AuthLite Interactive Documentation
FEATURES: What can AuthLite Do? TOKEN TYPES: What "Factors" are supported? INSTALL: How and where to install AuthLite? CONFIGURE AuthLite for your needs CHOOSE USERS: Choose 2-factor Users ENFORCE 2-factor Logons ADMINISTER AuthLite Tokens LDAP logon support/enforcement VPN and RADIUS Configuration How to Log In Event Logging

Offline OATH Tokens


Beginning with version 2.2, you can create “offline” OATH tokens that will be synchronized down to your workstations when the user connects online. The offline OATH token can then be used to authenticate to any of the workstations that previously cached its record. (Normal “Online” OATH tokens cannot be used in this way, because it's not possible to authenticate them without having a connection to the DC.)


  • You cannot use an Offline token to access any LAN resources that demand 2-factor authentication.  Unlike with a YubiKey, the offline token does not support both scenarios.  You need to have a separate row for your Offline OATH token in the authenticator app, and only use it when disconnected from the LAN.
  • If you log in to an offline workstation with your Offline OATH token, then connect a VPN, you'll need the Online OATH token for the VPN.  Furthermore, LAN resources that require 2-factor auth won't work because the desktop itself has used the Offline token.  For use cases like this, the YubiKey is a far better choice.