AuthLite Interactive Documentation
FEATURES: What can AuthLite Do? TOKEN TYPES: What "Factors" are supported? INSTALL: How and where to install AuthLite? CONFIGURE AuthLite for your needs CHOOSE USERS: Choose 2-factor Users ENFORCE 2-factor Logons ADMINISTER AuthLite Tokens LDAP logon support/enforcement VPN and RADIUS Configuration How to Log In Event Logging

AuthLite is very simple to use with DirectAccess or NetMotion Mobility XE, no special configurations are needed. In a properly functioning DirectAccess/Mobility setup, the workstations operate as though they are always on the LAN.

  • Get your DirectAccess/Mobility infrastructure set up and working first without AuthLite being used at all.

  • Install AuthLite on the domain controllers and workstations.

  • License AuthLite

  • Identify AuthLite Users and Provision their keys.

  • For Mobility, be sure to configure Unattended (machine) authentication as well as Windows user authentication.

  • For Mobility, AuthLite must be installed on the NetMotion Mobility server.

  • At the time the user logs in, the workstation will already have the machine-level DirectAccess/Mobility tunnel up and running. AuthLite communicates with the DC over this channel automatically, and performs OTP validation exactly as if the machine was connected directly to the LAN.

  • Be sure to use one of the methods for Requiring Two-factor Authentication. Otherwise your setup may support  2FA but not enforce it.

  • For the best sign-on experience, use group policy to deploy this registry key on your Netmotion workstations:

Key: HKLM/Software/Policies/Collective Software/AuthLite
Name: CredprovUseNetmotionOrder
Value(string): "true"


  • DirectAccess is a complex thing to get set up from scratch, especially if you are trying to do it without the UAG wizard. You should definitely not attempt to add AuthLite into the mix until you are finished troubleshooting any DirectAccess issues. Otherwise you'll make it harder to figure out where the problems are.