Rublon for Windows Logon supports:

  • Windows Workgroup Accounts

  • Microsoft Active Directory


This article describes how to specify individual email addresses for Windows Workgroup Accounts in Rublon for Windows Logon & RDP. You might also want to learn how to specify individual email addresses for Active Directory users.


If your users have email addresses in different email domains, you can define individual email addresses for these users. For example, you can have users who have emails in a provided main email domain and also a few users who have emails in different domains.


How Rublon identifies Workgroup Accounts users

 

Rublon identifies users by their email address. Rublon needs to identify a user to start Multi-Factor Authentication for that user.

 

Email addresses can be defined in the Description field of every user in User Accounts. If a user has no email address assigned to them in User Accounts, Rublon identifies the user by glueing their username with the domain name. The domain name is taken from the emailDomain parameter defined in Windows Registry.

 

username + @ + emailDomain

 

Specifying an email address for a user in User Accounts overrides the preceding behavior. You can specify any email address for a user. It does not have to belong to the domain specified in Windows Registry.


Login scenarios

Two login scenarios exist if you are using Workgroup Accounts:


1. When logging in to Windows, the user provides their domain and login, e.g. RUBLON\user1


  • If user user1 has an email address assigned in User Accounts, Rublon for Windows uses this address.

  • If no email address is assigned to user1 in User Accounts, or retrieving the email address from User Accounts is disabled, then Rublon for Windows uses the user domain name set during Rublon for Windows installation.


2. When logging in to Windows, the user provides their email address, e.g. user1@rublon.com.


  • If user user1 has an email address assigned in User Accounts, Rublon for Windows uses this address.

  • If no email address is assigned to user1 in User Accounts, or retrieving the email address from User Accounts is disabled, then Rublon for Windows uses the email address entered during this very login attempt.




Add individual email address to user


If you are using Windows Workgroup Accounts and would like to specify an individual email address for some of your users:


1. Go to your Windows Registry and locate HKEY_LOCAL_MACHINE\SOFTWARE\Rublon\WindowsLogon.


2. Change the value of getLocalUserEmail to 1.


3. Press the Windows and R keys simultaneously. A window will appear. Type netplwiz and click OK.


4. A User Accounts window will appear. Select a user and go to Properties.


5. Select the General tab.


6. Enter the email address in the Description field.


You can specify any email address as long as the email address exists. Email addresses do not have to belong to the domain specified in Windows Registry.


Rublon does not support email addresses in the Description field in Windows Server 2012.


Examples

 

Refer to the following examples to better understand the behavior of Rublon for Windows Logon in different scenarios.

 

Initial assumptions

 

Let’s assume that:

 

  • You set rublon.com as Email Domain when installing Rublon for Windows Logon, so the emailDomain parameter defined in Windows Registry. is set to rublon.com.

  • You have users bobalice and carol in User Accounts.

  • You assigned the following email address to bobbob@example.com.

  • You assigned the following email address to alicealice@test.net.

  • You have not assigned any email address to carol, that is the Description field for this user is empty.



Example 1

 

Let’s also assume that:

  • When logging in to Windows, users provide their domain and login, e.g. RUBLON\username

 

Then, when Bob attempts to log in to Windows:

  1. Bob provides their domain and login: RUBLON\bob, enters their password and hits Enter.

  2. Rublon looks for the email address for user bob in User Accounts.

  3. Rublon finds the email address assigned to user bobbob@example.com and uses this address to identify bob.

 

Then, when Alice attempts to log in to Windows:

  1. Alice provides their domain and login: RUBLON\alice, enters their password and hits Enter.

  2. Rublon looks for the email address for user alice in User Accounts.

  3. Rublon finds the email address assigned to user alicealice@test.net and uses this address to identify alice.

 

Then, when Carol attempts to log in to Windows:

  1. Carol provides their domain and login: RUBLON\carol, enters their password and hits Enter.

  2. Rublon looks for the email address for user carol in User Accounts.

  3. Rublon does not find the email address assigned to user carol because there is no email address defined for user carol in User Accounts (the Description field for this user is empty).

  4. Since Rublon identifies users by their email address, Rublon has to somehow come up with an email address for user carol. Rublon does this by glueing the username carol with the domain name rublon.com. The domain name is taken from the emailDomain parameter defined in Windows Registry.

 

carol + @ + rublon.com

 

Therefore, Rublon uses the email address carol@rublon.com to identify user carol.

 

 

Example 2

 

Let’s also assume that:

  • When logging in to Windows, users provide their email address, e.g. user@rublon.com.

 

Then, when Bob attempts to log in to Windows:

  1. Bob provides their email address: bob@example.com, enters their password and hits Enter.

  2. Rublon looks for the email address bob@example.com in User Accounts.

  3. Rublon finds bob@example.com in User Accounts and uses this email address to identify bob.

 

Then, when Alice attempts to log in to Windows:

  1. Alice provides their email address: alice@test.net, enters their password and hits Enter.

  2. Rublon looks for the email address alice@test.net in User Accounts.

  3. Rublon finds alice@test.net in User Accounts and uses this email address to identify alice.

 

Then, when Carol attempts to log in to Windows:

  1. Carol provides their email address, for example: carol@examplemail.com, enters their password and hits Enter.

  2. Rublon looks for the email address carol@examplemail.com in User Accounts but does not find a user with such an email address.

  3. Rublon takes the entered email address and uses carol@examplemail.com to identify carol.





Helpful Links


Rublon for Windows Logon and RDP – Documentation

Rublon for Windows Logon and RDP – FAQ

Rublon for Windows Logon and RDP – Release Notes

How can I specify individual email addresses for Active Directory users in Rublon for Windows Logon & RDP?