Always-On Mode

Always-On Mode

When an InstaSafe Secure Access (ISA) user has Authentication Type set to ‘Certificate’ instead of Password+Certs, this is defined as Always-On mode.  

In Always-On mode, when the User Agent attempts to connect to the ISA server, the user will be prompted for the username and password only during the installation of the User Agent. In subsequent attempts to connect, the ISA Agent will connect automatically, without user input, using the user-specific certificate for authentication. However, if Two-Factor Authentication (TFA) is enabled for the user or the user group, the user will be served the push notification to select the method for receiving OTP. Additional security parameters such as Device Checks, Device Binding, and Geo Binding will be implemented, if the ‘Extended Validation for Certs’ feature is enabled. 

Authentication Type
ISA User Agent Connection
Password Prompt
2FA (if configured)
Security Checks (if configured)

Password+Certs

On Demand
Yes
Yes
Yes

Certificate 

Always-On 
No
Yes
Yes

     Note: Security checks include Device Binding, Geo Binding and Device Checks 

While the ISA User Agent will not prompt for credential authentication in Always-On mode, users still need to authenticate themselves with their domain credentials in order to login to the domain profile on their systems. As Always-on performs a non-interactive login, authentication is performed based on user and device certificates. 

For more security and compliance requirements where Multi-Factor Authentication (MFA) is mandatory, Always-On mode is not recommended. 


    • Related Articles

    • Advantages of Always-On mode and when it should be implemented

      When an InstaSafe Secure Access (ISA) user has Authentication Type set to ‘Certificate’ instead of Password+Certs, this is defined as Always-On mode. Always-On mode has the following advantages: The InstaSafe User Agent will always be running in the ...
    • Windows ISA App Connection Error "The computer is in offline mode"

      This Article highlights the steps to be taken in case users are unable to connect the ISA App on Microsoft Windows devices and the error message is "The computer is in offline mode". Issue On attempting to connect the ISA App on Microsoft Windows ...
    • ISA Release Notes June 2021

      This Article serves as the Release Notes for the ISA Windows Integrated MFA feature incorporated in the InstaSafe Secure Access (ISA) solution. Why this feature was introduced Two Factor Authentication was required with Always ON ISA connection. ...
    • ISA Windows Integrated MFA

      This Article serves as a Whitepaper for the ISA Windows Integrated MFA feature Introduction A User in InstaSafe Secure Access (ISA) with Authentication Type set to ‘Certificate’ would not be prompted by the ISA App for credential verification and ...
    • Allow Direct Access to Corporate Resources

      This KB article describes how to configure Allow Direct Access from Public IPs. When users are on company premises, they can directly access corporate resources through the corporate network, either wired or using corporate Wi-Fi. However, in ...