Versions Compared

Old Version 1

changes.mady.by.user Anand Rajaraman

Saved on

compared with

New Version Current

changes.mady.by.user Anand Rajaraman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Two-Factor Authentication

To use this feature, the following requirements must be met:

  • Secure Connection (HTTPS): The system must be set up securely to use HTTPS and an SSL certificate from a trusted certificate authority (CA) to enable Two-factor authentication.

  • Identiv uTrust FIDO2 NFC+ keys (USB-C and USB-A): A security key will be required for two-factor authentication. These keys are available for purchase on multiple e-commerce websites or through our sales representativesteam.

Features and Settings added to support this change:

  • Enforce Two-Factor Authentication: Administrators can turn on Two-factor authentication using the application's Enforce Two-factor Authentication (Identiv uTrust FIDO2) setting. Once enabled, the Operator operator will be prompted to configure their security key at their next login.

  • Two-factor Authentication "Active" or "Bypass" Status: This setting can bypass Two-factor authentication for an Operatoroperator. It is visible to Operators operators but can only be changed by Administratorsthe Administrator.

    • “Active” State: This option is selected by default. When enabled, the Operator operator must use their security key to log in.

    • “Bypass” State: When set to "Bypass," the Operator operator won't be required to use a security key to log into the application when Two-Factor Authentication is enforced system-wide. In this state, the Operator operator can log in with only their account credentialsuser name and password.

  • Security Key Management by Operators: When Two-factor authentication is enabled, Operatorsoperatorscan view and manage their security keys from Device Control > Operator under the tab "Two-factorfactor”.

  • Security Key Management by Administrators: Administrators can manage security keys for an Operatoroperator. Additionally, 3.8.6 introduced a new role specifically for managing Two-factor authentication settings, which can be assigned to other users to help with this task. This role can be found under: "Web Client Multi-Factor > Two-factor Administrator." Users granted this role will be able to:

    • View the list of available Operators.operators

    • Adjust the Two-Factor Authentication status for an Operatoroperator, switching between "Active" and "Bypass" when necessary.

    • Add, edit, and delete security keys for Operators.operators

Operator Management

Administrators can now manage operator accounts using the Velocity Web client. This can be found under Device Control > Velocity Configuration folder > Operators. Operators can addAdd/Edit/Delete Operators and manage their restrictions, roles, 2FA requirements, etc.

...

  • Local Machine:

    • Read permissions for searching user accounts.

    • Read permissions for getting user properties (specifically password settings)

    • Write permissions to create a new user.

    • Read permissions to read user account information.

    • Read permissions to read user account information.

    • Write permissions to remove user membership from the local group.

  • Active Directory:

    • Read permissions for searching user accounts.

    • Read permissions for getting user properties (specifically password settings)

    • Write permissions to create a new user.

    • Read permissions to read user account information.

    • Write permissions to remove user membership from an AD group.

Installer Enhancements

The following updates have been implemented in the installer to provide an enhanced user experience:

...