Skip to main content

Set up Preferred Machine Configuration for Windows Login App

Updated over 5 months ago

Introduction

The Preferred Machines setting allows you to specify which Windows devices can use a domain shared credential. When creating a domain shared credential in the Tenant Admin Portal, you can select one or more preferred machines to restrict usage.

This enhances security by ensuring the credential can only be used on designated devices. The Windows Login app supports this feature, enabling login only on assigned Windows systems.


You can enable preferred machine login in the following ways:

Set Up a Preferred Machine in the Tenant Admin Portal

  1. Pair the Endpoint

    You must pair the endpoint before it can be used with preferred machine login. Choose one of the following methods:

    • Using Auto-Pair Configuration File:
      If the endpoint is paired using an auto-pair config file through the Supervisor App, you must manually enable the Enable Only Preferred Machine Login setting from the Tenant Admin Portal.

    • Using Supervisor App (Pair as Supervisor):
      If the endpoint is paired using the Supervisor App (Pair as Supervisor option), the Enable Only Preferred Machine Login setting is automatically enabled in the Tenant Admin Portal.

    • Download and Pair from Tenant Admin Portal:
      If you download the endpoint config file from the Tenant Admin Portal and pair it using the Supervisor App, the Enable Only Preferred Machine Login setting is also automatically enabled in the Tenant Admin Portal.

      Note: After enabling the preferred machine login setting, click Save to apply the configuration. For detailed instructions, see How to enable Preferred Machine Users in Shared Credentials

  2. Create the Shared Domain Credential

    • Go to Tenant Admin Portal > Users > Shared Credentials > Windows Password.

    • Select Create Password.

    • Select Windows Domain User as Password type.

    • Under Preferred Machine(s), select one or more Windows endpoints from the list.

    • Save the credential.

      For detailed instructions, see How to create shared credentials for Windows login

  3. Assign the Credential

Set up a Preferred Machine while creating shared Windows credentials in the Supervisor App

  1. Pair the Endpoint

    You must pair the endpoint before it can be used with preferred machine login. Choose one of the following methods:

    • Using Auto-Pair Configuration File:
      If the endpoint is paired using an auto-pair configuration file through the Supervisor App, you must manually enable the Enable Only Preferred Machine Login setting from the Tenant Admin Portal.

    • Using Supervisor App (Pair as Supervisor):
      If the endpoint is paired using the Supervisor App (Pair as Supervisor option), the Enable Only Preferred Machine Login setting is automatically enabled in the Tenant Admin Portal.

    • Download and Pair from Tenant Admin Portal:
      If you download the endpoint from the Tenant Admin Portal and pair it using the Supervisor App, the Enable Only Preferred Machine Login setting is also automatically enabled in the Tenant Admin Portal.

      Note: After enabling the preferred machine login setting, click Save to apply the configuration.

  2. Create the Shared Domain Credential

    • Open the Supervisor App.

    • Go to Shared Credential > Create Shared Password.

    • Choose Domain Shared Credential.

    • Select the endpoint under Preferred Machine.

    • Save the credential.

    For detailed instructions, see How to create Shared Credentials using the Supervisor App

  3. Assign the Credential

Related Articles
How to configure endpoint for Windows Login
How to enable Preferred Machine Users in Shared Credentials
Setting up and using Supervisor App
How to create and configure Windows Login Endpoint Template in the Tenant Admin Portal
How to download, install, and configure Windows Authenticator App
Did this answer your question?