Logging in Using Secondary Credentials
The process of logging in to a Client computer with secondary user authentication enabled is as follows:
1. The user logs in to Windows in the usual way (either locally or remotely).
2. On user login to Windows, the Client displays the secondary authentication window, requesting the user to enter their secondary credentials.
3. The user enters the credentials of an Ekran System user that has the Access to Endpoint via Secondary Auth. permission.
4. These credentials are then sent to the Application Server and the Application Server returns a response on whether access to this computer is permitted. If the user has the required Access to Endpoint via Secondary Auth. permission for the Client computer and the credentials they entered are correct, the user is allowed to access the system. Otherwise, the user will receive an appropriate message that they do not have permission.
5. As soon as the user has logged on to the system, the Client will start recording their activity and the user name will be displayed in the Management Tool on the Monitoring Results page in the User name column in brackets: <logged in Windows user> (<secondary authentication user>).