How do I create a 2FA user?

When creating users for 2FA you should consider the following.

1. The username should match the credentials the end user will use to access systems on your network.
2. If you are in an enviroment with Active Directory, You will want to create the 2FA user login to match the users AD credentials or their email address. 

We all know users hate to have different logins to do do their work, this keeps it simple to manage and easy for the user.

Adding Users

Adding new users is done from the Users tab. Just hover over the actions menu and click the type of user that you want to add. AuthAnvil Two Factor Auth supports 3 different types of users:

1. Standard User

   Usually a single person with an AuthAnvil token. It is recommended that the username matches the Active Directory username. This type of user also supports the use of “Temporary Passwords”, which allow the user to log on using a password instead of a token for a limited amount of time.

   Usage Scenario: John’s office uses the AuthAnvil Windows Logon Agent for protecting their computer logins. When he logs on, John enters his username of John, his network password, and, in the third field, his PIN and the OTP from his token.

2. Grouped User

   A user that has standard users, who are called members, assigned to it. A grouped user allows multiple users to log on using a shared username. This approach can also be used to create aliases for standard users.

   Usage Scenario: John’s office protects a server with the Windows Logon Agent. The local security policy says that only domain administrators and the user TechAdmin are allowed to log into the server. TechAdmin is a Grouped User of which John and the other technician are members. When they log on, they enter the username TechAdmin and the network password, followed by the PIN and OTP from their individual token.

3. Proxied User

   A user that is a standard or grouped user on another site. Authentication requests are sent to that site instead.

   Usage Scenario: When John is at a client’s office, he uses his normal token. That office’s AuthAnvil server has John as a proxied user, so his authentication request is sent over to his office instead of to the local AuthAnvil server.

Adding Standard Users

1. On the “Users” tab, mouse over the actions menu and click “Add Standard User”
2. In the “General Information” panel, fill in the user’s personal data, and decide whether or not you want them to be a site admin.

   

3. On the “Token Information” panel, decide what kind of token you would like to assign the user.

   

4. Optionally, on the Temporary Password panel, assign the user a temporary password. This password can be used to log into AuthAnvil Two Factor Auth-protected systems for up to 2 weeks (depending on the expiration date) or until a token authentication takes place.

   Note: On creation,a user must be assigned either a token, a temporary password or both. For users who need temporary access to your systems, but you do not want to assign tokens, you can assign temporary passwords for the length of their access.

   Note: Since we cannot conclusively verify the identity of the member of a grouped user using only a temporary password, as multiple users within the grouped user could have the same temporary password, a user cannot use a temporary password to log on as a grouped user that they are a member of.

   

5. Finally, click “Save Changes” to create the user and issue their token.

Adding Grouped Users

1. On the “Users” tab, mouse over the actions menu and click “Add Grouped User”
2. In the “General Information” panel, fill in the grouped user’s personal data, and decide whether or not you want them to be a site admin.

   Note: Making a grouped user a Site Admin allows any member of that grouped user to logon to the AuthAnvil Manager as that grouped user. This is not recommended in most cases.

   

3. Choose the users that you would like to make members of the grouped user from the “Available Members” panel, and they will be added to the “Current Members” panel. Members can be removed from the current members panel as required.

   

4. When you have added all the members that you want, click “Save Changes” to create the grouped user.

Adding Proxied Users

1. On the “Users” tab, mouse over the actions menu and click “Add Proxied User”
2. In the “General Information” panel, fill in the proxied user’s personal data, and decide whether or not you want them to be a site admin.

   

3. Put in the SAS URL and Site ID of the target AuthAnvil server, and click “Save Changes” to create the proxied user.

   

Managing Users

Managing existing users is done from the Users tab. Just click on the username of the user that you would like to manage.

Managing Standard Users

When managing a standard user, you can change the following things:

1. General Information Tab: First Name, Last Name, Email Address, Site Admin Privileges, and whether the user is enabled or disabled.
2. Token Information Tab:

• If the user has no token assigned: Allows the administrator to assign a token to the user.
• If the user has a token assigned, but the token has not been activated:
  1. Resend Enrollment Request: Allows the administrator to resend the enrollment request to the user, in case they did not receive it the first time.
  2. Cancel Self-Enrollment: Cancels a hardware token self-enrollment. A SoftToken enrollment can be canceled by using “Unassign Token” in the Actions Menu.
• If the user has a token assigned and activated:
  1. Disable the token: stops the user from being able to authenticate with their token.
  2. Reset PIN: Allows the administrator to manually change the user’s PIN.
  3. Resync Token: Allows the administrator to manually resync the user’s token.
  4. Send Change PIN Request: Generates a new random PIN and sends the user an email with the PIN requesting that they update the PIN in the Self Service Portal.
  5. Test Token: Run a manual test of the users token.

1. Temporary Password Tab: Whether or not the user has a temporary password, what it is, and when it expires.
2. Actions menu: Unassign the user’s token if the user has a token assigned (whether it’s activated or not), or delete the user.

When finished, click “Save Changes” to save changes, or “Cancel” to cancel them.

Managing Grouped Users

When managing a grouped user, you can change the following things:

1. General Information Tab: First Name, Last Name, Email Address, Site Admin Privileges, and whether the user is enabled or disabled.
2. Current Members and Available Members Tabs: Adding users to and removing users from the group.
3. Actions menu: Delete the user.

When finished, click “Save Changes” to save changes, or “Cancel” to cancel them.

Managing Proxied Users

When managing a proxied user, you can change the following things:

1. General Information Tab: First Name, Last Name, Email Address, Site Admin Privileges, and whether the user is enabled or disabled.
2. Target AuthAnvil Server Tab: What AuthAnvil server this user authenticates to.
3. Actions menu: Delete the user.

Click “Save Changes” when complete to save changes.

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.