AuthLite Interactive Documentation
FEATURES: What can AuthLite Do? TOKEN TYPES: What "Factors" are supported? INSTALL: How and where to install AuthLite? CONFIGURE AuthLite for your needs CHOOSE USERS: Choose 2-factor Users ENFORCE 2-factor Logons ADMINISTER AuthLite Tokens LDAP logon support/enforcement VPN and RADIUS Configuration How to Log In Event Logging

AuthLite is licensed on a per-user basis, so you don't have to worry about counting the number of servers or workstations.  Here is some high level guidance on where software needs to be installed, and what is supported.  For scenarios not covered here, please contact us for assistance.

Note: 32 and 64 bit platforms are supported.

Domain Controllers

AuthLite runs as an authentication service in the DCs to assist with domain authentication.  There is not any way to restrict what DC domain clients will choose, therefore you must install the software on every DC that could be used to authenticate AuthLite users.

AuthLite uses an Application Partition to store and distribute its user data.  By default, each DC where you install AuthLite will be registered to host a replica of the data partition.

Read-only DCs

AuthLite can function on RODCs, but because it uses one-time passcodes, at each successful logon the RODC must update OTP counter attributes on a writeable DC.  The necessary configuration and permissions to allow this RODC-to-WDC access are applied automatically.

"Core" (command-line mode) DCs

AuthLite supports server Core.  Please see this KB article

Domain Member Servers

See below


Unless cached logon is disabled by group policy, you should install AuthLite software on any workstations that will have AuthLite users logging on.

Standalone system with local users

At this time, AuthLite version 2 can only be used on Domain member machines.  AuthLite v1.2 can be installed and used for standalone servers/workstations up to 2008R2 and Windows 7.