Specops Authentication Web

The Specops Authentication Web can be used to view system information and manage various aspects of the product including system-wide configurations, and multi-factor authentication policies for its various resources. Once you have installed and configured the Gatekeeper, users that are members of the Authentication Admin Group can further configure the solution from the Specops Authentication Web:

US datacenter: https://login.specopssoft.com/authentication/admin
EU datacenter: https://eu.login.specopssoft.com/authentication/admin

For more information and general administration, refer to Specops Authentication Web.

The configuration steps that are specific for Specops Secure Access are described below.

Configuring a Secure Access Policy

Setting up Secure Access consists of configuring a policy that includes those identity services that your users have access to.

Login to the Specops Authentication Web and click on Secure Access in the left navigation.
Click on the Windows Clients tab, then click Configure for the policy.
Click the plus-icon for those identity services you want to include in the policy.
Click Save.

Configuring an NPS Companion Policy

The Microsoft Network Policy Server (NPS) is called through the NPS Companion using RADIUS to enable two-factor authentication for remote access. Here you can configure a policy for those users.

In the Specops Authentication Web left navigation, go to MFA for Windows
Click on the NPS Companion tab, then click Configure for the policy.
Click the plus-icon for those identity services you want to include in the policy.
Click Save

End-user

In order to provide a backup authentication method (e.g. in cases where online access is unavailable), users need to configure an account registration entry in their authenticator app.

Note

If this is the first time users access Secure Access and they have not yet enrolled with Specops Authentication, they will need to enroll first.

Click on the Register button.
A secure browser window will open. Follow the instructions in the browser to enroll with Specops Authentication.

Note

An authenticator app such as Microsoft Authenticator or Google Authenticator is required to set up offline authentication.

Log in to your computer with your main Windows password and a second factor chosen from the list.
The Secure Access screen shows a QR-code
Open your authenticator app and create a new entry.
Scan the QR-code from within the authenticator app.
Enter the code generated by the authenticator app.
Click OK.

Subsequent logins require the user to log in with their main Windows password and a second factor of their choosing.

Offline Authentication

In situations where users are unable to connect to the internet, Secure Access can still be used by using the user's authenticator app as a second factor (see End-user on initial login).

In cases where the user's computer is offline, they will be presented with the following:

Log in to your computer with your main Windows password.
The Secure Access screen will indicate a Server connection error.
Click the Offline Code button.
Open your authenticator app and find the MFA account registration entry.
Enter the code from your authenticator app.
Click OK.

Specops Authentication Web

Configuring a Secure Access Policy

Configuring an NPS Companion Policy

End-user

Setting up Offline Authentication Registration (initial login procedure)

Offline Authentication