Credenti Auth

Passwordless MFA That Works Where You Work

Credenti Auth delivers a seamless, passwordless login experience for frontline and knowledge workers across Windows, macOS, and Linux — online or offline — using biometrics, Passkeys, or FIDO2 security keys, with or without mobile devices.

Ideal for finance, technology, government, healthcare, manufacturing, utilities, and public safety organizations.

An illustration showing a laptop with the Credenti Auth logo on its screen, surrounded by icons for biometrics, face recognition, fingerprint login, passkeys, FIDO2 security keys, authenticator apps, and PIN-based authentication. These elements represent Credenti’s ability to extend Okta and Entra identity provider capabilities to the desktop, enabling phishing-resistant, passwordless authentication across Windows, macOS, and Linux. The visual emphasizes how Credenti bridges the gap between cloud identity and operating system login—supporting hybrid-joined devices, non-domain-joined machines, and even offline environments where traditional IdP authentication cannot reach. It conveys the platform’s strength in securing shared workstations, kiosks, and frontline endpoints with consistent, enterprise-grade MFA.

Why Extend Your IdP?

Complement Your IdP with Desktop-Grade Authentication. Okta, Entra, and other modern identity providers excel at managing access to cloud applications — but often leave operating system login for complex scenarios like shared devices or kiosks unaddressed.

Credenti works alongside your IdP to extend secure, phishing-resistant login to Windows, macOS, and Linux desktops — including environments that are offline, not domain-joined, or hybrid-joined. It even provisions local accounts dynamically after successful IdP login, enabling seamless access without sacrificing security.

Supported Factors

IdP-Native Factors

Enforce existing identity provider MFA directly at desktop login.

  • Okta: Okta Verify, FIDO2 / WebAuthn USB or NFC keys, Yubikeys, TOTP, Google Authenticator App, DUO, RSA Auth, SMS, Voice, Email
  • Entra: Microsoft Authenticator, FIDO2 / WebAuthn USB or NFC keys, SMS, Temporary access pass, Voice call and Alternate call factor, OATH Tokens
  • Aligned with the FIDO Passkey Pledge

Offline Authentication

Maintain secure access even in air-gapped or no-network environments.

  • TOTP from apps or hardware tokens
  • Admin TOTP — request a one-time code from an admin if MFA device is unavailable
  • FIDO2 / WebAuthn USB or NFC keys
  • U2F challenge-response keys

Choose Your Environment —
Whether You Have an IdP or Not

Image showing the Okta logo alongside text explaining that the Credenti platform extends passwordless MFA to Windows, macOS, and Linux desktops while honoring existing Okta policies. The visual highlights Credenti’s seamless integration with Okta for enforcing secure, phishing-resistant authentication at the operating system level.

Okta

Extend passwordless MFA to your desktops while honoring Okta policies.

Image showing the Microsoft Entra ID logo accompanied by text explaining that the Credenti platform integrates with Entra to enforce identity verification and MFA directly at the operating system login screen. The visual highlights Credenti’s ability to bring Entra-backed, phishing-resistant authentication to Windows, macOS, and Linux desktops.

Microsoft Entra ID

Leverage Entra identity and MFA directly at the OS login screen.

Image displaying an On-Prem Active Directory icon alongside text explaining that Credenti integrates with traditional and air-gapped AD environments to enable modern MFA. The visual highlights Credenti’s ability to bring secure, phishing-resistant authentication to legacy, offline, or isolated Active Directory systems without requiring cloud connectivity.

On-Prem AD

Enable modern MFA for legacy or air-gapped Active Directory environments.

Image featuring the Credenti logo and text stating ‘No IdP? No Problem,’ highlighting that the Credenti platform can deploy a lightweight directory and enforce MFA even without a cloud identity provider. The visual emphasizes Credenti’s ability to deliver secure, passwordless authentication for desktops in environments that lack Okta, Entra, or traditional IdPs.

No IdP? No Problem.

Deploy lightweight directory and enforce MFA — even without cloud identity.

Why Customers Choose Credenti

For All Join States

Domain-joined, non-domain joined, Entra-joined, hybrid domain-joined, and VDI environments

Flexible Factors

Biometrics, passkeys, FIDO2, and mobile-based access — your workflow, your rules.

Works Everywhere

Hybrid, disconnected, or regulated — Credenti adapts to any environment.

IdP Extension

Extend Okta, Entra, and CyberArk login seamlessly to the desktop level.

Offline-Ready

Use passkeys, TOTP, and FIDO2 tokens even in air-gapped or no-network setups.

Compliance Aligned

Built for NIST, CJIS, GDPR, PDPL, and modern Zero Trust mandates.

Full support for macOS

Includes native login support for M1, M2, and Intel-based Macs.

CredentiNow App

Unlock machines with mobile biometrics or proximity detection on iOS and Android.

Admin Controls

Enforce MFA per user type and track every login for audit and accountability.

Compliance-Ready MFA for Insurance, NIST, CJIS, and More

Credenti helps you meet MFA enforcement mandates for Cybersecurity Insurance, CJIS, HIPAA, PCI-DSS, NIST 800-63 and GDPR. Protect Windows, macOS, and Linux endpoints — online or offline — without relying on domain join or outdated login methods.

Image of a professional working at a desktop computer, with a transparent digital overlay displaying security and compliance badges. The overlay includes checkmarks for NIST SP 800-63, FIPS 201, HIPAA, PCI-DSS, and CJIS, along with a glowing padlock icon labeled ‘Zero Trust.’ The scene represents Credenti Auth’s ability to deliver compliance-ready, phishing-resistant MFA across Windows, macOS, and Linux devices. It highlights support for strict regulatory mandates in industries such as insurance, healthcare, government, and finance, as well as secure authentication in both online and offline environments without requiring domain join.
FAQs

Frequently Asked Questions

Does Credenti Auth support enforcing MFA at the lock screen using Okta or Entra ID?

Yes. Credenti Auth integrates with both Okta and Entra ID to enforce MFA directly at the lock screen.

What if my Windows username doesn’t match my IdP username?

Credenti Auth supports username transformation so workstation and IdP identities do not need to match.

Does Credenti Auth work on Windows, macOS, and Linux?

Yes. Credenti Auth fully supports Windows, macOS, and Linux fleets.

Does Credenti Auth support local user provisioning after IdP authentication?

Yes. A local user profile can be created automatically after successful IdP authentication — ideal for non‑domain‑joined machines.

Can Credenti Auth sync the local machine password with the IdP password?

Yes. Password sync ensures the local machine password aligns with the IdP credential.

Can Credenti Auth enforce MFA at the Windows UAC prompt?

Yes. MFA can be required when elevated privileges are requested via UAC.

Can I enforce MFA differently based on user type or user groups?

Yes. MFA can be enforced per Local, Domain, Azure/Entra, Administrator, or Standard user types. You can also enforce or bypass MFA based on Local or Active Directory user groups for granular policy control.

Can MFA be bypassed based on local or AD groups?

Yes. Credenti Auth allows MFA bypass for designated Local or Active Directory groups — ideal for service accounts, break-glass accounts, or trusted operational roles needing streamlined access.

Does Credenti Auth support MFA for remote logins?

Yes. MFA is supported for RDP and VDI environments such as Citrix, Microsoft RDS, and VMware Horizon.

Can I enforce MFA based on network conditions?

Yes. Policies can differentiate between in‑network and out‑of‑network scenarios, and online vs. offline states.

Does Credenti Auth support airplane mode or offline authentication?

Yes. Users can authenticate securely even with no connection.

Can enrolled factors roam with users across machines?

Yes. Offline factor enrollment can roam across devices without requiring re‑enrollment.

Get Started with Passwordless MFA

Frictionless Login. Everywhere You Need It. Replace passwords with passkeys, biometrics, or tokens — across shared and personal endpoints, with or without phones.

Request a Demo
Talk to our Team