On installing Active Roles 7.4 on a computer, the Starling Join feature is included by default. The Starling Two-Factor Authentication User Access template is generated and displayed as part of the Builtin Access templates. The Starling - Two Factor Authentication User Access template provides the Active Roles users with minimal permissions that includes enabling of mobile and email property for the users.
After the Starling Join operation is completed successfully, the ARS 2FA Users group is generated and displayed in the Builtin Container by default. All members of the 2FA group have the Starling Two-Factor Authentication User Access template applied by default.
For information on the mobile number formats that are allowed, see the One Identity Starling User Guide on https://support.oneidentity.com/technical-documents.
To allow Active Roles users to use two-factor authentication, add the users to the ARS 2FA Users group. Adding the users to the ARS 2FA Users group enables the minimal permissions on the users through the Starling - Two Factor Authentication User Access template to authorize the users for two-factor authentication.
In case of multiple managed domains, the ARS 2FA Users group must be created manually in each of the domains and the Starling - Two Factor Authentication User Access template must be applied on the group.