AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting

AuthLite supports 802.1x authentication through its NPS RADIUS  plug-in.

You might not actually want to do this, because the wireless connection will probably need to re-authenticate every time your connection drops or changes access points. This means it would re-send the old OTP (which is expired).  The end result would be you would need to repeatedly enter credentials.  So, it may be preferable to permit password-only wireless authentication.


  • Microsoft NPS as a RADIUS server.

  • Windows 7 client machine whose Trusted Root certificate store trusts the certificate your NPS server is using.

  • Users you wish to authenticate are Active Directory users. AuthLite will use AD for the password portion of the authentication.


  • Start without AuthLite. Get 802.1x wireless authentication working between your client workstations, the access point, and the NPS server. You should be able to type your username and password into the wireless authentication prompt on your workstation, and be authenticated and connected to the wireless network. Before you can add AuthLite, you need the basic setup to be working.

  • Additional Windows 7 client settings to work with AuthLite:

  • In the Security tab of the network, deselect "Remember my credentials" (OTPs will only be valid one time!).

  • In PEAP settings, select EAP-MSCHAPv2 for the authentication method and configure it NOT to use the Windows credentials automatically (we want to enter OTPs).

  • In Security->Advanced, select "user" authentication.

  • AuthLite configuration settings:

  • Make sure you have your AuthLite users reflected in one of your AuthLite User Groups

  • Enable the IAS/NPS plug-in

  • Restart the AuthLite and NPS services


After users are in an AuthLite User Group and the NPS plugin  is active, those users will no longer be allowed to authenticate with just username and password.  Instead,type in your username followed by a dash “-” followed by the OTP.  Then enter the password as normal, and you should get authenticated to the network.