Using Windows Logon (Large Scale Implementation)

This section covers usage of Windows Logon for general users.

This manual is intended for users part of a large-scale implementation procedure.

Table of Contents

1. Windows Logon setup

To use the Windows logon service, you need to log on to the PC once. The first time you log on, the system will be set up automatically, allowing you to use the YubiKey-baased two-factor authentication from the next time you log in.

1-1. Checking the network connection

Launch the PC and click the network icon at the bottom right of the logon screen.
Make sure you are connected to the network.

If the PC is not connected to the network, please make a network connection.

1-2. Automatic setup

Log on to the PC with only the Windows password.

If the PC is connected to the network at logon, the automatic setup will be completed.
Next time you log on, you can use two-factor authentication.

If you do not switch to two-factor authentication
Please review the network connection of the PC and log on to the PC again.

2. Using Windows Logon (Large Scale Implementation)

This section explains how to use two-factor authentication via YubiKey.

Boot the PC so it displays the logon screen.
Make sure that “YubiOn®Wls CredentialProvider” is displayed.

If you don’t see “YubiOn®Wls CredentialProvider”, click on the “sign-in options” and then click on the “YubiOn” icon.

Plug the YubiKey into the USB port.
Ensure that the metal part in the center lights up.

Enter your Windows password in the password field.

After entering the password, tap on the metal part of the YubiKey.
By tapping the YubiKey, it will automatically enter the one-time password.

Then, if “Windows password” and “One-time password of YubiKey” are correct, the logon will be successful.

About offline authentication
・To enable offline authentication, the PC must be successfully authenticated online once.
・Each time the PC is successfully logged in, the offline authentication period is updated.
 e.g. Consider an offline expiration date set to 3 days.
   If the PC is successfully logged on on April 1st, offline authentication will be enabled from April 1st to April 3rd.
   If the PC is successfully logged on during the above period, it is effective for an additional 3 days from the date of successful authentication.
・Please contact your administrator for the offline expiration date.

3. If you can’t log on to your PC

When you cannot log on to a Windows PC, it is in the “PC Lock” state. The PC will be locked after a certain number of failed login attempts or if it is locked by an administrator.. If the PC is locked, the password field will be hidden and the “Machine is locked” message will be displayed.

Function to unlock the PC after a certain time
If the administrator has set up the “unlock after a certain period of time” feature, the PC will be automatically unlocked after a certain amount of time has elapsed.
The PC is unlocked when the PC connected to the network starts up.

If the PC is not unlocked after the set time has elapsed, or if you need to unlock the PC immediately, please contact your administrator.

4. Temporarily log on with a password only

The mode wherein users can temporarily log on to the PC with only the password is called the “Emergency Logon” state. This mode can only be set by the administrator.

When an emergency logon occurs, the message “Emergency Logon Mode” will be displayed on the logon screen. You can log on by entering only your password in the input field.

5. Checking the Version

In the Start menu > Settings > Apps search box, enter “WindowsLogonService Client Tool”. Click on Client Tools and the version number will be displayed.