Starling Two-Factor Authentication Hosted - Desktop Login Administration Guide

Configuring Push Notifications

Configuring Push Notifications

Push notifications enable Starling 2FA mobile app to receive requests to approve an authentication attempt. Configuration of push notifications facilitate an end-to-end encrypted communication between the application and a secured authentication service. Accurate configuration of push notification enables the user to Approve or Deny a login attempt. Push notifications are configured by default.

Configure the following Starling 2FA push notification settings:

  • Message: This is the message that would be displayed in the Starling 2FA app. The character limit for the message is mentioned below:
    •  The message must comprise of less than or equal to 50 characters.
    •  The message must comprise of more than or equal to 10 characters.
  • Timeout (seconds): Timeout determines the duration for which the push notification request received on Starling 2FA app is valid. For example, if the value of the timeout is set as 30 seconds, the validity of the notification would last for 30 seconds only. The value can be selected from the drop-down menu. If Other is selected from the drop-down menu, the timeout value must be entered in the Other field that appears below the drop-down menu. The Other option is provided so that a user can customize the timeout value. The default value for timeout is 30 seconds.

Click Save settings after completing the configuration.

Configuring Active Directory Attributes

Configuring Active Directory Attributes

  • You can specify the user attributes that would be used to retrieve values of the log on user. In the Active Directory window, the config tool allows you to specify the user attributes that would be used to retrieve the user's email address and phone number from Active Directory. The following drop-down menus are available to specify the user attributes:
    • E-Mail attribute (default attribute name - mail) - Select the attribute from the drop-down menu. By default, the following values are available as part of the drop-down menu:
      • mail
      • userPrincipalName
    • Phone number attribute (default attribute name - mobile) - Select the attribute from the drop-down menu. By default, the following values are available as part of the drop-down menu:
      • mobile
      • homephone

      NOTE: The mobile phone number value must be in the E.164 format.

    The above mentioned user attributes can be used to retrieve the user's email address and phone number from the Active Directory.

    NOTE: If the default attributes are not applicable to your organization, the user can customize the LDAP attributes using the ConfigurationUtility.exe.config file.

    Select the Enable LDAP over SSL check box to communicate over secured LDAP connection with Active Directory server.

    Click Save settings after completing the configuration.

  • Configuring Log On Settings

    Configuring Log On Settings

    This configuration enables segregation of users into those who must be authenticated or bypassed, by including or excluding a specific Active Directory group, during login to a computer.

    NOTE: By default all domain users who log on to a computer that has Starling Two-Factor Authentication Desktop Login installed must authenticate via Starling Two-Factor Authentication. Local users will be unable to log on.

    To configure authentication for the user groups, select one of the following options:

    • Require specified users log on using Starling Two-Factor authentication: Specifies that the users in groups added to the Groups list must authenticate via Starling Two-Factor Authentication when logging on to computers that have Starling Two-Factor Authentication Desktop Login installed. By default, this option is selected.
    • Allow specified users to bypass Starling Two-Factor authentication: Specifies that the users in groups added to the Groups list do not have to authenticate via Starling Two-Factor Authentication when logging on to computers that have Starling Two-Factor Authentication Desktop Login installed.

    Addition or Removal of Groups

    To add groups into the list box, click Add. A Select Group dialog box displays. Select a group by entering relevant text in the text box. The added group's name and its path in the AD, gets reflected in the list box. To remove a group, click Remove.

    Unavailability of Starling Services

    If the user is required to bypass Starling Two-Factor Authentication, when the Starling service is unavailable, select the Allow users to bypass Starling Two-Factor authentication when Starling services are unavailable checkbox. By default, the checkbox is unchecked and this setting does not permit the user to bypass Starling Two-Factor Authentication, when the Starling service is not available.

     

     

    Click Save settings after completing the configuration.

    Network Diagram

    Figure 2: Network Diagram: Starling Two-Factor Desktop Login

    Related Documents