Chat now with support
Chat mit Support

Starling Two-Factor Authentication Hosted - HTTP Module Administration Guide

Configuring protected websites

The Starling Two-Factor HTTP Module allows you to protect your websites. You can add the websites that you want to protect in the Protected server sites tab. The tab lists the websites in the Microsoft Web Server (IIS). You can select the required websites that have to be protected. You can enable protection for one or more websites both at server level and at the application level by selecting the appropriate check boxes.

To configure the protected sites

  1. In the Starling Two-Factor HTTP Module Configuration window, click the Protected server sites tab, select one or more websites that you want to secure with the Starling Two-Factor HTTP Module
  2. Click Apply.

To reflect the changes made during configuration after clicking Apply, Starling Two-Factor HTTP Module prompts you to restart IIS. You can click OK to reflect the changes.

NOTE: Web applications having dependent sites will also show Starling Two-Factor authentication page, since they internally access the same URL.

For example, if the user protects OWA web application using Starling Two-Factor authentication, ECP or all dependent websites that also access OWA internally will also see the Starling Two-Factor authentication page. Access control is determined by the most specific path match found.

NOTE: Certain web applications does not allow you to edit the web.config file. It is recommended to avoid protecting these applications from the Two-Factor authentication.

Logging into the client application

When you log in to the protected web site locally or remotely with a valid Active Directory username, Starling Two-Factor HTTP Module sends a push notification to Starling 2FA app automatically. Alternatively, you can click Sign-in with other options link from the Starling Two-Factor Authentication Log-in page. After clicking the link, the Token Response page is displayed. Based on the option selected, the token response is provided through SMS, Phone Call, or the Starling 2FA app.

NOTE: When you try to log in to the Starling Two-Factor HTTP Module for the first time and if the Starling 2FA app is not installed, you will receive an SMS asking you to install the Starling 2FA app.

Use one of the following methods for Two-Factor Authentication.

Using Push Notification

To receive a push notification, your phone number must be registered with your Starling account. You can approve or deny a push notification that is sent to your phone.

NOTE: If your phone does not receive the push notification, perform the following.

  1. Open the Starling 2FA app and go to Requests menu.
  2. Approve the request in the Pending tab to log in to the system.

Using OTP

You can perform the two-factor authentication using one of the following methods for authentication. If the user account is valid and active, they will be authenticated and permitted to access the protected website.

OTP through SMS

To generate OTP through SMS

  1. On the Starling Two-Factor Authentication Token response page, click Send SMS. You will receive an OTP through SMS on the registered phone number

  2. Enter the received OTP in the token response field of the Starling Two-Factor Authentication Token Response page, and click Continue to log in.

OTP through phone call

To generate OTP through phone call

  1. On the Starling Two-Factor Authentication Token response page, click Phone Call. You will receive a phone call on the registered mobile number.

  1. Enter the received OTP in the token response field of the Starling Two-Factor Authentication Token Response page, and click Continue to log in.

Verwandte Dokumente