Versions Compared

Old Version 3

changes.mady.by.user Del Gonzalez

Saved on

compared with

New Version Current

changes.mady.by.user Anand Rajaraman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Two-Factor Authentication

To use this feature, the following requirements must be met:

...

  • Enforce Two-Factor Authentication: Administrators can turn on Two-factor authentication using the application's Enforce Two-factor Authentication (Identiv uTrust FIDO2) setting. Once enabled, the operator will be prompted to configure their security key at their next login.

  • Two-factor Authentication "Active" or "Bypass" Status: This setting can bypass Two-factor authentication for an operator. It is visible to operators but can only be changed by the Administrator.

    • “Active” State: This option is selected by default. When enabled, the operator must use their security key to log in.

    • “Bypass” State: When set to "Bypass," the operator won't be required to use a security key to log into the application when Two-Factor Authentication is enforced system-wide. In this state, the operator can log in with only their user name and password.

  • Security Key Management by Operators: When Two-factor authentication is enabled, operatorscan view and manage their security keys from Device Control > Operator under the tab "Two-factor”.

  • Security Key Management by Administrators: Administrators can manage security keys for an operator. Additionally, 3.8.6 introduced a new role specifically for managing Two-factor authentication settings, which can be assigned to other users to help with this task. This role can be found under: "Web Client Multi-Factor > Two-factor Administrator." Users granted this role will be able to:

    • View the list of available operators

    • Adjust the Two-Factor Authentication status for an operator, switching between "Active" and "Bypass" when necessary

    • Add, edit, and delete security keys for operators

Operator Management

Administrators can now manage operator accounts using the Velocity Web client. This can be found under Device Control > Velocity Configuration folder > Operators. Operators can Add/Edit/Delete Operators and manage their restrictions, roles, 2FA requirements, etc.

...

  • Local Machine:

    • Read permissions for searching user accounts

    • Read permissions for getting user properties (specifically password settings)

    • Write permissions to create a new user

    • Read permissions to read user account information

    • Write permissions to remove user membership from the local group

  • Active Directory:

    • Read permissions for searching user accounts

    • Read permissions for getting user properties (specifically password settings)

    • Write permissions to create a new user

    • Read permissions to read user account information

    • Write permissions to remove user membership from an AD group

Installer Enhancements

The following updates have been implemented in the installer to provide an enhanced user experience:

...