What’s new

Enterprise Connect Passwordless is a credential provider for the Microsoft Windows operating system (OS) that eliminates the need for password use when signing on to Windows machines or to the domain. Enterprise Connect Passwordless Domain authentication completely replaces Microsoft Active Directory passwords with a high assurance, password-free authentication paradigm.

Users can sign on to Windows workstations or the domain using the PingID mobile app or FIDO authentication. Enterprise Connect Passwordless also supports various methods of user verification for multi-factor authentication, such as one-time password (OTP), voicecall, and codes sent to users using SMS or email.

Enterprise Connect Passwordless 4.3.1

Enterprise Connect Passwordless 4.3.1 is intended for use with Authentication server version 5.8.2 and later only.
Enterprise Connect Passwordless 4.3.1 doesn’t support Windows 7 or WIndows 8.1 (32/64 bit).

New features

Enterprise Connect Passwordless Windows Agent 4.3.1 introduces the following feature:

Passwordless authentication support: Enterprise Connect Passwordless supports the option for passwordless sign on (instead of multifactor authentication). A new setting in the Windows MSIUpdate (MFA tab) enables activation of this feature.

When the feature is enabled, Administrator Access Only is displayed on the Windows sign-on screen.

Clicking this link redirects users to the passwordless sign-on screen where the Password field is hidden. The user provides a username, presses Enter, and immediately receives a push authentication request. Upon successful authentication, the user is signed on to Windows.

Enterprise Connect Passwordless 3.9.3

Enterprise Connect Passwordless Windows Agent version 3.9.3 is intended for use with Enterprise Connect Passwordless Server version 5.8.2 (and later) only.
Enterprise Connect Passwordless Windows Agent version 3.9.3 doesn’t support Windows 7 or Windows 8.1 (32/64 bit).

Enterprise Connect Passwordless Windows Agent version 3.9.3 introduces the following features:

[SSA-12370] Shared user accounts – Designated users can now sign on to a generic account on a shared workstation using their personal credentials and devices. This feature facilitates smooth sign on while enhancing authentication security for specific groups of personnel (such as IT, DevOps, and manufacturing floor workers) who use shared workstations.

New checkboxes in the Settings tab of the MSIUpdater client allow the admin to enable support of shared accounts and control whether the Windows sign-on screen will allow switching between shared account sign on and standard account sign on. Shared account support also requires some configuration in the Enterprise Connect Passwordless Server. Learn more in the Enterprise Connect Passwordless Windows Agent Installation Guide.
[SSA-12771] Retrieval of temporary sign-on token with certificate – A new systray setting enables users to retrieve the temporary token required for RADIUS sign on after performing authentication using a smart card signed by the organization’s root CA. The token expires after 60 seconds.
[SSA-13141] Dynamic web proxy support – Enterprise Connect Passwordless Windows Agent now supports both static and dynamic web proxy. Proxy type is determined according to the syntax of the Proxy EndPoint URL in the MSIUpdater. Learn more in the Enterprise Connect Passwordless Windows Agent Installation Guide.
[SSA-13819] Credentials retrieval with HW OTP tokens – A new systray option allows users to view and copy the AD password after performing authentication using a hardware OTP token. To enable this option, the OTP authenticator in the Parameters tab of the MSIUpdater must be selected.

This feature is supported for Enterprise Connect Passwordless Server version 5.8.2 (and later) only.
Hardware OTP offline authentication – Enterprise Connect Passwordless Windows Agent now supports hardware OTP tokens as a method of authentication for offline sign on. To enable this feature, you must configure Offline OTP with PIN protection in the Enterprise Connect Passwordless Server, and the Windows workstations must have TPM support.
[SSA-13855] Credentials retrieval with HW OTP tokens – A new systray option lets users view and copy the AD password after performing authentication using a hardware OTP token. To enable this option, select the OTP authenticator in the Parameters tab of the MSIUpdater.
[SSA-13927] Enhanced credential status data – The Check Credential Status systray option now provides detailed password expiration information.

Enterprise Connect Passwordless 3.8.4

Enterprise Connect Passwordless Windows Agent 3.8.4 is only compatible with Enterprise Connect Passwordless Server 5.4.8 or later.

Using older versions of Enterprise Connect Passwordless Server is not recommended and requires the selection of the Legacy Server Support checkbox in the MSIUpdater client.

Missing mandatory parameters list: If one or more mandatory settings are missing from the MSIUpdater client, a list of the missing settings now displays in a tooltip when hovering over the disabled Apply button.
User defined log file location: A new setting in the MSIUpdater client enables changing the default location of the log files to a user specified directory.
Hide BLE authentication option: When Octopus BLE is selected as an authenticator in the MSIUpdater client, you can now choose to show or hide this authentication mechanism in the Windows credential provider’s sign-on method selection list.

Enterprise Connect Passwordless 3.8.2

Initial release of Enterprise Connect Passwordless Windows Agent that provides instructions on how to install and deploy the Enterprise Connect Passwordless Windows Agent (ECP Windows Agent).

Learn more in the ECP Windows Agent 3.8.2 guide.