Background
Once Passwordless sign-in has been enabled for your QP tenant, machines with the Quickpass Agent installed should display the "Technician Sign-In" tile on the machine's login screen. Depending on a local machine's and/or domain's configuration, we have seen some configurations to cause the "Technician Sign-In" tile to not appear despite the solution being enabled in the QP tenant.
This article will go in-depth with instructions on how to troubleshoot this challenge so that you may use the Passwordless MFA for technicians solution.
Prerequisites
- Privileged access to the affected system (EG: Administrator access, RMM agent running as System or Administrator)
- Super or Primary Role on CyberQP Dashboard
- QGuard Pro (Administrator and Service Rotation, and Just in Time) Feature Enabled for Tenant
Contact your Rep
NOTE:
Microsoft Remote Desktop Services (RDS), Terminal Services, Citrix Services or similar use a specific Credential Provider screen that does not allow for the Passwordless Tile. This would only affect the Gateway and/or RDS Server Roles.
Diagnose and Resolve
- Ensure that Customer has Just in Time and Passwordless Enabled
- Review the KB on Enabling the Just in Time Feature
https://support.getquickpass.com/hc/en-us/articles/18911410129175-How-To-Turn-On-Just-in-Time-Privileged-Accounts-Feature-QGuard-Pro - Review the KB on Enabling the Passwordless Feature for the Customer
https://support.getquickpass.com/hc/en-us/articles/14607897938711-Passwordless-MFA-for-Technicians
- Review the KB on Enabling the Just in Time Feature
- Ensure the Agent is installed on the server and working
- Check the list of Installed Programs (Add Remove Programs or Programs and Features screen) - there are 2 components to the installation - both should be present (unless you have manually installed via a MSI extracted from the installation file)
- Check the Service is running on the system.
- Check the list of Installed Programs (Add Remove Programs or Programs and Features screen) - there are 2 components to the installation - both should be present (unless you have manually installed via a MSI extracted from the installation file)
- Ensure the Credential Provider is showing in Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
You are looking for the {67D6B25B-3419-4C60-A4B5-A7CE535AD300} registry entry on the left side that shows the CyberQPCredential Provider
- If this does not exist, then either the Agent is not updated, the agent needs to be reinstalled, or the Passwordless Feature needs to be enabled for the Customer
- Ensure that Duo or Okta registry Keys are permitted or old application fully uninstalled.
- Duo - https://support.getquickpass.com/hc/en-us/articles/22720858271895-Enabling-the-CyberQP-Credential-Provider-while-using-Duo
- Okta - https://support.getquickpass.com/hc/en-us/articles/28109331724823-Enabling-the-CyberQP-Credential-Provider-while-using-Okta
- If you are no longer using these applications, uninstalling them will remove the conflict between that solution and CyberQP's Credential Provider
- If the Passwordless Technician Sign-In tile is still missing, please contact CyberQP Support <support@cyberqp.com> for additional troubleshooting.
- Please export the entire Authentication Registry key (see step 3) and zip it up. Attach to the Ticket email or request access to the Cloud SharePoint site specific to your ticket.
Comments
0 comments
Please sign in to leave a comment.