You can use this activity to configure Password Manager to use Defender to authenticate users.
Defender is a two-factor authentication solution that authenticates users without forcing them to remember another new password. Defender uses one-time passwords (OTP) generated by special hardware or software tokens. Even if an attacker captures the password, there will be no security violation, since the password is valid only for one-time-use and can never be re-used.
You can use the Defender authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.
Before configuring the settings in this activity, install and configure Defender as described in the Defender documentation.
|
IMPORTANT: To make Password Manager use the Defender authentication, you must install the Defender Client SDK on the server on which Password Manager Service is installed. |
This activity has the following settings:
Use this activity to configure Password Manager to use Starling Two-Factor Authentication to authenticate users.
You can use Starling Two-Factor Authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.
Before using Starling Two-Factor Authentication for authentication, users have to configure it on Starling Two-Factor in General Settings tab on the home page of the Administration site. For more information, see One Identity Starling.
For authentication, you have to enter the Starling Two-Factor Authentication OTP that you have received through SMS, phone call or from the Starling 2FA app, or accept the notification received in your phone. To use Starling 2FA app for push notification or to generate OTP, you must install Starling 2FA app on your device and register your phone number.
This activity requires authentication using one of the following options:
Use this activity to configure Password Manager to use a RADIUS server for two-factor authentication.
It uses one-time passwords (OTP) generated by hardware or software tokens for authentication.
You can use RADIUS Two-Factor Authentication to authenticate users before allowing them to reset or change their passwords, to unlock accounts, or manage Questions and Answers profiles.
Before using RADIUS Two-Factor Authentication for authentication, users have to configure it in General Settings tab on the home page of the Administration site. For more information, see RADIUS Two-Factor Authentication .
Use this activity to include phone-based authentication in a self-service workflow. If your license includes phone-based authentication service, you will be able to configure and use this activity.
If your Password Manager license does not include phone-based authentication service and you want to use this service, please access the Support Portal at https://support.oneidentity.com/.
Before enabling phone-based authentication, make sure that users’ phone numbers stored in AD LDS are in a correct format. The phone number must meet the following requirements:
The USA numbers may not start with 00 or + sign, if they comply with all other requirements and contain 11 digits. For example, the number 1-555-123-3245 will be considered valid.
This activity has the following settings:
You can test the configured settings by clicking the Test settings button and entering the phone number to which a one-time PIN code will be sent.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy