You can require a user to log in using two-factor authentication by enabling the Require Secondary Authentication option in the user record.
To require a user to log in using secondary authentication
Setup a secondary authentication provider in Settings | External Integration | Identity and Authentication. For more information, see Adding identity and authentication providers. Or, you may use Starling 2FA. For more information, see Starling.
Depending on the type of authentication provider selected, specify the additional information this user must use when logging into Safeguard for Privileged Passwords with two-factor authentication.
Log in with secondary authentication.
When you log into Safeguard for Privileged Passwords as a user that requires secondary authentication, you log in as usual, using the password that is set for the Safeguard for Privileged Passwords user account. Safeguard for Privileged Passwords then displays one or more additional login screens. Depending on how the system administrator has configured the secondary authentication provider, you must enter additional credentials for your secondary authentication service provider account, such as a secure password and/or security token code.
|
Note: The type and configuration of the secondary authentication provider (RSA SecureID, |
For more information, see To manage your FIDO2 keys.
It is the responsibility of the Authorizer Administrator or the User Administrator to configure a user account to use two-factor authentication when logging into Safeguard for Privileged Passwords.
|
TIP: If you want to use one-touch approvals, download and install the Starling 2FA app onto your mobile device. |
To configure users to use Starling Two-Factor Authentication when logging into Safeguard for Privileged Passwords
Authentication Provider: Select the Starling 2FA service provider.
|
NOTE: If the Starling 2FA service provider is not listed, you must first join Safeguard for Privileged Passwords to Starling. For more information, see Starling. |
Use alternate mobile phone number: Optionally, select this check box and enter an alternate mobile number to be used for two-factor authentication notifications.
|
NOTE: If you want to use one-touch approvals, this feature requires a valid mobile phone number for the user. If the user does not have their mobile number published in Active Directory, use this option to specify a valid mobile phone number for the user. |
Now whenever any of these users attempt to log into Safeguard for Privileged Passwords, after entering their password, a message appears on the login screen informing them that an additional authentication step is required.
|
NOTE: If the Safeguard for Privileged Passwords user is required to use Starling Two-Factor Authentication and has the Starling 2FA mobile app installed, Safeguard for Privileged Passwords sends a push notification to their mobile device where they can complete the login by pressing a button in the app. If the user does not have the Starling 2FA app, they have the option to receive a one-time password via SMS or a phone call. |
It is the responsibility of the Security Policy Administrator to add users to user groups to assign to password policies.
To add a user to a user group
If you do not see the user group you are looking for and are a Security Policy Administrator, you can click Create New in the User Groups selection dialog and add the user group. For more information about creating user groups, see Adding a user group.
It is the responsibility of the Asset Administrator to select one or more users to manage the assets and accounts in a partition. Assigning a user to a partition makes that user the "delegated owner" of that partition, giving that person authorization to manage the assets and accounts in that partition. A delegated partition owner has a subset of the permissions that an Asset Administrator has. For more information, see Administrator permissions.
To assign a user to partitions
If you do not see the partition you are looking for and are an Asset Administrator, you can click Create New in the Partitions dialog. For more information about creating partitions, see Adding a partition.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy