Why does Rublon for Windows deny user login (Access Denied)?

Modified on Wed, 07 Feb 2024 at 02:00 PM

The “Access Denied!” dialog says:

Access Denied!

You are not allowed to log on.

Contact your administrator.

What is the "Access Denied!" dialog and when does it appear?

The “Access Denied!” message is a dialog that appears after a user attempts to log in to Windows locally or via RDP, but they are denied access. This message tells the user they cannot log on and asks them to contact their administrator.

What to do after the “Access Denied!” dialog appears?

First and foremost, administrators should look up the log file located in C:\Program Files\Rublon\Logon\Logs\rublon-credential-provider.log and try to find a message about the user getting denied or an error.

The “Access Denied!” dialog can appear in many different scenarios, the following two of which are most common:

  1. No Internet connectivity and OfflineBypass=0: If the endpoint the user attempts to access has no Internet access and the OfflineBypass option is set to 0 in the endpoint’s Windows registry, the user will be presented with the “Access Denied!” message. This is because the Rublon for Windows connector must contact the Rublon API to successfully authenticate the user. To fix the user getting denied in this scenario, restore Internet connectivity on the endpoint or set OfflineBypass to 1. Read more about the OfflineBypass option in Configuration of MFA for Windows Logon and RDP.

  2. FailMode set to deny: If the Rublon API is accessible but returns a 5XX error, the FailMode will fire off. If the FailMode is set to deny, the user will be denied access and presented with the “Access Denied!” dialog. Look up the log file for more information about the error. Read more about the FailMode option in Configuration of MFA for Windows Logon and RDP.

If none of the preceding two worked and the messages in the rublon-credential-provider.log file didn’t help find the issue, administrators can contact Rublon Support. (Make sure to attach the log file to your message.)

Can Rublon for Windows deny me without showing the “Access Denied!” dialog?

Yes, you may have been denied within the Rublon Prompt. In this scenario, the “Access denied!” information is displayed inside the Rublon Prompt instead of in a separate dialog.

 This denial is usually associated with the settings in the Rublon Admin Console. The two most common scenarios are:

  • User status set to Denied: If the user’s status is set to Deny in the Rublon Admin Console, the user will receive the “Access Denied!” message. To fix this, the administrator can change the user’s status to Active.

  • Group status set to Denied: If the user belongs to a group whose status is set to Deny or does not belong to the Permitted Groups added to a given application in the Rublon Admin Console, the user will be denied access. You can learn more about groups in Rublon Admin Console - Groups and Group Policies.

Helpful Links

Configuration of MFA for Windows Logon and RDP

Rublon Admin Console - Groups

Group Policies

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article