AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting

Creating AuthLite Groups

AuthLite uses Active Directory security groups to tell what accounts should be considered for enforcement policies.  It also uses groups to track whether sessions were authenticated with 1-factor or 2-factor.

These groups are normally created via the Create-AuthLite-Groups  sub-command of the Do-Default-Setup command in AuthLite Admin Powershell, and placed into an OU called AuthLite Groups.  (You may rename and move them).

Place users into the AuthLite Users group, which is nested into the AuthLite 1-Factor Session Tag  group.  The AuthLite 2-Factor Session Tag group has no members.

The Tag groups are special and their membership should not be changed  after this initial setup.  Notice that the AuthLite Users group is a member of the 1-Factor Session Tag group but not the 2-Factor Session Tag group.  This is intentional.

You can name these groups whatever you want, and place them wherever you want in your directory OU structure.  They should generally be Global Groups.  Starting in AuthLite 2.5, the groups may be nested into other global AD groups, provided the Nesting feature is activated (see next step).

Next, we'll tell AuthLite about these groups and see how they work.