Q1. If user lose their Google Authenticator code (or lost their phone), how can we do the code reset?

A1. After generating QR codes, you save the key. At this time, you can also save the recovery code which is any arbitrary string of at least 32 characters. Enter this recovery code in place of Authenticator's 6 digits code. Logging in to your account with the recovery code will erase your Authenticator setting and you can reset your key using AddToken utility.

Q2. If the machine have only single admin, and admin lose the code, is there any way we can recover the access?

A2. The same as A1. Be sure to set the recovery code.

Q3. When a new user logs in, the notification to update their 2FA will appear. Users have to locate GAuthLogon manually and generate their code. Is there any way we can set AddToken utility to be automatically launched when user login if they never generate their code?

A3. The latest version tries to run AddToken utility in such a case.

Q4. When the license expired, will it affect the functionality? E.g. user doesn't get prompt for 2FA?

A4. Yes, it does. GAuthLogon will run as a demo version. Also see Q7 for more detail.

Q5. Does your application able to integrate with Active Directory? I can't seem to find info.

A5. If the question is whether the progran can authenticate AD users, yes, it does. It can authentication local, domain, LiveId and Azuure AD users.

If the question is whether the configuration data is saved AD, no, it does not. It saves the configuration data locally to %userprofile%\AppData\Roaming\RiBiG\GAuthLogon folder. The configuration file can be placed on a shared folder on a server by specifying the location in the local configuration file.

Q6. Does it support Azure AD?

A6. Yes, the version later than 1.0.11.x can authenticate Azure AD users. Once Windows joins Azure AD, the authentication screen shows PIN provider. You can disable the provider by filtering the provider using Conf.exe utility. Refer to the manual for furtherr details.

Q7. The program does not show no code authentication screen after installing the new version.

A7. GAuthLogon runs in the evaluation mode unless a valid license file is installed. In the evaluation mode, it only accepts the key generated by AddToken.exe running in the evaluation mode. If it finds a key generated by the licensed AddToken, it does not show the code authentication screen.

  • If a license expires,GAuthLogon runs in the demo mode but it will find a key generated by the licensed AddToken.
  • When you update the old version with the new one, GAuthLogon runs in the demo mode but it will probably find a key by the licensed AddToken.

In these cases, GAuthLogon does not show the code authentication screen.

For the code authentication to work properly, run AddToken utility and generate a key each time the running mode changes.

Q8. How is the new version( 1.0.11.x ) different from the previous versions?


  • License scheme -- the new verions is based on more robust scheme.
  • License file -- the new version does not accept the license file for the previous ones. The current users will be able to replace the old license files with the new ones for free.
  • Azure AD support -- the new version can authenticate Azure AD users.

Also see this document(PDF)