Beyond Identity uses virtual smartcards, which provide the same cryptography and functionality as a physical smartcard but are stored in memory on the machine in the Trusted Platform Module (TPM). Remote Desktop forwards virtual smartcards from the client machine to the remote machine, so you need to install Windows Desktop Login or the Windows System installer on the remote machine so it will recognize the passkey from your client machine. You can learn more about smartcard forwarding at: https://learn.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services
Important: Due to a Microsoft limitation, you can enroll a maximum of 10 user accounts on a machine.
Applies to: Microsoft Entra/Azure hybrid environments
High-level steps
- (Prerequisite) The Beyond Identity authenticator must be installed on the client machine, and you must be enrolled in Windows Desktop Login.
- Update settings and install Windows Desktop Login or the Windows System Install on the remote machine.
- Use the client machine to log into the remote desktop. The Beyond Identity virtual smartcard that contains your passkey will be forwarded to the remote machine and added as a passkey to the authenticator installed with the Windows Desktop Login or the Windows System Install.
Client Machine
Actions to be performed on the client machine are highlighted in blue.
Remote Machine
Actions to be performed on the remote machine are highlighted in orange.
Configure the remote machine to accept your passkey from the client machine
Install Windows Desktop Login or the Windows System Install on the remote machine and enable remote desktop settings so the client machine can connect to this remote machine.
- Download the Windows Desktop Login installer to the remote machine from:
https://app.byndid.com/desktop-login/downloads
-or-
Download the Windows System installer from:
https://app.byndid.com/downloads
- Open the Downloads folder, double-click the file, and install it.
- Enroll in Desktop Login. see Windows Desktop Login enrollment.
- Go to Start > Settings in Windows and set the following options:
- Search for “remote desktop settings,” and toggle Enable Remote Desktop to On.
- When prompted, confirm this change.
- Click Advanced settings (shown above), and uncheck Require computers to use Network Level Authentication to connect (Recommended).
- When prompted, confirm this change.
- Search for “remote desktop settings,” and toggle Enable Remote Desktop to On.
Configure the client machine and connect to the remote desktop machine
- Make sure that the Windows Desktop Login or Windows System installer is installed on your client machine and that you’ve enrolled in Windows Desktop Login.
- Go to Start > Beyond Identity > Beyond Identity. In the right pane, you should see “Enrolled in Desktop Login.”
If you need to enroll in Windows Desktop Login, see Windows Desktop Login enrollment.
- Go to Start > Beyond Identity > Beyond Identity. In the right pane, you should see “Enrolled in Desktop Login.”
- Go to Start > Settings in Windows and set the following options:
- Search for “remote desktop settings,” and toggle Enable Remote Desktop to On.
- When prompted, confirm this change.
- Search for “remote desktop settings,” and toggle Enable Remote Desktop to On.
- Go to Start > Windows Accessories > Remote Desktop Connection and set the following before you connect:
- Enter the IP address in the Computer field.
- Click Show Options.
- Select the Local Resources tab and click More.
- Check the Smart cards or Windows Hello for Business checkbox and click OK.
- Enter the IP address in the Computer field.
- Click Connect. You will be prompted to enter your Beyond Identity credentials.
- Enter the PIN you configured for Windows Desktop Login or the Windows System installer and click OK.
- When a message appears stating that “The identity of the remote computer cannot be verified. Do you want to connect anyway,” click Yes.
Tip: You may want to check the Don’t ask me again for connections to this computer checkbox.
Comments
0 comments
Please sign in to leave a comment.