No. GoTrust ID computer login will function in connection with a specific authentication server, such server will be installed in the enterprise on-premises or cloud environment managed by enterprise. If your company has Azure AD environment, you can plug-n-play Idem Key for Azure AD managed Windows device without building authentication server.
GoTrust ID computer login can support Windows and MacOS, not Linux OS.
GoTrust ID supports Windows Azure AD, Active Directory (AD) or Hybrid environments.
Yes, GoTrust ID can support local account.
Yes, your phone will communicate via BLE automatically if PC is offline. Besides phone, security key – Idem Key is a recommended login method if internet connectivity is limited.
User can login using an Idem Key under various scenarios, or ask for a designated security code from corporate administrators to complete login. Don’t worry, security code from administrator also supports offline login.
Yes, phone and Idem Key can use for both online and offline login. GoTrust ID phone app provides internet or BLE connection, and we manufacture our own USB security key – Idem Key to provide consistent user experiences.
Yes, GoTrust ID supports Windows 10 version 1809 above and Windows 11.
Yes, GoTrust ID supports Windows Server 2016 and 2019. In Windows Server environment, GoTrust ID phone authenticator will not support BLE communication, it must be internet connected.
Microsoft ended support for Windows Vista on April 11, 2017, ended support for Windows XP on April 8, 2014 and ended support for Windows 7, and Windows Server 2008 on January 14, 2020. Upgrading to a supported version of Windows is necessary for security concerns.
GoTrust ID mobile application supports iOS 10 and above, Android 6 and above.
GoTrust ID provides password-free login experiences for local desktop, Windows Remote Desktop Connection and other remote console tool, such as VMware remote console.
GoTrust ID provides dedicated entry for corporate IT. Enrolled corporate IT can login user’s PC with his or her registered phone authenticator even the PC is offline.
Yes, GoTrust ID supports shared computer multiple user mode. GoTrust ID provides single user mode by default, shared computer mode can be configured by corporate IT.
Network Level Authentication (NLA) for Remote Desktop Connection is a recommended security feature in Windows. We encourage users to enable NLA when performing RDP for higher security. When NLA is enabled, the RDP client prompts for primary authentication – password, remote PC login screen will appear after primary authentication is verified, user can login to a remote PC by GoTrust ID phone authentication.More information about NLA and RDP can be found at the Microsoft site .
Yes. GoTrust ID supports Windows Remote Desktop Connection login.
No. Only Idem Key can be used for GoTrust ID Computer Login.
GoTrust ID Computer Login works with Windows credential provider but cannot be used with other third-party credential providers.
If the network connection is good, user will receive a notification on mobile to request for login authentication without opening the app. However, you need to keep GoTrust ID mobile app open to build BLE connection between phone and computer if network is temporarily not available.
You can perform login by following methods:
To improve fingerprint recognition on the phone, you can try removing and reregistering your fingerprint. Also, when biometrics fail during authentication process, app will also request for passcode to proceed the authentication.
Please allow GoTrust ID to use Touch ID/Face ID, Bluetooth, Camera, etc. while installing GoTrust ID mobile app on your phone. Or go to Settings -> GoTrust ID to enable the settings.
Yes, you can use the same Idem Key to perform secure login on Windows device or cloud FIDO-enabled services.
We suggest one Idem Key only registered under one account and kept by one person as his or her own private login key. Each Idem Key is protected by the PIN which is set by the key owner. If you keep this PIN confidential, your device is still safe even the key was lost. Please report to corporate admin immediately to delete your Idem Key authenticator from AdminPortal if you lost the key.
Yes, corporate IT can configure such settings in the AdminPortal.
Yes, update password dialog box will appear on PC when password expires. Please insert new password in the dialog box and system will update password automatically, old password will be shown in the dialog box automatically which is hidden behind asterisks (******) for security purpose.
Yes, Group Policy configuration settings can be applied to GoTrust ID desktop application installation. You can contact GoTrust team for step-by-step guide. Learn more about installing software using Group Policy from Microsoft Support.
Yes, company can use its software deployment utilities to deploy GoTrust ID desktop application.
Yes, GoTrust ID desktop application can be automatically updated by configuring in AdminPortal.
Please make sure you have passed biometrics verification on the phone right after scanning QR code. PC screen will show “Register Successfully” once biometric authentication on the phone has been verified and phone has completed registration with authentication server.|If problem still exits, please check the connection environment between phone and authentication server.
Please insert your Windows device login password.
Normally one user license account can register 5 computers maximum.
You can enroll multiple phone authenticators or multiple idem keys to login your Windows device.
You can use provided batch file to install GoTrust ID desktop application, such file has already assigned server connection, user can easily complete installation using designated batch file. Another way is creating DNS Forward Lookup Zones as business.gotrustid, Host Name as server with mapping GoTrust ID Server IP address. GoTrust ID desktop application will automatically connect with GoTrust ID server at first launch.
Company can host GoTrust ID server on premises or in the private cloud. It depends on the company’s operational decisions and data protection regulations.
VM download link will be provided by GoTrust or vendor. Ubuntu is the default operating system environment we provide. Windows Server is also provided by request, Windows server license will be prepared by client.
Yes, SSL certificate in .pfx format is required for GoTrust ID server configuration.
Yes, GoTrust ID server supports High Availability (HA) structure to ensure a level of operational performance.
GoTrust ID server can run on Windows server or Linux server.
Accurate and reliable time is highly important for server, PC and phone. Time discrepancy will result in login error. Please use Network Time Protocol (NTP) or other practical method to set correct time for GoTrust ID server.
Idem Key, a physical security device used for authentication, supports FIDO2, PIV, and HOTP functionalities. It adds an extra layer of security to access accounts and systems.
To reset a security key on Windows, begin by opening the “Settings” menu from the Start menu by selecting the gear icon. Then, navigate to the “Accounts” section. Within “Accounts,” select “Sign-in options.” Here, located the option labeled “Security Key.” Once found, click on “Manage” and insert the Idem Key. You will then find the reset option available.
Please be aware that resetting Key will erase all FIDO data. This means if you have previously registered your security key on another application, resetting the security key will render it unusable for login.
Related video: https://www.youtube.com/watch?v=Skx8s5C95c0
To change PIN of Idem Key on Windows, begin by opening the “Settings” menu from the Start menu by selecting the gear icon. Then, navigate to the “Accounts” section. Within “Accounts,” select “Sign-in options.” Here, located the option labeled “Security Key.” Once found, click on “Manage” and insert the Idem Key. You will then find the change option available.
To reset a Idem Key on MacOS via Chrome, begin by opening the “Settings” menu of Chrome. Then, navigate to the “Privacy and security” section. Within ” Privacy and security,” select “Security.” Here, located the option labeled “Manage security keys.” Once into the page, you will then find the “Reset your security key” option available.
Please be aware that resetting Key will erase all FIDO data. This means if you have previously registered your security key on another application, resetting the security key will render it unusable for login.
To change PIN of Idem Key on MacOS via Chrome, begin by opening the “Settings” menu of Chrome. Then, navigate to the “Privacy and security” section. Within ” Privacy and security,” select “Security.” Here, located the option labeled “Manage security keys.” Once into the page, you will then find the “Create a PIN” option available.
The Idem Key supports account authentication for various applications, and the registration process is mostly similar. Typically, you first enter the account settings screen, then navigate to the security or privacy-related page. Once on that page, you select options related to multi-factor authentication or similar. After clicking into it, you’ll see the option for a security key. At this point, you can register your Idem Key.
Related video: https://www.youtube.com/@gotrustidinc.5164/videos
Currently, no one except yourself knows the PIN set for the Idem Key, and if the maximum number of incorrect PIN entries has been reached, resulting in the Idem Key being locked, we can only recommend resetting the Idem Key.
Please be aware that resetting Key will erase all FIDO data. This means if you have previously registered your security key on another application, resetting the security key will render it unusable for login.
GoTrustID is now exclusively designed for enterprise use. Individual application services have been discontinued. If you have enterprise requirements, please don’t hesitate to contact us.
Currently, if utilized by organizational personnel, configuration for computer login with Idem Key necessitates setup by your company’s IT staff through Azure AD (Entra ID) login options.
The client can access the settings by logging into the Microsoft Entra admin center. From there, they should navigate to “Protection/Authentication methods” and then proceed to “Policies.” Under “Policies,” they can select “FIDO2 security key” and enable the option for FIDO2 security key.
As an individual user, you can download IdemPass from the resource page for computer login. IdemPass is specifically designed for standalone login on Windows or Mac computers using the GoTrust Idem Key.
Alternatively, you can refer to the following article on using Idem Key to log in to Windows. This requires meeting Microsoft’s basic requirements, which are listed at the beginning of the article. If your system meets these requirements, follow the instructions in the article to proceed with the setup.
Related article: Microsoft Authentication: Passwordless Security Key Login
The AAGUIDs can be found on page 7 from the link of the document below.
https://gotrustid.com/download/GoTrust_IdemKey_user_manual.pdf
According to the FIDO2 protocol, the storage limit for Idem Key Discoverable Credentials (Resident Keys) is 30.
There isn’t a direct method to delete or view individual resident keys stored in the FIDO2 storage without performing a complete reset of the security key. The standard procedure for managing resident keys usually involves resetting the security key, which leads to the removal of all stored keys.
The NFC antenna of smart phones is located around the rear camera. When sensing, please make sure to place the Idem Key at the top edge of the phone, as demonstrated in the video, or around the rear camera of the phone.
Related video: https://www.youtube.com/watch?v=0DhrFzhHcdU
When you purchase Idem Key, it comes without a default PIN. For applications such as Google account, Facebook, GitHub, and others, when you register Idem Key as a login or two-factor authentication option, the application will prompt you to set a PIN for Idem Key. Once set up, you will be required to enter this PIN whenever prompted to log in.
When the message indicating that the Idem Key is locked appears, it is usually due to entering the wrong PIN too many times. Once locked, you can only reset it and set a new PIN.
When the Idem Key is locked and unusable, it usually accompanies a message like “The FIDO security key has been blocked for security reasons.” At this point, you must reset your Idem Key to unlock it. Please refer to the following instructions for resetting the Idem Key.
Please Keep in mind that resetting the key will erase all FIDO data, making it unusable for login if registered on another application.
Using Idem Key as an option for macOS requires admin account and utilizing the PIV functionality. You must first download Idem Key Manager.
To verify the setup, lock your Mac and ensure that the password field prompts for a PIN when you insert your YubiKey. Attempt to unlock your session using your Idem Key by entering the PIN.
Yes, Idem Key is suitable for use with Apple ID. You can refer to the following link for information on the required device conditions and setup paths. https://support.apple.com/en-us/102637
How to set up: https://www.youtube.com/watch?v=0DhrFzhHcdU
Yes, Idem Key is compatible with ID Austria and can be used instead of using app with biometric verification. For more information, please refer to the link: ID Austria
You can find relevant information on the ID Austria website. Please refer to the link: ID Austria
Regarding the absence of the security key option in Multi-Factor Authentication registration on M365. Please ensure if FIDO2 security key option is enabled in the administrator’s Azure AD (Entra ID) management system. The administrator can follow the steps below to access the settings:
Then the user can check if there is an option to register a security key as part of the multi-factor authentication on M365.
You can purchase Idem Key through the following sales channels:
Idem Key Plus, a derived version of Idem Key, extends support to traditional PKI applications and is available in three versions: Plug-n-play (Middleware-free), PKCS#11, and FISC-II versions.
The PKCS#11 version of Idem Key Plus supports traditional PKI operations through the PKCS#11 library interface, while the Plug-n-play (Middleware-less) version leverages GoTrust’s patented technology to conduct traditional PKI certificate signing operations via the FIDO2 webauthn API, eliminating the requirement for additional middleware.
The FISC-II compliant Idem Key Plus integrates the FISC-II applet—a benchmark for secure and effective financial data interchange and electronic payments between entities in Taiwan. Taiwan’s FISC II standard outlines the requisite guidelines and protocols for deploying and overseeing PKI within the financial arena.
Yes, in addition to its new PKI functionalities, Idem Key Plus retains the FIDO functionalities, offering versatile security options.
No, you don’t have to install any software or driver for using the Idem Key Plus of Plug-n-play (Middleware-less) version. We utilize patented technology to enable seamless plug-and-play certificate support for Web PKI applications.
By leveraging GoTrust’s patented technology, the Plug-n-play (Middleware-less) version enables web applications to directly conduct PKI signature operations through the browser’s FIDO2 webauthn API interface.
Install the PKCS#11 library according to GoTrust’s developer guidelines and utilize it to enable PKI operations within your applications on Windows, macOS, and Linux platforms.
You can conduct a variety PKI-related operations, such as RSA or ECDSA digital signatures, encrypted communications, and identity authentication, among others.
For technical support and guidance on Plug-n-play (Middleware-less), PKCS#11, and FISC-II versions, please contact GoTrust support via email support@gotrustid.com.
Immediately revoke the affected certificates and adhere to the issuer’s guidelines for obtaining and setting up a new security key.
Utilizing advanced encryption technologies and adhering to stringent security protocols, Idem Key Plus offers a high level of security and privacy protection, reinforced by FIPS 140-2 Level and FIDO Security Level 2 certifications.
No, you do not need to complete the transaction by reinserting the Idem Key. We utilize touch mechanism, allowing manual intervention through finger touch, optimizing transaction without the need for reinsertion.
If you have any further questions, please contact GoTrust support via email support@gotrustid.com.
IdemPass is specifically designed for standalone login for Windows or Mac computer by using GoTrust Idem Key. It does not require connection to any server and can login computer even when offline, ensuring seamless access without relying on a network connection.
IdemPass uses a USB Idem Key for authentication, allowing computer owners to easily manage access by giving the key to users. It offers PIN-based, password-free login and control over who can access the computer. Windows Hello, on the other hand, relies on biometric authentication methods like facial recognition, fingerprint scanning, or PINs, and is designed for personalized, individual access without focusing on easy user management across multiple users.
GoTrust ID is an enterprise-level SSO/MFA solution designed for corporate who requires more control of computer login and resource access by their employee. The computer login function of GoTrust ID requires GoTrust server installed by organization and can’t operate independently.
No, your computer does not need to be in any enterprise or organizational environment, such as Windows Azure AD, Active Directory (AD), or Hybrid environments. IdemPass supports local user account as well as domain user login.
Yes, IdemPass supports Windows Azure AD, Active Directory (AD) or Hybrid environments.
Yes, IdemPass is compatible with Windows 10 version 1809 and later, as well as Windows 11 on physical machines, and Windows 10 virtual machines. However, it is not supported on Windows 11 virtual machines.
Yes, it does. Idem Key and recovery options can be use for both online and offline login.
Yes, you can register multiple Idem Keys and we encourage you to register at least 2 Idem Keys like Apple ID does. You can use the 2ndsIdem Key as a backup.
Idem Key is the primary login method. If you accidentally lose your Idem Key or do not have it with you, IdemPass offers backup login options by mobile security code (required to install GoTrust ID mobile APP) and a backup code.
Before installing IdemPass, a system check will be conducted to ensure your environment is compatible for installation. Below is the checklist, and if you encounter any issues, you can refer to the following descriptions to verify your environment:
regedit.msc:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
There must be only {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE} (Default) before installation.
After installation, you must have {E71B458E-11E9-44BE-B3F8-8F0D0874C57D} (IdemPass) and {DDC0EED2-ADBE-40B6-A217-EDE16A79A0DE} (Default).
If there are any other Credential Providers present, please delete them.
After installation is complete, launch IdemPass and follow these steps:
Yes, IdemPass supports multiple user accounts on a single computer. Each user can have their own Idem Key to login.
Yes, one account can register multiple Idem Keys.
On the login screen, select “Other User” and prefix the username with the AzureAD domain, e.g., AzureAD\username.
To log in to a local account under the AD domain, prefix the username with a dot and backslash, e.g., .\username.
On the login screen, select “Other User” and simply enter the username. The system will automatically append the current domain.
To log in to a local account under the AD domain, prefix the username with a dot and backslash, e.g., .\username.
On the login screen, select “Other User” and enter the local account username.
Since IdemPass primarily uses Idem Key for authentication, it must be bound to your IdemPass account. On the IdemPass page, you need to register a new Idem Key before you can delete the old one. If an Idem Key is lost, for security reasons, we recommend removing the lost Idem Key rather than relying solely on backup methods to access your computer. This is important as there is a risk that someone else might use your lost Idem Key to access your computer.
You must have more than one Idem Keys to reset it. If you reset the Idem Key through other methods, such as Windows settings or Chrome settings, you will need to re-register the Idem Key on IdemPass. Resetting the key will erase all stored credentials, meaning any applications or cloud services previously registered with this Idem Key will no longer recognize it for login.
Yes, you can click the reset icon next to the phone name to remove the phone and add a new one.
Yes, you can click “Settings” from the left sidebar. In the setting page, you will see the reset backup code option.
Yes, you can register more than one Idem Key, and they are available for login.
No, changing the PIN will not affect the login process. However, if you reset the Idem Key, you will need to re-register it.
If you haven’t set a password for the computer, you won’t be able to complete the first step of entering the PC password to verify your identity during IdemPass configuration. Skipping or leaving the password field empty is not allowed. Please set a password for the computer first, then proceed with configuring IdemPass for computer login.