Login to Windows using idenprotect For Mobile app

From iDENprotect Knowledge Base
Jump to: navigation, search

Preparing Windows for Login

This article is targeted at a user that wants to use their mobile phone or tablet/iPad to login to Windows using the idenprotect For Mobile app. It is assumed the server environment has already been set up correctly.

The end result will be a password-less Windows Login using the strong security of a mobile device's secure hardware protected by a biometric, such as a fingerprint.

idenprotect For Desktop

The idenprotect Windows components must be installed and you must have enrolled the Windows machine onto an idenprotect Core Platform.

Enrolling your Windows PC as a device on idenprotect Core Platform

Your Windows PC must be enrolled as a device on an idenprotect Core Platform before it can be used to login to Windows using idenprotect. Enrollment is achieved by receiving an enroll.idn file in an enrollment email. The file is then opened with the idenprotect Toolkit application to install the necessary certificates on the Windows PC.

  1. Open the enroll.idn file received as an attachment in an enrollment email.
    • Enrol - start.png
  2. If you are not currently logged in as the user required for enrollment, you will be asked to enter the password for the user.
    • Enrol - password.png
  3. The enrollment screen will show the steps being taken to enroll your Windows PC as a device on the idenprotect Core Platform.
  4. After enrollment you will be able to see the device on the idenprotect Toolkit application and you will be able to login to Windows using any mobile devices that you have enrolled.
    • Enrol - process.png

File:Enrolling Windows PC as a device.mp4

idenprotect For Mobile app

You must have enrolled the mobile device that is to be used for login. Information on using the idenprotect For Mobile applications can be found in Idenprotect_Android and Idenprotect iOS.


  • The Authenticate screen is displayed when the idenprotect For Mobile app is opened.
  • your email address will appear on the mobile app and it must match the email being used to login to Windows.

Mobile app - authenticate ready.png

Logging in to Windows

Make sure your Windows PC is at the login screen prompt.

  1. Select the idenprotect login tile.
  2. Select your email from the drop-down list of enrolled users for the Windows PC.
  3. Select the submit button. This will display a GUI screen to select which mobile device you would like to use for logging in and whether you would like to use a one-time code (OTP) for login.
  4. Select the Login button. This will begin the process to login to Windows using your mobile device.
  5. A QR Code (or phone image) will be displayed on the screen that represents the authentication challenge to prove you are in possession of your mobile device. Use the idenprotect For Mobile application's Authenticate button.
    • Win logon online.png
  6. The mobile app will request a biometric scan so that the authentication challenge can be signed by the mobile device's secure hardware (TEE / Secure Enclave).
  7. A successful biometric scan will generate a signed response that will be returned to the your Windows machine.
    • Win phone logon online.png
  8. A successful response will result in a logged-in Windows session.

Once successfully identified, validated and authenticated, you will be logged in. The application can now be used for online and offline authentication.

Logging in to Windows using a one-time code (OTP - offline use-case)

After you have logged into your Windows PC using idenprotect, there will be an option to login using an OTP generated on the mobile device.

  1. Select the idenprotect login tile.
  2. Select your email from the drop-down list of enrolled users for the Windows PC.
  3. Select the submit button. This will display a GUI screen to select which mobile device you would like to use for logging in and whether you would like to use a one-time code (OTP) for login.
  4. Select the OTP button. You will then be requested to enter a one-time code (OTP) for login.
  5. Generate the OTP using your idenprotect For Mobile app. Enter the OTP on the login screen.
    • Win phone logon otp.png
  6. A successful OTP verification will display a success message and you will be logged into your Windows PC.
    • Win logon otp.png