Chat now with support
Chat mit Support

Starling Two-Factor Authentication Hosted - Desktop Login Administration Guide

Configuring Push Notifications

Push notifications enable Starling 2FA mobile app to receive requests to approve an authentication attempt. Configuration of push notifications facilitate an end-to-end encrypted communication between the application and a secured authentication service. Accurate configuration of push notification enables the user to Approve or Deny a login attempt. Push notifications are configured by default.

Configure the following Starling 2FA push notification settings:

  • Message: This is the message that would be displayed in the Starling 2FA app. The character limit for the message is mentioned below:
    •  The message must comprise of less than or equal to 50 characters.
    •  The message must comprise of more than or equal to 10 characters.
  • Timeout (seconds): Timeout determines the duration for which the push notification request received on Starling 2FA app is valid. For example, if the value of the timeout is set as 30 seconds, the validity of the notification would last for 30 seconds only. The value can be selected from the drop-down menu. If Other is selected from the drop-down menu, the timeout value must be entered in the Other field that appears below the drop-down menu. The Other option is provided so that a user can customize the timeout value. The default value for timeout is 30 seconds.

Click Save settings after completing the configuration.

Configuring Active Directory Attributes

  • You can specify the user attributes that would be used to retrieve values of the log on user. In the Active Directory attributes window, the config tool allows you to specify the user attributes that would be used to retrieve the user's email address and phone number from Active Directory. The following drop-down menus are available to specify the user attributes:
    • E-Mail attribute (default attribute name - mail) - Select the attribute from the drop-down menu, or type the name of the attribute. The entered name must be an AD user attribute. By default, the following values are available as part of the drop-down menu.
      • mail
      • userPrincipalName
    • Phone number attribute (default attribute name - mobile) - Select the attribute from the drop-down menu, or type the name of the attribute. The entered name must be an AD user attribute. By default, the following values are available as part of the drop-down menu.
      • mobile
      • otherMobile
      • homephone

      NOTE: The mobile phone number value must be in the E.164 format.

    The above mentioned user attributes are used to retrieve the user's email address and phone number from the Active Directory.

     

    Select the Enable LDAP over SSL check box to communicate over secured LDAP connection with Active Directory server.

    Click Save settings after completing the configuration.

  • Configuring Log On Settings

    Configuring Log On Settings

    This configuration enables segregation of users into those who must be authenticated or bypassed, by including or excluding a specific Active Directory group, during login to a computer.

    NOTE: By default all domain users who log on to the computer must authenticate via Starling Two-Factor Authentication. Local users will not be able to log on.

    To configure authentication for the user groups, select one of the following options:

    • Require specified users log on using Starling Two-Factor authentication: Specifies that the users in groups added to the Groups list must authenticate via Starling Two-Factor Authentication when logging on to computers that have Starling Two-Factor Desktop Login installed. By default, this option is selected.
    • Allow specified users to bypass Starling Two-Factor authentication: Specifies that the users in groups added to the Groups list do not have to authenticate via Starling Two-Factor Authentication when logging on to computers that have Starling Two-Factor Desktop Login installed.

    Addition or Removal of Groups

    To add groups into the list box

    1. In the Log on settings page, click Add.

      A Select Group dialog box is displayed.

    2. Search an existing AD group that has to be included/excluded for Two-Factor authentication, and click OK.

      Based on the selected group, the group name and its Active Directory container gets reflected in the list box.

    To remove a group

    Select a group and click Remove.

    Bypassing Starling Two-Factor Authentication

    To bypass Starling Two-Factor Authentication for local user accounts, select the Allow local users to bypass Starling Two-Factor authentication check box. By default, the check box is not selected.

    To bypass Starling Two-Factor Authentication, when the Starling service is unavailable, select the Allow users to bypass Starling Two-Factor authentication when Starling services are unavailable check box. By default, the check box is unchecked and this setting does not permit the user to bypass Starling Two-Factor Authentication, when the Starling service is not available.

     

    Click Save settings after completing the configuration.

    Test your setup

    After the installation and configuration of Starling Two-Factor Desktop Login on the computer, Sign out and Sign In to the computer again.

    Verwandte Dokumente