can use IPI Authenticator for OTP generation - iOS and Android guides.
Using the full functionality of IPI Authentication Service (Windows login scenario)
Step 1
Setup IPI Authenticator for SSO login as described above (steps 1-4).
Step 2
Now you have two options to use IPI Authenticator for PC unlock:
For AD on premises accounts is available passwordless authentication based on TPM technology (the most secure and highly recommended). For this option user does not have to know the account password.
For all account types (local, Microsoft, AD on premises and Azure AD) is available password-based authentication. For this option user has to know the account login, password and domain (for AD accounts).
To enable passwordless authentication, please, follow next steps:
Step 3
Install the IPI Client on your workstation.
If IPI staff didn't give you any special version, then use the latest stable version, which can be downloaded here.
Installation instructions are here.
Note! You can install the IPI Client version to work with internal Bluetooth or with an external IPI Dongle. If you will not use IPI Keys, it does not matter which option to choose.
Step 4
Enter the IES address in the IPI Client. Approve the workstation on the server. How to add and approve Workstations?
Step 5
To enroll the IPI Authenticator for passwordless authentication follow this guides - iOS, Android.
Before setting up the application, please, ensure that:
You are signed into the Windows domain account.
Workstation has TPM 2.0 module.
To enroll the IPI Authenticator for password-based authentication (enable for local, Microsoft, AD on premises and Azure AD account types) follow this guides - iOS, Android.
Step 6
Then you can login to your PC using the IPI Authenticator - iOS and Android guides.
For passwordless unlock account also is available offline login via text code. You have to perform online login once and then 50 offline codes will be generated for you. Read more about this option - iOS, Android.
Step 7
Also there is available PC lock option, read more about it via the links - iOS, Android.
Read more about IPI Authenticator features in official guide.
Last updated