IPI Authenticator guide
IPI Authentication Service – Mobile key pilot guide
Last updated
IPI Authentication Service – Mobile key pilot guide
Last updated
can be deployed on both Windows and Linux server
is deployed from source or run on Docker
must be deployed on the Customer's side and entered into the domain
in order to work with AD
(desktop application)
can be installed centrally, .msi
is designed for Windows 10-11 only
You can register the server address on all Сlients centrally
(mobile app)
Compatible with Android and iOS devices
Mobile sign-ins to any Windows account type (via RDP as well; passwordless TPM-based, password-based)
Single sign-in option
OTP generation
If you ordered a pilot project and successfully deployed your IPI Enterprise Server, licenses will be issued for the required number of employees.
You can use IPI Authenticator as only SSO method or you may try full functionality (which includes PC passwordless or password-based login).
There are 2 possible use scenarios:
Install and set the IPI Authenticator for your OS:
Now you have two options to use IPI Authenticator for PC unlock:
For AD on premises accounts is available passwordless authentication based on TPM technology (the most secure and highly recommended). For this option user does not have to know the account password.
For all account types (local, Microsoft, AD on premises and Azure AD) is available password-based authentication. For this option user has to know the account login, password and domain (for AD accounts).
To enable passwordless authentication, please, follow next steps:
Install the IPI Client on your workstation.
Note! You can install the IPI Client version to work with internal Bluetooth or with an external IPI Dongle. If you will not use IPI Keys, it does not matter which option to choose.
(passwordless or password-based PC login)
In a IPI Group email, you received the server address and access. Please go to the server and add one employee. At this stage, it is enough to fill in only his or her name and leave the rest of the data blank.
. Administrators can log into the IES service and use the SSO service by default, but employees with user accounts cannot, so they first must have an explicit permission of the administrator.
Download the application - , .
Primary setup guides - , .
Enroll the IPI Authenticator application on IES - and guides.
Then you can login on IES using the IPI Authenticator - and guides.
Also now you can use IPI Authenticator for OTP generation - and guides.
Setup IPI Authenticator for SSO login as described (steps 1-4).
.
.
If IPI staff didn't give you any special version, then use the latest stable version, which can be downloaded .
Installation instructions are .
Enter the IES address in the IPI Client. Approve the workstation on the server.
To enroll the IPI Authenticator for passwordless authentication follow this guides - , .
To enroll the IPI Authenticator for password-based authentication (enable for local, Microsoft, AD on premises and Azure AD account types) follow this guides - , .
For password-based accounts roaming feature is available. It means that you can enroll the IPI Authenticator on one PC and then use this account on any other computer that has the same account. Read more - , .
Then you can login to your PC using the IPI Authenticator - and guides.
For passwordless unlock account also is available offline login via text code. You have to perform online login once and then 50 offline codes will be generated for you. Read more about this option - , .
Also there is available PC lock option, read more about it via the links - , .
Read more about IPI Authenticator features in .