Skip to main content
Skip table of contents

Windows Integration

Veridium offers a suite of components designed to enable secure and convenient passwordless login for Windows domain-joined machines. These components work in concert to streamline authentication, enhancing both security and user experience. This document provides an overview of these components, their communication, and their roles within the passwordless login architecture.

Architecture Overview:

Veridium's passwordless login solution for Windows domain-joined machines utilizes a series of interconnected components. The following diagram illustrates the communication and roles of these services:

Windows components overview-20250310-145843.png

Component Descriptions and Roles:

  • VeridiumID Server:

    • Role: The core server component that validates the Veridium ID (VID) token presented by the Windows Credential Provider. It acts as the central authentication authority.

    • Communication: Communicates with the Enrollment Proxy to facilitate machine certificate requests and with the Windows Credential Provider via a REST API using Mutual Transport Layer Security (MTLS).

    • Key Functionality: Token validation, authentication, and secure communication.

  • Enrollment Proxy:

    • Role: Acts as an intermediary between the VeridiumID Server and the Registration Authority. It forwards machine certificate requests.

    • Communication: Communicates with the VeridiumID Server and the Registration Authority.

    • Key Functionality: Proxying certificate enrollment requests.

  • Registration Authority:

    • Role: Responsible for issuing machine certificates based on the presented VID token.

    • Communication: Communicates with the Enrollment Proxy and the Active Directory Public Key Infrastructure (AD PKI).

    • Key Functionality: Certificate issuance and validation.

  • AD PKI (Active Directory Public Key Infrastructure):

    • Role: The underlying certificate authority that provides the infrastructure for issuing and managing machine certificates.

    • Communication: Communicates with the Registration Authority.

    • Key Functionality: Certificate services.

  • Windows Credential Provider:

    • Role: The client-side component that integrates with the Windows login process and presents the VID token to the Registration Authority. It also communicates with the VeridiumID Server via a REST API using MTLS.

    • Communication: Communicates with the Registration Authority and the VeridiumID Server.

    • Key Functionality: Passwordless login integration, token presentation, and secure communication.

Workflow Overview:

  1. User Initiation: The user initiates a passwordless login attempt on their Windows domain-joined machine.

  2. Credential Provider Interaction: The Windows Credential Provider presents the VID token to the Registration Authority.

  3. Certificate Issuance: The Registration Authority, in conjunction with AD PKI, issues a machine certificate based on the validated VID token.

  4. Certificate Delivery: The machine certificate is delivered back to the Windows Credential Provider via the Enrollment Proxy.

  5. Authentication: The Windows Credential Provider communicates with the VeridiumID Server via a REST API using MTLS to validate the VID token.

  6. Login Completion: Upon successful validation, the user is authenticated and granted access to their Windows session.

Key Benefits:

  • Enhanced Security: Eliminates the risk of password-based attacks.

  • Improved User Experience: Simplifies the login process with passwordless authentication.

  • Streamlined Authentication: Provides a seamless and efficient authentication experience.

Components' detailed configuration and troubleshooting suggestions:

VeridiumAD RA/EP Server
Windows Credential Provider
VeridiumID ADFS Plugin
Appendixes
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close