AuthLite Interactive Documentation
Home
Contents
CLOSE
AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens
How AuthLite uses YubiKeys
Installation
What platforms are supported? Prerequisites and Installation Linux systems MacOS machines
Configuration
Licensing AuthLite Set up User Groups
Configuring AuthLite to use your Group Pairs
Setting up the "Group for New Users"
ENFORCE 2-factor Logons
Use Group Policy to enforce 2-factor on Windows servers/workstations Secure Administrative Accounts with 2-factor Authentication Enforce 2-factor on File Shares using Access Control Lists (ACLs) Partial enforcement of a server (e.g. Exchange) with "Forced 2-factor Processes" Enforce non-Windows machines with "Forced 2-factor Computers" Enforce 2-factor logon to Office 365 with AuthLite
Windows Workstation (Endpoint) Protection
Offline Workstation logon with YubiKeys Offline Workstation logon with OATH tokens Zero-client two-factor workstation logons Workstation Safe mode operations
Remote Desktop
2FA over Remote Desktop Protocol 2FA with Remote Desktop Gateway / RemoteApp / RDWeb / RD Web Client
Replay Windows to support RDP and other re-authenticating protocols Replay Behavior setting VPN and RADIUS Configuration
Using IAS/NPS for RADIUS with AuthLite Microsoft VPN Client settings Wireless 802.1x Authentication DirectAccess and NetMotion Mobility XE Configure Watchguard SSL VPN with AuthLite
Active Directory Deployment Notes
Administer tokens
CONFIGURE Token Settings dialog SET UP New Tokens
Provisioning Tokens Administratively
YUBIKEYS: Provisioning Administratively (Soft) OATH Tokens: Set up Administratively (Hardware) OATH Token Provisioning
Self-Service Provisioning
SET UP the Self-Service Web Portal USING the Self-Service Web Portal
MANAGE Existing Tokens DELEGATE Rights to Manage Tokens RECOVERY Tokens Multiple OTP Tokens for the Same User Multiple users with the same OTP Token Password Operations
How to Log In Event Logging
CLOSE

MANAGE Existing Tokens

Figure 1: AuthLite Token Manager UI
Figure 1: AuthLite Token Manager UI
Figure 2: Reassigning tokens
Figure 2: Reassigning tokens

For maximum data safety, AuthLite stores key data forever by default, and does not run any logic to prune old users or keys out of its database. For example, when a user re-programs an existing key, the key's old data record is no longer used, but still remains in the data store. This does not present any security, performance, or functionality problems, but you may wish to remove old records to keep the database tidy.

The AuthLite Token Manager program can be run from any AuthLite-aware domain controller. It can also be installed on other member machines, although this feature is not selected by default.

This tool allows you to display, sort, and search the data records for all the AuthLite keys that are currently provisioned in your domain.

Connecting to Active Directory

When you first start the AuthLite Token Manager, the application will automatically connect to the Active Directory instance on the local machine. The name of the domain controller to which the application is connected is shown in the status bar. To connect to a different domain controller, choose the Connect to... menu item from the File menu.

“Filter by” dropdown

When you first open the app, all tokens are shown except Recovery Tokens. You can change which tokens are shown by selecting a different term in the dropdown. Some selections require a search term to be entered in the “Find tokens” box.

Find tokens

Click inside the “Find tokens” box in the tool bar, enter your search term, and hit the Enter key. Hit ESC or press the “Clear Search” button to reset the search. The fields to search can be selected from the drop-down on the left.

Find by OTP

If you have a YubiKey OTP, and need to find the corresponding key entry, enter the OTP into the Find Tokens box and hit the Enter key or Search button. The key record corresponding to that OTP will be shown. This only works with the Filter dropdown set to “All Tokens”, “Assigned tokens”, or “Key ID Matches:”.

View a Token's Properties

To view the properties of a token, double-click on a row in the list, or right-click on a record and choose Properties from the context menu.

Delete a Token

Select one or more rows in the list, choose the Delete key(s)...option from the File menu, or hit the Delete key, or press the Delete toolbar button, or right-click and choose the Delete option from the context menu. Be careful because deleting token records is a permanent operation with no "Undo". If a record is in use, then deleting it will prevent that user from logging on to AuthLite-aware systems/services with that token ever again.

Reassign a Token

From the key properties dialog, click the Reassign key link. Or choose Reassign key...from the File menu. Or select one or more keys, right-click, and choose Reassign from the context menu.


In addition to selecting a different user, this dialog allows you to revert a token to its “Unassigned” state.

You can also set more than one token at a time. In Figure 2, two tokens have been selected. Whatever action is taken in this dialog, both tokens will be set to that user.

Related topics: