Configure Multi Factor Authentication
Enabling Two Factor Authentication
Two factor authentication can be enabled under Auth profile tab in Identity management Section. The admin can set a global auth profile which will enable different primary authentication methods as well secondary authentication for all users. Exclusion to Auth profiles can also be created for individual user or user group.
The various method of primary Authentication availabe are
- Password- Logging into ZTAA directly via password.
- AD- Logging into ZTAA via AD credentials.
- SAML and Oauth- Logging into ZTAA via organisations SSO.
The various method of Secondary Authentication availabe are
To configure Global Auth Profile
1- Go to Auth Profiles tab under Identity Management.
2- Edit the Global Authentication profile.
3- Select the Primary mode of Authentication. In the Secondary Authetication enable OTP.
4- You may choose IP based filtering if you require else this can be skipped. This can be enabled later.
5- Set additional policies as per your organisations requirement.Click on Update once done.
The global Authentication Profile is now set.
The method to set up 2FA in ZTAA a can also be seen in the video given below.
Adding Individual and Group level Exclusions
The Global auth profile is applicable on all users except for whom specific exclusions are provided.Exclusions can be configured for individuals as well as for user groups. Individual User exclusion takes precedence over Group exclusions which in turn preceeds Global Auth Profile.
1- Under the Exlclusion Tab select individual or Group based upon your requirements.
2- Add a new exclusion rule. Add User/User group to the rule.
3- Select primary and secondary method of authenticaton.
4- Create additional rules as per your organisations requirment.
5- Click on Update once Done.