top of page

Pioneering Windows Login with OpenID Connect Identity Token via CodeB

Introduction

In an era dominated by digital advancements, CodeB emerges as a vanguard, underscoring the imperative of robust security for Windows workstations. The common misconception is that amplifying Windows login security is a labyrinthine task, leading to a reliance on lackluster password strategies.


Challenging this paradigm, CodeB Credential Provider simplifies the adoption of a Windows Logon Token. Be it a rudimentary USB Memory Stick, a cutting-edge X.509 PKI Smartcard, an Android Phone, a multifaceted Authenticator App, or a standard NFC/Mifare/Desfire Contactless Card, CodeB's innovative solution is set to transform your security landscape. Taking a monumental leap, CodeB Credential Provider now pioneers the acceptance of OpenID Connect Identity Tokens issued by mobile devices.


The recent “Storm-0558” incident spotlighted the vulnerabilities of centralized Identity Signature Keys. History is testament to the fact that such keys, when compromised, become gateways for malicious intrusions. With the expertise of the CodeB Identity Broker team combined with the CodeB Authenticator, your mobile metamorphoses into a personal identity fortress. The key, generated and securely stored in the mobile's secure key store, mitigates risks associated with compromised OpenID Connect Signature Keys.


Delving into CodeB Credential Provider Editions

CodeB Credential Provider, with its intricate design, caters to a broad spectrum of user needs, bifurcating into two distinct editions:


1. System Tray Stand-alone Application: A comprehensive solution, this edition amalgamates all essential components into a singular system tray application, ideal for users who prioritize directness.


2. Suite of Tools and Applications: This edition resonates with users who value granularity and precision. It unfurls a collection of standalone tools and applications, making it a favorite among enterprise setups where bespoke solutions are paramount.


This guide pivots its focus on the independent tools version, elucidating the process of Windows login using an OpenID Connect Identity Token.


Detailed Guide to CodeB Credential Provider

Step 1: Software Retrieval: Commence by downloading the independent tools version of the CodeB Credential Provider from this link: https://blog.codeb.io/downloads/codeb_smartloginhelper.zip


Step 2: CodeB Authenticator App Setup: Download and set up the CodeB Authenticator App from the Google Playstore here:


This app transforms your mobile into a personal OpenID Connect Identity Provider.


Step 3: Software Extraction: Post download, extract the `codeb_smartloginhelper.zip` file to a preferred directory.


Step 4: Library Integration: Navigate to the `CredentialProviderInstaller.exe` tool and execute it with administrator rights. A single click on the “Install Credential Provider” button ensures the library's seamless installation and registration.


Step 5: Licensing Protocols: If you possess a license key, this step is pivotal. If not, CodeB's support channels, including email and website chat, are at your disposal to issue an Evaluation key.


To integrate the key, initiate the `SmartLoginLicensing.exe` application with elevated permissions, input your license details, and confirm with the “Save Key” button.


Step 6: OpenID Connect Identity Integration: With the foundational elements in place, the next phase involves associating your local or domain accounts with your mobile's OpenID Connect Identity Provider. Ensure the CodeB Authenticator is installed, configured, and started.


To commence the synchronization, activate the `LinkOpenID.exe` tool. Provide your Username/Domain (optional), mobile number, and the Binding PIN. The Binding PIN, an added layer of security, should be congruent in both the CodeB Authenticator App and the CodeB Credential Provider.


For ease of access during Windows login, you can assign an Alias to your mobile number, allowing you to input the Alias as opposed to the lengthy mobile number. Upon configuration, click “Link” and ensure you approve the linking on your mobile's CodeB Authenticator App.


Step 7: Credential Provider Transition: At the Windows login interface, users can effortlessly switch between the native Windows credential provider and CodeB's variant. For authentication, simply input your configured Alias or mobile number into the username field, leaving other fields untouched as authentication approval is managed via your mobile.


A notable feature is the capability to obscure the default Windows Credential Provider using the CodeB Credential Provider Filter, a topic that warrants a comprehensive exploration.


CodeB Credential Provider has redefined the paradigms of security and convenience in Windows login mechanisms. By adhering to the outlined steps, users can seamlessly set up their systems to support diverse login modalities, from rudimentary USB Memory Sticks to advanced TOTP Generators, PKI Smartcards, and now, OpenID Connect. For any challenges or queries, the adept team at CodeB is ever-ready to assist and guide.




Recent Posts

See All

Comments


Commenting has been turned off.
bottom of page