반품
-
제목
Is it possible to make the Starling attributes mandatory to force Two Factor Authentication? -
설명
A user is configured to use Starling Two Factor authentication (2FA) by being a member of a group in the users.starling file.
However if they do not have the Starling Attributes in Active Directory (Mail and Mobile by default) then they can still logon just using their password.
Is it possible to prevent logon if the Starling Attributes are missing for a user?
-
해결 방안
It is not possible to prevent a user using a password only authentication if they are missing the Starling attributes.
One option is to use an access control file.
For example create a users.allow entry containing a group with all users who currently have Starling attributes and should be allowed access to the host.
Other users could then be added to the access control group once they have the correct Starling attributes configured in Active Directory.