Remote Support Two-Factor Authentication

Similar documents
Privileged Remote Access Two-Factor Authentication

Two-Factor Authentication Guide Bomgar Remote Support

Security Provider Integration: Kerberos Server

The specifications and information in this document are subject to change without notice. Companies, names, and data used

LogMeIn Rescue Getting Started with Two-Step Verification. User Guide

Multi-factor Authentication Instructions

Remote Support Security Provider Integration: RADIUS Server

Bomgar Connect Android Rep Console 2.2.6

Remote Support 19.1 Web Rep Console

Privileged Access Management Android Access Console 2.2.2

User Guide for Client Remote Access. Version 1.2

Android Rep Console

Device LinkUp Manual. Android

Soft Token Replacement Guide

Privileged Remote Access SIEM Tool Plugin Installation and Administration

Barracuda Networks Android Mobile App and Multi-Factor Authentication

Bomgar Connect ios Rep Console 2.2.7

Multi-factor Authentication Instructions

Remote Workspace. Nubo End User Guide. Version: 1.3 Date: June, Copyright 2017 by Nubo Inc. All rights reserved. Page 1

MyCardUpdate User Guide Triple E Technologies, LLC

Barracuda Networks Android Mobile Application

Bomgar Connect Android Rep Console 2.2.9

SIEM Tool Plugin Installation and Administration

Security in the Privileged Remote Access Appliance

Smart Lock Solution User Manual APP

CHI Easy Access: Register From on the CHI Network

Dell EMC OpenManage Mobile. Version 3.0 User s Guide (Android)

How to Secure SSH with Google Two-Factor Authentication

Sophos Mobile user help. Product version: 7.1

3D SAFETY ANDROID APPLICATION AND TROUBLESHOOTING

SurePassID ServicePass User Guide. SurePassID Authentication Server 2017

Microsoft Dynamics CRM Integration with Remote Support

MHealth App For My Health Info with Newman Regional Health

Multi-Factor Authentication Enrolment Guide

Zimbra Collaboration Two-Factor Authentication

Contents. Multi-Factor Authentication Overview. Available MFA Factors

IAG Second Factor Delivery Methods

WebADM and OpenOTP are trademarks of RCDevs. All further trademarks are the property of their respective owners.

OneKey Mobile App USER GUIDE

Privileged Remote Access 18.3 Access Console User Guide

Signup for Multi-Factor Authentication

Supporting ios Devices

MFA Pilot Instructions

INSTRUCTIONS FOR CREATING YOUR FBBE ACCOUNT

Premier SMS Quick User Guide PREMIER SMS QUICK USER GUIDE. 24/7 Support

Device LinkUP + VIN. Service + Desktop LP Guide RDP

Two Factor Authentication

Texas Division How to Login and Register for My IT Support and ServiceNow

O365 Exchange on Android

OVERVIEW... 3 WHAT'S NEW... 3 COMPATIBILITY WITH MDM PRODUCTS... 5 CONFIGURE AN MDM MANAGED VPN PROFILE FOR CITRIX SSO... 5

Integration Guide. LoginTC

BMC FootPrints 12 Integration with Remote Support

Sophos Mobile. user help. product version: 8.6

Remote Support Web Rep Console

Quick Start Guide. Wireless IP Camera. Technical Support QG4_A

Security Provider Integration: SAML Single Sign-On

1 Comodo One Home Edition - FAQ

Getting Started with Duo Security Two-Factor Authentication (2FA)

Dell SonicWALL NSA 3600 vpn v

Insight Pro Mobile App and Cloud Portal User Manual

Device LinkUp User Manual OS X

Getting Started Accessing Okta All Employees

Comodo Endpoint Manager Software Version 6.25

Privileged Remote Access Access Console User Guide 18.3

Multi-Factor Authentication (MFA)

Quick Guide ServiceNow Yale

BAE Systems employee app - installation Guide

Administrator IT Guide. Samsung Knox Configure Shared Device

Wi-Fi Setup Guide TM. Model 7320 Universal Programmable Smart Wi-Fi Thermostat. Leave this Setup Guide with thermostat.

HOTPin Software Instructions. Mac Client

Install and upgrade Qlik Sense. Qlik Sense 3.0 Copyright QlikTech International AB. All rights reserved.

NaviGate Prepared App: Using Respond

Administrator s Guide to Allworx Mobile Link for Android

CA Service Desk Integration with Remote Support

Duo Security Enrollment Guide

ShareSync Get Started Guide for Mac

Privileged Remote Access Failover Configuration

Multi-Factor Authentication (MFA)

Getting Started Accessing Okta All Employees

Comodo IT and Security Manager Software Version 5.4

Meeting Room Mode: Setup Guide. Your team s video meetings, managed.

Comodo One Home Edition - FAQ

Colligo Engage Console. User Guide

Login with Amazon. Customer Experience Overview for Android/Fire apps

Citrix SSO for ios. Page 1 18

Duo Enrollment for DA Employees

Comodo Endpoint Manager Software Version 6.25

Dell EMC OpenManage Mobile. Version User s Guide (Android)

Comodo Endpoint Manager Software Version 6.26

Technical Bulletin, November 2014

Mozy. Administrator Guide

Blackboard Transact Mobile eaccounts App. For iphone/ipod Touch/iPad and Android Devices. User Guide

VMware Identity Manager Administration

Software Token Enrollment: SafeNet MobilePASS+ for Apple ios

Supporting Android Devices

The MSU Department of Mathematics "Account Manager" can be used for the following:

Enrolling Devices in Duo

Quick Links on Google Apps. Information about ACC Google Apps and Mail can be found here at

MFA Instructions. Getting Started. 1. Go to Apps, select Play Store 2. Search for Microsoft Authenticator 3. Click Install

Version 2.28 Release Note

Transcription:

Remote Support Two-Factor Authentication 2003-2019 BeyondTrust Corporation. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust Corporation. Other trademarks are the property of their respective owners. TC:2/8/2019

Table of Contents Two-Factor Authentication Setup for BeyondTrust Remote Support Using a Time- Based, One-Time Password (TOTP) 3 TOTP Requirements 3 Time-Based Considerations 3 Activate Two-Factor Authentication 3 Activate and Require Two-Factor Authentication 6 Require Two-Factor Authentication in Group Policies 6 Change or Disable the Authenticator App in BeyondTrust Remote Support 7 Change the Authenticator App 7 Disable Authenticator App - User Side 7 Disable Authenticator App - Admin Side 8 Transitioning from Previous Forms of Two-Factor Authentication in BeyondTrust Remote Support (Email Codes) 9 SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 2

Two-Factor Authentication Setup for BeyondTrust Remote Support Using a Time-Based, One-Time Password (TOTP) BeyondTrust offers you a higher level of security with two-factor authentication, using a time-based, one-time password (TOTP). Besides entering their username and password to log into the administrative interface and the BeyondTrust representative console, users who have this option enabled can use an authenticator app of their choice to receive a one-time code that allows them to securely log in. TOTP Requirements Users must have access to a device capable of generating one-time passwords. This is most often done through a smartphone authenticator app. Users are free to choose a compatible option, unless otherwise directed by their administrator. Examples of compatible authenticators include: Google Authenticator (Android, ios) Authy (Android, ios, WIndows, Linux, Mac) YubioAth Desktop (Windows, Linux, Mac) GAuth Authenticator (Windows Phone) Authentication Codes (Windows 8, Windows 10) OATHTool (command line) 1Password (Android, ios, Mac, Windows) Time-Based Considerations With TOTP, an authenticator app generates a new password approximately every 30 seconds. Because of this, both the authenticator service and the device must be roughly in sync. BeyondTrust allows the clock on the user's device to be one minute off either way of the appliance's clock. If a wider time gap is experienced, the appliance may fail to recognize the codes generated by the user's device. Activate Two-Factor Authentication Depending on your company's security settings, users may have the option to activate two-factor authentication on their own. Alternatively, activation may be pushed by the administrator, in which case users would be asked to do so when logging in. While the activation process described below is similar either way, the differences are also covered. Before you begin, make sure to have a compatible authenticator app on your smartphone. 1. Go to /login > My Account and scroll down to the bottom of the page. Under Two Factor Authentication, click Activate Two Factor Authentication. 2. The window changes to display the QR code and your next steps. If you have not already done so, download and install an authenticator app for your device. In this example we are using BeyondTrust Verify. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 3

3. Follow your app's procedure to scan the code. On the Verify app, tap Add and then Scan QRCode to scan the code shown on the computer screen. Alternatively, you can type in the alphanumeric code that appears under the QR code. This can be useful if the QR code is not displaying properly or if your device is having issues capturing the image. In this example, we are scanning the code, which is the preferred method. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 4

4. Once the app successfully captures the QR code, it generates a token. 5. Enter your password and the token, and click Activate. 6. Once the screen refreshes, it displays a confirmation that twofactor authentication is now enabled for your account. The next time you login to /login or the representative console, you will be required to use two-factor authentication. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 5

Activate and Require Two-Factor Authentication Administrators can require that users enable two-factor authentication on their accounts. To do this, go to Users & Security > Users, select a user to edit and under Account Settings > Two Factor Authentication, and check the Required button. The next time this user tries to login to either the administrative interface or the representative console, a screen displays requiring the activation of two-factor authentication. The setup process is the same as outlined in the previous section. Require Two-Factor Authentication in Group Policies Two-factor authentication can also be defined when creating or editing group policies. Go to Users & Policies > Group Policies > Account Settings > Two Factor Authentication and select Required or Optional, depending on how you want to enforce its use. Note: Like other account settings in group policies, the administrator can decide if two-factor authentication is defined for a specific policy, and if it can be overridden. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 6

Change or Disable the Authenticator App in BeyondTrust Remote Support Change the Authenticator App Once you have set up two-factor authentication for your account using a specific app, you still have the option of changing to a different one. To do so, go to /login > My Account > Two Factor Authentication and click Replace Authenticator App. In the next screen, enter your password and the code on the app, and click Continue. You are taken to the initial setup screen. Repeat the initial setup process but this time with the new authenticator app you wish to use. If this is an app you already used and registered, simply enter the code. If it is a new app, you must scan the QR code again. When done, click Replace App. The previous app is disabled, and you must use the new app selected at the next login. You can always change back or select a different one by repeating the steps above. Note: If you decide to replace you current app, you must begin using a new one. It is not possible to disable two-step authentication from this point. Disable Authenticator App - User Side If you are not required by your administrator to use two-factor authentication, you can disable this feature. IMPORTANT! Due to the enhanced level of security provided by this feature, it is NOT a best practice to disable two-factor authentication. To disable two-factor authentication, go to /login > My Account > Two Factor Authentication and click Deactivate Authenticator App. Enter your password and code on the app, and then click Deactivate. A message displays confirming the feature has been deactivated. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 7

Disable Authenticator App - Admin Side As an administrator, you may remove a user's current authenticator app. Go to the user's settings page, and under Account Settings > Two Factor Authentication, select Remove Current Authenticator App. Scroll to the bottom of the page and click Save. The next time the user logs in, only their username and password will be needed to log into the administrative interface and the BeyondTrust representative console. Note: An administrator may remove a user's current authenticator app whether the user is required to use two-factor authentication or simply chooses to use it. IMPORTANT! If a user's device used for two-factor authentication is lost or reset, a BeyondTrust admin must remove that user's current authenticator app and require that the user set up two-factor authentication again. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 8

Transitioning from Previous Forms of Two-Factor Authentication in BeyondTrust Remote Support (Email Codes) The two-factor authentication method previously in place, known as robust authentication, relied on email codes to verify the user's identity. With BeyondTrust Remote Support version 17.1, this method has been deprecated and replaced with two-factor authentication using a timebased, one-time password (TOTP). Users who were receiving codes to log in will be automatically upgraded to two-factor authentication. When logging in, they will see a message indicating that login codes by email have been deprecated and instructing them to use a time-based, one-time password capable device. The user may, however, continue to use email codes until they register an authenticator app, such as BeyondTrust Verify or Google Authenticator. This not only ensures backwards compatibility with existing security settings for a user's account, but also takes into consideration that an app or device may not be immediately available. In this scenario, a user would continue to see a request to register an authenticator app until they begin using the new two-factor authentication method. Once the user registers an app and begins using the new method, the email code option is permanently disabled. Because email codes are no longer an admin option, the feature cannot be re-enabled once the user begins using the new method. IMPORTANT! A user could request that the administrator stop pushing requests for a device-based two-step authentication at each login. The admin has the option to do so by changing the user's permission from Required to Optional under the user's account settings. However, this also disables emailed login codes permanently. BeyondTrust does not recommend this procedure, since it will degrade the security level on that user's account. It is a best practice and highly recommended that two-factor authentication be enabled. SALES: www.beyondtrust.com/contact SUPPORT: www.beyondtrust.com/support DOCUMENTATION: www.beyondtrust.com/docs 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback