AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting
MacOS install walkthrough
Please see this video for information on configuring an AD domain-joined MacOS system to authenticate AuthLite users with 2-factor at the logon screen.

Please note that unlike Windows workstations, this does not enforce 2-factor authentication for mobile accounts when the workstation is offline, nor for FileVault full disk encryption. At boot time, the FileVault logon will still just be the user's AD password. Also, when the machine is offline, the mobile account will allow logon with just the AD password as well.

Please note that Apple does not allow third party code to extend the "screen saver unlock" UI as of OS version Catalina.  Therefore in our plugin build 1.4 we disabled this feature to prevent the "black screen" problem upon unlock.  This means in order to unlock the machine from screen saver, the user has to ignore the unlock dialog and click "Switch User" instead. 

When AuthLite is configured properly on the server side, the user will still require a 2-factor logon in order to obtain a Kerberos ticket and network logon credentials.