It is the responsibility of the Authorizer Administrator or the User Administrator to configure a user account to use two-factor authentication when logging in to Safeguard for Privileged Passwords.
TIP: If you want to use one-touch approvals, download and install the Starling 2FA app onto your mobile device.
( desktop client) To configure users to use Starling Two-Factor Authentication when logging in to Safeguard for Privileged Passwords
- Log in to Safeguard for Privileged Passwords as an Authorizer Administrator or User Administrator.
- Navigate to Administrative Tools | Users.
- Add or edit users, ensuring the following settings are configured:
- Authentication tab:
- Require Secondary Authentication: Select this check box.
-
Authentication Provider: Select the Starling 2FA service provider.
NOTE: If the Starling 2FA service provider is not listed, you must first join Safeguard for Privileged Passwords to Starling. For more information, see Starling.
-
Use alternate mobile phone number: Optionally, select this check box and enter an alternate mobile number to be used for two-factor authentication notifications.
NOTE: If you want to use one-touch approvals, this feature requires a valid mobile phone number for the user. If the user does not have their mobile number published in Active Directory, use this option to specify a valid mobile phone number for the user.
- Contact Information tab:
- Mobile Phone: Enter a valid mobile phone number in E.164 format.
- Email Address: Enter a valid email address.
- Authentication tab:
Now whenever any of these users attempt to log in to Safeguard for Privileged Passwords, after entering their password, a message appears on the login screen informing them that an additional authentication step is required.
NOTE: If the Safeguard for Privileged Passwords user is required to use Starling Two-Factor Authentication and has the Starling 2FA mobile app installed, Safeguard for Privileged Passwords sends a push notification to their mobile device where they can complete the login by pressing a button in the app. If the user does not have the Starling 2FA app, they have the option to receive a one-time password via SMS or a phone call.
( web client) To configure users to use Starling Two-Factor Authentication when logging in to Safeguard for Privileged Passwords
- Log in to Safeguard for Privileged Passwords as an Authorizer Administrator or User Administrator.
- Navigate to User Management | Users.
- Add or edit users, ensuring the following settings are configured:
- Authentication tab:
- Require Secondary Authentication: Select this check box.
-
Authentication Provider: Select the Starling 2FA service provider.
NOTE: If the Starling 2FA service provider is not listed, you must first join Safeguard for Privileged Passwords to Starling. For more information, see Starling.
-
Use alternate mobile phone number: Optionally, select this check box and enter an alternate mobile number to be used for two-factor authentication notifications.
NOTE: If you want to use one-touch approvals, this feature requires a valid mobile phone number for the user. If the user does not have their mobile number published in Active Directory, use this option to specify a valid mobile phone number for the user.
- Contact Information tab:
- Mobile Phone: Enter a valid mobile phone number in E.164 format.
- Email Address: Enter a valid email address.
- Authentication tab:
Now whenever any of these users attempt to log in to Safeguard for Privileged Passwords, after entering their password, a message appears on the login screen informing them that an additional authentication step is required.
NOTE: If the Safeguard for Privileged Passwords user is required to use Starling Two-Factor Authentication and has the Starling 2FA mobile app installed, Safeguard for Privileged Passwords sends a push notification to their mobile device where they can complete the login by pressing a button in the app. If the user does not have the Starling 2FA app, they have the option to receive a one-time password via SMS or a phone call.