IPI Authentication Service (EN)
  • IPI Authentication Service for Enterprises
    • Release notes
  • Quick Start Guides
    • Key features of the IPI Authentication Service in 5 minutes
    • Setup guides
      • Hardware key setup guide
        • Admin Guide (first steps)
        • Admin Guide (advanced steps)
        • User Guide – first steps with the IPI Client
        • User Guide – first steps with the IPI Client (for PCs without internal Bluetooth)
        • User Guide (advanced steps with the IPI Client)
      • Mobile authenticator setup guide
        • Admin Guide
        • User Guide (first steps)
        • User Guide (advanced steps)
    • FIDO2 and U2F Authentication Guide
    • Quick Start Guide for subscriptions
      • Hardware key guide
      • IPI Authenticator guide
      • Passkeys Guide
    • Guide for free trial projects
      • Passkeys
      • Mobile app
      • IPI Key
  • Use cases
    • Admin cases for IPI Enterprise Server
      • Integration IES with Active Directory
      • Import and sync users from Active Directory
      • Import and sync users from Active Directory with domain password changing
      • How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
      • Emergency blocking of all computers
    • Hardware key use cases
      • Proximity settings (guide for admin)
      • End user Use cases
        • Proximity Lock
        • Proximity Unlock
        • Unlock PC by Bluetooth Touch (Tap-and-Go)
        • Unlock PC by Security Key
        • Using IPI Key as an OTP generator for your two-factor authentication
        • Using IPI Key as U2F security key for your two-factor authentication
      • Other vendors' hardware keys
    • Software key use cases
      • Mobile authenticator use cases
        • Admin cases
          • Using IPI Authenticator as your passwordless authentication method for SSO
          • Using IPI Authenticator as your two-factor authentication method for SSO
        • End user Use cases
          • Using IPI Authenticator as your passwordless authentication method for SSO
          • Using IPI Authenticator as your two-factor authentication method for SSO
          • Passwordless PC login
          • Password-based PC login
          • Login to remote PC via RDP
          • Remote PC lock
          • Using IPI Authenticator as an OTP generator for your two-factor authentication
      • Smartphone or tablet as a Passkey
  • IPI Enterprise Server
    • IPI Enterprise Server
    • Glossary
    • Deployment
      • Database installation
        • MySQL on Windows
        • MySQL on Linux
        • Microsoft SQL Server on Windows
        • Microsoft SQL Server on Linux
      • IES deployment
        • Windows
        • Linux
        • Docker
        • Deployment without Internet access
        • Troubleshooting
      • IES update
        • Windows
        • Linux
        • Docker
    • Administration
      • How to change the password for an administrator account?
      • How to recover a forgotten admin password?
      • Adding an admin account
      • Deleting an admin account
      • How to enable two-factor authentication at the IPI Enterprise Server?
      • Authorization on the IES server via a FIDO key
      • Platform authentication on the IES server
      • Connecting Linux server to Active Directory
      • Setting IES server parameters
      • Configuring DNS server
      • How to create and set Device Access Profiles
      • How to manage companies and departments?
      • How to manage Positions?
      • Enable load balancing
      • Data Protection
    • Dashboard
      • Information about the server
      • Information about employees
      • Information about devices
      • Workstations Information
    • Employees
      • How to add an Employee?
      • Employees management
      • Employee management with Active Directory
    • Workstations
      • How to add and approve Workstations?
      • Workstations management
      • Workstation Profiles
      • Use Proximity Unlock Workstations
    • Hardware Vaults
      • How to add IPI Key into the Server
      • Assign a key to the user
      • Remove the key from the Employee
      • Set a profile for a Hardware Vault
      • How to see an RFID code on the Employee key?
    • Accounts
      • Creating personal employee accounts
      • Creating shared employee accounts
      • Personal account management
      • Shared account management
      • Accounts backup and restore
      • How to work with the account template?
    • Keys Management
      • Keys Statuses
      • Transition to Reserved status
      • Keys Activation mechanism
      • Cancel issuance of IPI Key (Reserved -> Ready)
      • Transition to Suspended status
      • Transition to Locked status
      • Transition to Deactivated status
      • Transition to Compromised status
      • Removing the Locked status
      • Wipe procedure
      • Delete key from IPI Server
    • Audit
      • Workstation events
      • Workstation Sessions
      • Summaries
    • Configuring SAML Protocol
      • Use cases
        • Citrix services
        • Fortinet services
        • Configure ASA AnyConnect VPN with IPI Enterprise Server through SAML
        • Setting up SAML for GitLab on premises
      • IPI Identity Provider Settings
    • Single Sign On settings
      • How to get employee licenses
      • Admin settings
      • User settings
    • Configuration OIDC (OpenID Connect)
  • IPI Client App
    • IPI Client App
    • Windows Client deployment
      • Set up IPI Client app
      • Configuration app
      • Deploying an MSI via GPO
      • Uninstall IPI Client app
      • Uninstalling via GPO
      • Upgrade IPI Client
      • Downgrade IPI Client
    • Application interface
      • General Settings
      • Logon settings
      • Experimental settings section
        • Automatic RDP Launch and Logon
        • Password manager caching
        • FIDO key removal lock
      • Language selection
      • Configuring hotkeys
    • Account management
      • Account creation
      • Editing an Existing Account
      • Deleting your account
    • Shortcuts
    • Remote Vault connection
    • Mobile Authenticator
  • IPI Authenticator App
    • Quick overview
    • Admin guide
      • Setup for PC login scenario
        • Configuring an Active Directory Certification Authority
        • IES setup for passwordless login
        • Next steps
      • Setup for SSO scenario
    • User guide
      • Mobile App Primary Setup
      • Software key enrollment
        • SSO enrollment
          • SSO enrollment (admin account)
          • SSO enrollment (user account)
        • PC Authorization Enrollment
          • Enrollment for Passwordless PC Authorization
            • Passwordless account re-enrollment
          • Enrollment for Password-based PC Authorization
            • Account roaming
      • Login with IPI Authenticator
        • SSO login
          • SSO passwordless login
          • SSO login as a second factor
        • PC login
          • Passwordless PC login
            • Offline passwordless login
          • Password-based PC login
          • Login to the remote PC via RDP
      • PC lock
      • OTP generation
      • Software key disabling
        • PC logon disabling
        • SSO logon disabling
      • Service operations
  • IPI Key (Enterprise Edition)
    • IPI Key (Enterprise Edition)
    • Technical Specifications
      • Technical specifications IPI Key 3
      • Technical specifications IPI Key 4
    • Principles of operation
    • Device Layout
    • Battery maintenance
    • IPI Key modes
    • How to update the IPI Key (Enterprise) firmware
    • How to enter credentials with the IPI Key
    • How to unlock PC
    • Key for Physical doors
  • Product Updates
    • Product updates
    • IPI Enterprise Server updates
    • IPI Key firmware updates
    • IPI Client updates
    • IPI Authenticator updates
  • API
    • IPI Enterprise Server web API
  • FAQ
    • How-to's
      • How to add an Employee?
      • How to add personal user account on IES?
      • How to assign IPI Key to a user?
      • How to activate IPI Key?
      • How to unlock IPI Key on IES?
      • How to unlock PC with IPI Key?
      • How to setup proximity PC unlock?
      • How to use IPI Key on remote PC?
      • How to enroll the IPI Authentication app on IES for SSO?
      • How to login on IES with IPI Authenticator?
      • How to enroll the IPI Authentication app for PC login?
      • How to login to PC with IPI Authenticator?
    • IPI Client App
      • What do I do if I see the message "Connection failed. Trying to re-bond device"?
      • What do I do if the connection with the IES server cannot be established?
      • What should I do if the Password Manager menu item is not displayed?
    • IPI Enterprise Server
      • How to view logs at IPI Enterprise Server?
    • IPI Authenticator
      • QR code is not displayed at the credential provider on my PC
      • I have registered successfully but cannot login
      • What do I do if I changed domain and cannot login now
    • IPI Key
      • What physical conditions are dangerous for the IPI Key?
      • Is the IPI Key allowed on planes?
  • Documentation portal
Powered by GitBook
On this page
  • Step 1: Keys management
  • Step 2: Hardware Vault Access profiles
  • Step 3: Set up different Lock mechanism for different workstations
  • Step 4: Try IPI Key as an OTP generator
  • Step 5: Set up two-factor authentication at the IES server
  • Step 6: Data protection
  1. Quick Start Guides
  2. Setup guides
  3. Hardware key setup guide

Admin Guide (advanced steps)

Advanced steps for the IPI Authentication Service

PreviousAdmin Guide (first steps)NextUser Guide – first steps with the IPI Client

Last updated 1 year ago

After you have configured the server's basic functions and your employees have learned how to work with the IPI Keys - it's time to use other IPI solution possibilities.

Step 1: Keys management

Special statuses have been developed for key management. For example, an employee's key is compromised; the employee has gone on vacation, and you need to suspend his access; employee fired, etc. Check out the section to use all these features.

Step 2: Hardware Vault Access profiles

Depending on the role of a particular User, you can configure more or less strict access settings. For example, it requires entering a pin code every 10 minutes, pressing a button and entering a pin code every time the key is connected. You can learn more about these features .

Step 3: Set up different Lock mechanism for different workstations

IPI Key uses the proximity mechanism to lock your workstation. Read more about .

To unlock - you can choose different options:

  • Use Cases where 1 user can work on 1 PC - try

  • Use Cases where many users can work on any PC - try (default option)

  • Use Cases where Azure Active Directory is a part of your infrastructure - try the

Step 4: Try IPI Key as an OTP generator

We hope you have already tried this option while creating or accounts. But if not - it is time to start. Try this instruction to .

Step 5: Set up two-factor authentication at the IES server

Step 6: Data protection

Read more about this option .

Read and decide if this option is suitable for you.

Keys Management
here
this
proximity mechanism
Bluetooth Touch mechanism
Security Key mechanism
personal
shared
Set up two-factor authentication for your Gmail account
here
more