Share via

MFA Options For Shared Workstations

Adam Knecht 0 Reputation points
2024-04-25T15:43:05.56+00:00

Hello,

I have been tasked to rollout MFA for our organization. For users that have an assigned laptop or desktop the solution is to use multi-factor unlock. However, I set a set of users that use a shared workstation. The number of users on a stations exceeds 10 users, they cannot have a cell phone on them, the PCs cannot have a camera, the PC is in a cabinet so using something like an YUbiKey would not work. Can you tell me what options I have to resolve the shared workstation issue?

Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. sharedinbox 0 Reputation points
    2025-08-20T15:47:53.48+00:00

    Since cellphones and YUbiKey would not work there are a few workarounds.

    • Physical land line: you can receive the backup code as a phone call to a physical landline installed near the workstation.
    • Conditional Access Policies: you can implement Conditional Access policies under which MFA is required for example to make it less likely that MFA is triggered for that specific workstation.
    • Radio Frequency Identification Reader: this is expensive but an external RFID reader can read an employee's RFID tag essentially functioning as a badge system that grants access based on whether a badge is present.
    • Multi-user Authenticator apps: Increasingly Authenticator apps support a multi-user set up either embedded in a password manager or as a standalone Authenticator such as Salepager allowing multiple instances to support multiple users on a shared workstation or account.

    Was this answer helpful?

    0 comments
  2. Ronmb 0 Reputation points
    2024-04-26T18:10:11.6033333+00:00

    Given the constraints of the workstation cabinets, mounting an external reader could be a viable solution.

    • USB Extensions for Security Keys: If you prefer using security keys like YubiKeys, consider installing USB extension cables that run from the inside of the cabinet to an externally-mounted USB port. This setup allows users to easily insert their YubiKeys without direct access to the PC.

    Alternatively

    • External Smart Card Readers: These can be attached outside the cabinet, allowing easy access for users to swipe their smart cards without needing to access the enclosed PC.
    • External RFID Readers: Similar to smart card readers but using RFID technology, these can be mounted on the cabinet’s exterior. Users would simply tap their RFID badges near the reader to authenticate.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.