One Identity Starling Two-factor Authentication for Active Roles
Since Active Roles manages confidential Active Directory user details in both on-premises and cloud based environments, it is appropriate and safer to have an additional security measure such as the two-factor authentication. Active Roles now supports One Identity's Starling Two-Factor Authentication service.
The Starling Two-factor authentication provides enhanced security by necessitating users to provide two forms of authentication to Active Roles, namely a user name and password combination along with a token response. The token response is collected through an SMS, Phone call, or push notification received on a physical device such as a mobile or any other device other than the browser.
Starling Two-Factor Authentication User Access template
On installing Active Roles on a computer, the Starling Join feature is included by default. The Starling Two-Factor Authentication User Access template is generated and displayed as part of the Builtin Access templates. The Starling - Two Factor Authentication User Access template provides the Active Roles users with minimal permissions that includes enabling of mobile and email property for the users.
ARS 2FA Users group
After the Starling Join operation is completed successfully, the ARS 2FA Users group is generated and displayed in the Builtin Container by default. All members of the 2FA group have the Starling Two-Factor Authentication User Access template applied by default.
Pre-requisites to use One Identity Starling 2FA
Active Roles users who can use the Starling Two-factor Authentication feature must satisfy the following conditions:
- The Active Roles users must be members of the ARS 2FA Users group.
- The Active Roles users must have Starling Two-Factor Authentication User Access template permissions applied.
- The Active Roles users must have their mobile number and Email address properties populated.
For information on the mobile number formats that are allowed, see the One Identity Starling User Guide on https://support.oneidentity.com/technical-documents.