Retire the
Windows password.
Replace the Windows password prompt with a Monofor Identity push. Cryptographically bound to the user's mobile device, faster than typing, and unphishable.
- Windows credential provider
- Mobile-bound factor
- ~7 minutes to read
From password tile to push approval.
The lifecycle for a clean rollout — prep AD, deploy the client, enroll the user, verify.
- 01
Prepare Active Directory for passwordless flows
Confirm the Monosign user-source mappings, ensure the relevant users are synced, and align AD object permissions with the passwordless requirement set. The configuration guide flags every checkbox you need.
Tip — Watch out for the AdminSDHolder permission issue on tightly-locked-down domains — the help center has a dedicated remediation article. - 02
Install the Monofor Identity Client on the endpoint
Push the Windows client through your MDM or run the installer manually. It registers as a Windows credential provider so it shows up alongside (or replaces) the password tile.
- 03
Enroll the user from Monofor Identity (mobile)
On the Monofor Identity app, scan the QR shown on the workstation. The mobile device becomes a hardware-backed factor for the desktop sign-in.
- 04
Verify the passwordless logon
Lock the workstation, pick the Monofor tile, and approve the push from the mobile device. The desktop unlocks without a password prompt — and the event lands in the Monosign audit log.
The complete walkthrough — with every screenshot, every flag, and version-specific notes — lives in our help center.
Ready to start managing
identities the right way?
Spin up a fully-loaded trial tenant in under five minutes. No credit card. No sales gate.