Overview

It is now possible for administrators to control or lock specific workstations to Silo organizations.  This is useful for organizations which allow Silo on their organization controlled workstations, but do not want their users to log into their personal Silo accounts from those workstations.


Technical Details

When Silo launches, it collects several pieces of immutable and mutable machine data and transmits that information back to Authentic8.  One bit of immutable data is stored in the registry key: “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner”.  This setting is used by machine lock control to determine “ownership” of the machine.  The workflow is as follows:


A user within our global population tries to log in to the service from a computer

  1. Is the RegisteredOwner attribute of the connecting device in our table of "locked devices"?

  2. If YES, at which org does this lock state exist?

  3. Does the username associated with the login sit at or beneath this org?

  4. If YES, allow the login. If NO, block the login and issue a notification via the client.

  5. If no, the user may log in normally.  


Configuration

This feature can be set by Authentic8 personnel.  Please contact your account rep or deployment engineer for specific recommendations on how best to enable this feature.


Additional Notes

Please Contact Support if you have additional questions or concerns directly here: Support