Skip to main content
Skip table of contents

Secondary User Authentication on Windows Clients


If the Client is installed on a computer running the Windows operating system, and if multiple users may use the same account to log in to this computer, it is important to also identify the individual person using the account.

Identification of the individual can be performed by means of secondary user authentication, which requires the user to enter their secondary user authentication credentials in an additional pop-up window displayed when logging in.

If secondary user authentication is enabled, the user will be prompted to enter the credentials of an Ekran System user who has the Access to Endpoint via Secondary Auth. permission for Clients.

The secondary user name will then be displayed in the list of Client Sessions, in brackets after the user name under which the user is logged in to Windows.


NOTE: Secondary user authentication works even if there is a no connection between the Client computer and the Application Server computer (i.e. in offline mode), but only for users who have previously logged in to the Client computer at least once using secondary user authentication when there was an active connection. In rare technical cases (e.g. involving re-installing Clients) it may happen that a user cannot log in, in which case an administrator can contact the Ekran System Support team to request a temporary emergency password.

NOTE: The "Enable secondary authentication on login" option cannot be enabled at the same time as "Allow the use of one-time passwords" option.

NOTE: In some situations (e.g. after a forced restart), the EkranClient service will not start for approximately one minute while the computer is starting up, during which time, secondary user authentication will not work.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.