This guide provides an overview of how users can register their Beyond Identity credential on a Windows device, enroll in Windows Desktop Login, and use Beyond Identity to securely log into their device and corporate web applications.
Important: Due to a Microsoft limitation, you can enroll a maximum of 10 user accounts on a machine.
Applies to: Microsoft Entra/Azure integrations with Beyond Identity as an IDP.
Contents
- Register a credential and enroll in Windows Desktop Login
- Logging in or unlocking your desktop with Beyond Identity
- Accessing web applications
Register a credential and enroll in Windows Desktop Login
This guide assumes that your IT administrator has already installed Windows Desktop Login on your device and you just need to register the passkey.
- Open the registration email for Beyond Identity from your IT administrator. It should look similar to the following example.
- Under Step 1, click the Register New Profile button (shown above).
Important: Make sure you register the credential before the link expires (7 days from the date the email was sent).
- Once registration is completed, the Authenticator displays a message that the Passkey (credential) was successfully set up.
- In the right panel, click Enroll in Desktop Login.
- Sign in with your Microsoft Azure (Entra) password when prompted. If multifactor authentication is configured, you may also need to verify your identity via text or another method.
- If your Windows device has a fingerprint reader, the fastest way to log in is to register your fingerprint. Alternatively, you can opt to use a PIN to log in. To configure a fingerprint:
- Click the hand and finger on the screen that you want to use to log in.
- Scan the finger on the fingerprint reader.
- When scanning is complete, click Next.
Note: If you don’t want to scan your fingerprint, you can click Next when selecting a finger to scan.
- Enter a PIN that you will use to log in with Beyond Identity. If you scanned your fingerprint, you will still need to enter a PIN as a backup.
- Re-enter the pin. As soon as you type the correct pin, a "PINs match" message appears.
- Click Finish setup.
-
If your machine is online, you can log in as usual. It can take up to 30 minutes to sync with Azure/Entra because Windows caches credentials. If you see a message that states, "We couldn't set up offline access at this time," it is because Windows is still syncing with Azure/Entra.
Note: You may see the following message. In most cases, you can click No. You only need to click Yes if you use a remote desktop login to log into the Windows machine or if you use step-up authentication that requires remote access.
- It is strongly recommended that you migrate a copy of your passkey to another device to recover it if you accidentally delete it, etc. The following articles describe how to perform this procedure:
Logging in or unlocking your desktop with Beyond Identity
Fingerprint login
- Select the Beyond Identity tile under Sign-in options.
- Scan your fingerprint on the fingerprint reader to log in.
PIN login
- Select the Beyond Identity tile under Sign-in options.
- Click Use Beyond Identity PIN.
- Enter the Beyond Identity PIN you configured when enrolling in Windows Desktop Login.
Windows password login
If you are using your Windows account password to log in or unlock your device instead of Beyond Identity, you can select the key icon on the page and enter your password as normal.
Accessing web applications
When accessing corporate web applications, rather than being prompted to enter your username and password to authenticate, you can simply scan your fingerprint or enter your PIN, as shown in the following example screens.
Comments
0 comments
Please sign in to leave a comment.