AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting

AuthLite is very simple to use with DirectAccess or NetMotion Mobility XE, no special configurations are needed on the VPN side. In a properly functioning DirectAccess/Mobility setup, the workstations operate as though they are always on the LAN.


  • Install AuthLite on the domain controllers and workstations.

  • License AuthLite

  • For Mobility, be sure to configure Unattended (machine) authentication as well as Windows user authentication.

  • For Mobility, AuthLite must be installed on the NetMotion Mobility server.

  • At the time the user logs in, the workstation will already have the machine-level DirectAccess/Mobility tunnel up and running. AuthLite communicates with the DC over this channel automatically, and performs OTP validation exactly as if the machine was connected directly to the LAN.

  • For the best sign-on experience, use group policy to deploy this registry key on your Netmotion workstations:

Key: Software\Policies\Collective Software\AuthLite
Name: CredprovUseNetmotionOrder
Value(string): "true"


  • DirectAccess is a complex thing to get set up from scratch, especially if you are trying to do it without the UAG wizard. You should definitely not attempt to add AuthLite into the mix until you are finished troubleshooting any DirectAccess issues. Otherwise you'll make it harder to figure out where the problems are.