pGina for Windows Authentication Against Clearlogin Directory


pGina is a pluggable, open source credential provider replacement.  It allows for alternate methods of interactive user authentication and access management on machines running the Windows operating system.

For Clearlogin users pGina is a powerful tool for allowing Windows authentication against Clearlogin Directory (CLD) instead of Active Directory (AD).

pGina does not get installed on your domain controller, but locally on each PC that will be using it.

pGina is a very easy to use tool.  Here's how to install and configure it for use with Clearlogin:

Please refer to the pGina documentation for any questions on how pGina works.

  1. Download pGina from the official website:

    I recommend always using the "Stable" build in a production environment.

  2. Install pGina in the directory of your choice.

  3. Download the latest Clearlogin pGina plugin.

  4. Install the Clearlogin pGina plugin in the same directory that you installed pGina.  Make sure that pGina is closed before starting the installation.

  5. If you are prompted to close the pGina service during the installation, allow the installer to do so.  The service will start back up after the installation has completed.

  6. Launch pGina.

  7. Click on the Plugin Selection tab located on the top of the application window.

  8. On the Plugin Selection screen, highlight Clearlogin Plugin (you may have to scroll down) under Current Plugins and then click on the Configure button.

  9. The Clearlogin Configuration window will pop up.

    Here is where you will need to enter information specific to your organization.

  10. First let's start with API Key.  You can find your organization's API Key by navigating to your Clearlogin admin panel (, and selecting Settings from the navigation bar and then clicking on Public Key.

  11. You will be brought to the Public API Key page.  Here you will be presented with your Public API Key.  Either click on the blue button that says Copy to Clipboard or select the public API Key text and copy it.

  12. Navigate back to the Clearlogin Configuration window in pGina and paste your API Key into the API Key text field.

  13. Next you need to fill in your domain.  This is the domain that you use for your CLD Identity Source.  Mine of course is

  14. The third text field is for entering Access Tags.  You can enter as many Access Tags as you need to by separating them with commas.  Do this in order to define which users you want to allow to log in via pGina on this PC.  Leave the text field blank to allow all users to log in.

  15. Finally we have the last text field which is also for Access Tags.  This field however is specifically meant for defining which users will have local administrative access on the PC when logging in with pGina.  Just like with the previous text field, Access Tags must be separated by commas.  You can also leave this field blank to disallow anyone from having local administrative access.

  16. Once you're done filling in the above information, click on the Save button.

  17. You will be brought back to the Plugin Selection tab.  Click on either Apply or Save & Close to save your changes.

  18. Log out of your PC and you will be presented with the Windows authentication screen which should now say "pGina" and a version number.  Make sure that Service Status (located under the Password field) says Connected.

    If Service Status says Disconnected, please check your API Key and domain settings before continuing.

    Please Note:  You can switch between authenticating via pGina and Windows by selecting either pGina or a user's name from the bottom left hand corner of the Windows log in screen.

  19. To test if your installation worked, log into Windows using your Clearlogin credentials with pGina selected.

    If all went well, you will be presented with the Windows desktop as though you logged into Windows through traditional means.

    Congratulations!  You have successfully configured pGina with the Clearlogin plugin.  All users that you approve will now be able to log into Windows with their Clearlogin credentials.

Engineer's Note:  Every time a user that has never logged into Windows via pGina on the current PC logs in, a new user profile will be created for them and stored locally, the same way that a new user profile would be created if the user was logging into Windows through traditional means.

A few noteworthy pGina Features:

You can use your organization's logo as the pGina avatar by adding it under Title Image at the top of the General tab's page.

You can use the Plugin Order page (accessed by clicking on the Plugin Order tab) to change whether Windows defaults to itself or pGina for authentication.

Make sure that the order of Authentication and Gateway both match.

You can use the Simulation page (located under the Simulation tab) to test which users will and won't be able to log in.  This is similar to Clearlogin's Test All Access Rules box.

If pGina authentication is not working, sometimes restarting your PC and trying again may help since Windows won't always detect registry modifications without a reboot.

Have more questions? Submit a request


Powered by Zendesk