View Source

Prerequisites
Install Active Directory Certificate Service in Domain Controller.
DualShield MFA Platform > Passwordless Authentication in Computer Logon using Certificate > worddav4d9f76104c6556371b18cd40ef1404b2.png
After installation, configure the Certificate Authority accordingly.
After completing the configuration, open the Microsoft Management Console (MMC) and include 'Enterprise PKI' to verify its configuration.
DualShield MFA Platform > Passwordless Authentication in Computer Logon using Certificate > worddav80bda855855568e84e26211d6cb7ce92.png

Now, your domain is ready to use DualShield Computer Logon Passwordless feature.
Navigate to DualShield – Computer Logon Client Policy.

Enable option "Enable Passwordless Login".
Set "Passwordless Certificate Lifetime".
Set "Renew Passwordless Certificate N days before it expires"
Leave 'CRL' empty, it has the default value. (Note: By default, when 'Client Authentication: Device Cert' is enabled, this feature doesn't function as expected. If you wish to accommodate both features, users can manually adjust the settings to utilize a different URL, ie: https://mfa.qa.deepnetid.com:8092/sso)

DualShield MFA Platform > Passwordless Authentication in Computer Logon using Certificate > worddavd9e22366282855ba89bdcbcf754bc30d.png
Now, login windows client, passwordless certificate is created silently at the back. Login and logout, now you will see the 'Passwordless Enable" under the password text field.
DualShield MFA Platform > Passwordless Authentication in Computer Logon using Certificate > worddav4beb96d385937869a50a6aaace020061.png
Press Enter to log in directly to Windows, or a second-factor dialog will appear if required.
Note, currently, Computer Logon Passwordless Certificate does not require any activation, it is auto activate.