Rublon for Windows Logon supports:

  • Windows Workgroup Accounts

  • Microsoft Active Directory


Rublon for Windows Logon & RDP uses Windows Workgroup Accounts by default. However, many users prefer Microsoft Active Directory, finding it more convenient and flexible. Not only does Rublon for Windows Logon fully support Microsoft Active Directory, but also supports individual email addresses for users. All you have to do is assign an email address to the user’s account in Microsoft Active Directory and Rublon will start identifying the user based on that email address. Emails do not have to be in the same domain.


How Rublon identifies Active Directory users


Rublon identifies users by their email address. Rublon needs to identify a user to start Multi-Factor Authentication for that user.


If a user has no email address assigned to them in Active Directory, Rublon identifies the user by glueing their username with the domain name. The domain name is taken from the emailDomain parameter defined in Windows Registry..


username + @ + emailDomain


Specifying an email address for a user in Active Directory overrides the preceding behavior. You can specify any email address for a user. It does not have to belong to the domain specified in Windows Registry.


Login scenarios


Two login scenarios exist if you are using Microsoft Active Directory:


1. When logging in to Windows, the user provides their domain and login, e.g. RUBLON\bob

  • If user bob has an individual email address assigned in Active Directory, Rublon for Windows uses this address.

  • If no email address is assigned to bob in Active Directory, or retrieving the email address from Active Directory is disabled, then Rublon for Windows uses the emailDomain set in Windows Registry..

2. When logging in to Windows, the user provides their email address, e.g. bob@example.com.

  • If user bob has an email address assigned in Active Directory, Rublon for Windows uses this address.

  • If no email address is assigned to bob in Active Directory, or retrieving the email address from Active Directory is disabled, then Rublon for Windows uses the email address entered during this very login attempt.

Add individual email address to user in Microsoft Active Directory


If you wish to assign individual email addresses to some of your users, follow these steps:


1. Open Active Directory Users and Computers.

2. Select the Users folder.

3. Select the user you want to assign an email address to and open Properties.

4. Select the General tab.

5. Enter the email address in the E-mail field and click OK to save the changes.





Note that the email address does not have to be in the emailDomain specified in Windows Registry.. You can enter any valid email address.


Examples


Refer to the following examples to better understand the behavior of Rublon for Windows Logon in different scenarios.


Initial assumptions


Let’s assume that:

  • You set rublon.com as Email Domain when installing Rublon for Windows Logon, so the emailDomain parameter defined in Windows Registry. is set to rublon.com.

  • You have users bobalice and carol in Microsoft Active Directory.

  • You assigned the following email address to bobbob@example.com.

  • You assigned the following email address to alicealice@test.net.

  • You have not assigned any email address to carol, that is the E-mail field for this user is empty.


Example 1


Let’s also assume that:

  • When logging in to Windows, users provide their domain and login, e.g. RUBLON\username


Then, when Bob attempts to log in to Windows:

  1. Bob provides their domain and login: RUBLON\bob, enters their password and hits Enter.

  2. Rublon looks for the email address for user bob in Microsoft Active Directory.

  3. Rublon finds the email address assigned to user bobbob@example.com and uses this address to identify bob.


Then, when Alice attempts to log in to Windows:

  1. Alice provides their domain and login: RUBLON\alice, enters their password and hits Enter.

  2. Rublon looks for the email address for user alice in Microsoft Active Directory.

  3. Rublon finds the email address assigned to user alicealice@test.net and uses this address to identify alice.


Then, when Carol attempts to log in to Windows:

  1. Carol provides their domain and login: RUBLON\carol, enters their password and hits Enter.

  2. Rublon looks for the email address for user carol in Microsoft Active Directory.

  3. Rublon does not find the email address assigned to user carol because there is no email address defined for user carol in Active Directory (the E-mail field for this user is empty).

  4. Since Rublon identifies users by their email address, Rublon has to somehow come up with an email address for user carol. Rublon does this by glueing the username carol with the domain name rublon.com. The domain name is taken from the emailDomain parameter defined in Windows Registry.


carol + @ + rublon.com


Therefore, Rublon uses the email address carol@rublon.com to identify user carol.



Example 2


Let’s also assume that:

  • When logging in to Windows, users provide their email address, e.g. user@rublon.com.


Then, when Bob attempts to log in to Windows:

  1. Bob provides their email address: bob@example.com, enters their password and hits Enter.

  2. Rublon looks for the email address bob@example.com in Microsoft Active Directory.

  3. Rublon finds bob@example.com in Active Directory and uses this email address to identify bob.


Then, when Alice attempts to log in to Windows:

  1. Alice provides their email address: alice@test.net, enters their password and hits Enter.

  2. Rublon looks for the email address alice@test.net in Microsoft Active Directory.

  3. Rublon finds alice@test.net in Active Directory and uses this email address to identify alice.


Then, when Carol attempts to log in to Windows:

  1. Carol provides their email address, for example: carol@examplemail.com, enters their password and hits Enter.

  2. Rublon looks for the email address carol@examplemail.com in Microsoft Active Directory but does not find a user with such an email address.

  3. Rublon takes the entered email address and uses carol@examplemail.com to identify carol.



Helpful Links


Rublon for Windows Logon and RDP – Documentation

Rublon for Windows Logon and RDP – FAQ

Rublon for Windows Logon and RDP – Release Notes

How can I specify individual email addresses for Windows Workgroup Accounts in Rublon for Windows Logon & RDP?