OneLogin Desktop enables admins to manage Mac and Windows devices that use OneLogin Desktop for authentication. You can manage devices with the Device Manager dashboard in OneLogin. This is beneficial because there is no need to maintain an Active Directory or an LDAP directory to manage devices. On-prem directories put you at risk of stale passwords and permissions.
Desktop moves OneLogin and our customers closer to the passwordless future by enabling users to authenticate, by leveraging a certificate in their Certificate Store, to gain access to the OneLogin portal and SSO-enabled browser-based apps on trusted devices. In other words, users enter their credentials into the Windows OneLogin tray app and are recognized as authenticated to OneLogin until their password expires as set by admin-defined policy.
OneLogin Desktop vs. Desktop Pro
What’s the difference between OneLogin Desktop and OneLogin Desktop Pro? Generally, OneLogin Desktop is limited to browser-level security while OneLogin Desktop Pro provides both browser-level and machine-level security.
OneLogin Desktop provides:
- Passwordless browser login into your OneLogin portal
- Certificate-as-a-factor security during browser SSO
- Support for Adaptive Authentication and multi-factor authentication
OneLogin Desktop Pro also includes:
- Access to laptop and desktop machines via OneLogin credentials
- Work machine-level override for OneLogin administrator password requirements
- Shared workstation support for Windows work machines
Check out our video training, Installing and Configuring OneLogin Desktop.
Desktop Tray Application
The OneLogin Desktop Tray Application provides users with quick access to OneLogin without opening a web browser. Click on the menu options to go to your OneLogin Portal, change your password, or access help pages.
OneLogin Portal
When users select the OneLogin Portal menu option, the default web browser opens and initiates the login sequence. A prompt to accept a certificate may appear. If they see the prompt, simply click on continue and the login sequence continues.
For Macs, the following cert prompt may appear:
For the Windows, the following cert prompt may appear:
If admins require an additional MFA factor, users are prompted to provide the MFA credential: OneLogin Protect, Google Authenticator, Duo Authentication, etc.
Self-service Password Update
Users can update their password by clicking on the Change Password menu option. The default browser opens and initiates access to their Profile page. If they have an active session open on their browser, they see the password change dialog open with fields for Current and New Password.
If Change Password doesn’t appear in the menu, then the admin hasn't enabled the self-service password reset.
If an end user changes their password at the device level through system preferences, the new password will be checked against OneLogin servers and written to the keychain. |