This guide provides information on how to:
- Set up Beyond Identity as a passwordless authentication solution for Windows Desktop Login Enterprise Domain Joined devices.
- Set up Active Directory to use Certificate Based Authentication for applications and Beyond Identity as a Credentials Provider.
- Install & Configure BI Domain Connector on Active Directory.
- Configure OKTA AD Agent to work with Beyond Identity cloud for key synchronization (In case customer uses OKTA SSO)
Ensure that you have the following:
- Admin Console Configuration (Access to admin.byndid.com)
- User Console Configuration (Access to user.byndid.com)
- Users are provisioned into the BI admin portal.
- Passwordless login using BI IDP working
- Windows Server 2016 or forward with following components
- Active Directory Domain Services
- Active Directory Certificate Services (This is required only to trust self-signed client certificates)
- DNS Services
- AD Service Account with below privileges
- BI Domain Controller Installed in the case where customer does not use OKTA SSO. (Installation Instructions in Appendix C)
- OKTA AD agent configured in the case where customer uses OKTA SSO. (Installation Instructions in Appendix D)
- Domain joined Windows 10 pro device.
- Device with TPM (Trusted Platform Module)
- Device with Beyond Identity Authenticator installed and enrolled in Beyond Identity Web App Authentication service.
- Built-in or Pluggable Fingerprint reader (Optional)