Version 3.5 (July 2023)

You can now configure Digipass Authentication for Windows Logon to always use separate credential fields for the password and the OTP on the Windows Logon screen.

If you enable this option and users need to log on with their static password and a generated OTP, they need to type the static password in the Password field and the OTP in the OTP field.

If this option is disabled, the users need to type the static password and the OTP in the Password field, i.e. passwordotp.

By default, this option is disabled. To enable it, you need to set the Use separate credential fields for logon option in the Group Policy.

This option only changes how the input form is displayed on the client side. The internal logon handling is not affected and works the same, regardless of the number of input fields shown.

Digipass Authentication for Windows Logon now supports the following products:

Operating systems

Software libraries

Digipass Authentication for Windows Logon now includes the following (updated) third-party libraries:

Description: Digipass Authentication for Windows Logon currently supports Microsoft Active Directory Domain Services on Windows Server and OpenLDAP 2 for back-end authentication. This information is missing in the documentation.

Status: The documentation has been updated. A list of the supported LDAP servers was added to the Digipass Authentication for Windows Logon Installation Guide.

Description: The behavior of the Require Digipass authentication option can be different in RDP scenarios, especially with multiple domains.

Consider a scenario where a user is already logged on (computer A) and attempts to connect to another workstation or server (computer B) via remote desktop (RDP), where both computers have Digipass Authentication for Windows Logon installed (but with different configuration settings). If computer B requires OTP authentication but computer A does not, the user may not be required to use an OTP when connecting from computer A to computer B via RDP (because of the settings of computer A).

This behavior occurs in different scenarios and is caused by a Windows security limitation that forcibly uses the credential provider settings of the source computer. It cannot be circumvented in newer Windows versions.

Affects: Digipass Authentication for Windows Logon in multi-domain environment with RDP

Status:  This behavior is caused by a Windows security limitation and cannot be fixed or circumvented in newer Windows versions. Possible workarounds introduce security risks and may not work at all in the future. A respective note and description of the issue has been added to the documentation where applicable.