Skip to main content

Workstation Login for Windows Release Notes

Patches Applied

1.09.00

January 31, 2024

New Features

  • Introduced functionality for utilizing password and OTP MFA through the "More choices" option on the Windows authentication prompt for applications.
  • Added capability to pre-populate passwords on the remote workstation's login screen in case of password redirects from the host workstation.

Enhancements

  • QR and push notification-based login mechanisms have been made configurable, allowing users to easily enable or disable these features as needed.
  • OTP mechanism is now accessible on the Windows lock screen. Users can enable these from the BlockID configurator.
  • Automated installation script has been updated to accommodate new configurations introduced.

1.08.07.01

November 22, 2023

Enhancements

  • Removed validations on the tenant tag in the BlockID configurator.
  • Resolved issue where BlockID Credential Provider would crash when an invalid user attempted to login with a FIDO key.

1.08.07

October 19, 2023

Enhancements

  • Eliminated the requirement for the initial mobile login as a prerequisite for enabling authentication through FIDO keys. As the FIDO assertion is produced using the 1Kosmos platform, the workstation should be connected to the internet to use this feature.

  • Added configuration to enable/disable PIN prompt for logins through FIDO keys on the lock screen.

  • Updated the behavior of UV and UP flags for FIDO login on the credential provider based on the configuration received from the API.

1.08.06

September 21, 2023

Fixes

  • Cross-signed the Credential Provider DLLs through Microsoft. This was required to fix an issue on Windows 11 22H2 workstations where LSA, when enabled, would block the 1Kosmos smartcard driver from loading, resulting in authentication failures.

1.08.05

August 31, 2023

Fixes

  • Resolved an issue where logins would fail due to communication protocol not being initialized in certain situations. This issue was intermittent and the user would see a Username or password is incorrect error, a generic error message displayed by the Windows OS.

1.08.04

August 10, 2023

Enhancements

  • Implemented a cache manager to better manage the local cache. The cache manager handles the API endpoint caching and associated public keys for a maximum of 24 hours, improving overall performance and login time.

1.08.03

July 20, 2023

Enhancements

  • Smart Card Driver DLL files are now signed using a new code signing certificate.
  • Logging Functionality in the BlockID Credential Provider has been amplified.
  • Updated logic to identify PAC URLs. URLS are now treated as a PAC URL if the address contains .pac.
    • This allows the BlockID Credential Provider to recognize PAC URLs that also have a policy parameter. For example, a URL such as http://webproxy.local:3128/proxy.pac?p=15df7tpd5 is now recognized as as a PAC URL by the Credential Provider.

Fixes

Corrected a bug where a connections check through proxy was not taking place.

1.08.00

May 18. 2023

Enhancements

  • Added a timeout to the BlockID Credential Provider when establishing a connection through a proxy to check the system connectivity status and to refresh login tiles.

Fixes

  • Fixed an issue where remote connections through BlockID RDPHelper were failing.

1.07.05

April 27. 2023

New Features

FIDO2 Based Authentication Using Security Keys

FIDO2 authentication using hardware security keys (eg, YubiKey) has been added to the BlockID Credential Provider. Users can enroll their security key using the AdminX control panel. When using FIDO2 login methods, the credential provider sends a FIDO challenge to the security key using CTAP2 protocol. The credential provider validates the signed challenge returned by the key and allows the user to login following successful verification.

Fixes

  • Fixed an issue where BlockID CP smart card login was failing intermittently.

Enhancements

  • Updated the label for passwordless login using QR to QR Login and resized the dialog for a better UX Experience.

1.07.04

February 17, 2023

Enhancements

  • The BlockID CP now caches service directory endpoints to avoid making repeated API calls for fetching data, improving overall performance and login time.

Fixes

  • Fixed an issue where the BlockID CP tiles were repeating in case of multiple user logins through RDP on the same workstation.

1.07.03

January 25, 2023

Enhancements

  • Users can now choose whether to enable or disable automatic restarts for workstations when installing the BlockID CP using batch scripts. Users can choose to restart the workstation by supplying a restart flag.

  • BlockID now has a setting to configure “Login with FIDO” mode. Configuration for this setting can also be automated when running the installation and configuration script.

  • The BlockID CP now updates its available login options when detecting a change in internet connectivity. If the workstation is online, QR Code and Push Notification login options will be available. If the workstation is offline, only OTP login (if enabled in BlockID CP) will be availble.

Fixes

  • Removed test-suite executables FakeWinlogon.exe and NativeLibTest.exe from the BlockID installer package. These are simulators that were present in the package and could be used to test BlockID service and login flow (without invoking BlockID from the login screen). However, these carried no real purpose to the end user and were removed.

  • Fixed an issue where offline authentication using OTP fails after setting a proxy.

  • Fixed an issue where the BlockID service does not start, causing the workstation screen to blur, rendering the log in page inaccessible.

1.07.02

December 07, 2022

New Features

FIDO2 Based Authentication for the BlockID Credential Provider

FIDO2 based authentication has been integrated in the BlockID Credential Provider. Users can now enroll themselves for using the BlockID Mobile Application. When using the FIDO2 login feature, the BlockID Credential Provider sends a FIDO2 challenge to the BlockID Mobile Application for singing. The Credential Provider then validates the signed challenge. After successful account verification the user will be logged in.

Enhancements

  • BlockID now checks the expiration time of cached user certificates before authenticating the user when the machine is offline

Fixes

  • Fixed an issue where proxy settings were not being used when creating new user sessions

  • Fixed an issue where the BlockID tile does not show up on the login screen when the VC++ Redistributable package is not installed on the workstation

1.07.01

September 1, 2022

New Features

Forced Passwordless Authentication

BlockID now allows administrators to force passwordless authentication onto the workstations. This disables the default password provider, and the user has the option to login via QR, Push Notifications, OTP and MFA. Forced passwordless can be turned on using the "Disable Windows Password Provider" option in the Advanced Tab.

CAD Feature

Requiring CAD (Ctrl + Alt + Delete) before users sign in ensures communication through a trusted path when providing credentials. CAD ensures users are not susceptible to attacks that attempt to intercept their credentials when signing in. This feature can be turned on using the "Enforce Ctrl + Alt + Del" option provided in the Advanced Tab of the BlockID Configurator. CAD feature is enabled by default when forced passwordless option is enabled.

Enhancements

  • Ability to re-initialize QR or Push Notification after an error or the user cancels the login attempt.

Fixes

  • Fixed an issue where MFA (username + password + OTP) would not work in certain cases when the workstation is offline.

1.07.00

August 22, 2022

Enhancements

  • The BlockID Credential Provider now caches the session's services and community public keys so as not to make repeated API calls for fetching them. This improves overall performance in using platform microservice for user sessions.
  • The BlockID Credential Provider now verifies if the user account is linked to the DID.

1.06.02

August 1, 2022

New Features

Support for MFA login (User ID + Password + OTP)

BlockID Credential Provider now supports enablement of password factor to be used along with OTP for added security. The user is challenged for their username, password and Workstation OTP (from the BlockID mobile app). This feature can be turned on using the “Allow Password Factor” setting provided in the BlockID Configurator.

Support for BlockID OTP from the BlockID Mobile App

Users can now log in to their workstations using the BlockID OTP, which is displayed on the main screen of the BlockID Mobile App. The BlockID OTP is available by default and can be used when the workstation is online. If the administrator decides to enable hardware tokens for OTP generation, then this feature can easily be disabled.

Support for Hardware OTP Tokens

BlockID can now be configured to use OTPs from enterprise issued hardware tokens such as OneSpan. This feature can be turned on using the “Use Hardware OTP” setting provided in the BlockID Configurator. This authentication feature is available only when the workstation is online.

Enhancements

  • Support for UWL 2.0 sessions
    Internal enhancement where the BlockID Credential Provider uses the platform microservice for generation of user sessions. This enables and supplements the audit trail of user activity.

Fixes

  • User cancel issue on Windows Server 2012 and Windows 8/8.1
    Fixed an issue where the user was not able to cancel QR or Push Notification on workstations or remote machines running Windows Server 2012 and Windows 8/8.1.

1.06.01

May 30, 2022

New Features

Online Login Supported via OTP

BlockID has extended the OTP authentication feature to be used when the workstation is online. The setting can be turned on by the administrator using the “Enable Online OTP" setting provided in the BlockID Configurator. The Workstation OTP available in the BlockID App can be used for generating the time based - OTP to be used for login. The user is now provided with QR, Push Notification and Workstation OTP to login to their workstations.

Enhancements

  • BlockID now has configurations to enable Offline and/or Online OTP modes and also add custom images and labels for the OTP tiles on the login screen. These configurations can also be automated using the installation & configuration script.

  • Updated icons for the Configurator, RDPHelper and installer exe.

1.06.00

May 13, 2022

New Features

Offline Login Supported via OTP

BlockID Credential Provider now supports login via OTP as the authentication factor when the workstation is offline. BlockID identifies when the workstation is not connected and challenges the user to enter “Workstation OTP” from the BlockID mobile application. The pre-requisite for using the Workstation OTP is that the user must have logged in using BlockID QR or Push Notification at least once prior to using the OTP feature.

Deprecated Functionality

  • Deprecated reverse QR scanning feature for offline login.

1.04.00

August 16, 2021

Fixes

  • Removed the "BlockID Initialization..." message on Windows start-up. If the service does not start-up during machine start-up for a fairly considerable time, the Credential Provider waits with the above message which conveys incorrectly that the hold-up is because of BlockID.

1.03.01 - MSI

July 19, 2021

New Features

Install BlockID via GPO

An MSI file was included in addition to the existing BlockID Credential Provider installation executable. This enables administrators to install BlockID via GPO.

1.03.01

June 11, 2021

New Features

Optional Deny Credential Passthrough for RDP

Added a flag on the BlockID Configurator to deny credential passthrough for RDP connections. If the flag is checked, credentials passthrough is disabled on the remote machine (RDP). New configuration to deny credential passthrough is added to the auto installation and configuration script.

Disabled Default Windows Smart Card Credential Provider in Registry

Disabled default Windows smart card credential provider in the registry. This is done to stop users from using PIN on remote workstation to log-in when using RDP.

1.03.00

April 17, 2021

Fixes

  • Fix to pass credentials in case of RDP login using username/password, and to stop BlockID QR pop-up.

Documentation Updates

  • Versioning of the CP has been moved to a new format representing the quarterly release numbers.