Setup to start using
The operator’s management type must be “privileged administrator” to perform this operation.
To use the Enterprise Authenticator Management feature, you must first obtain authenticators that support this feature.
Please note that commercially available FIDO authenticators cannot be used.
This section explains how to configure the settings required to use the Enterprise Authenticator Management feature.
Operation Procedure
Select “Customer” from the menu.
-
Click the edit icon for Enterprise Authenticator Management Settings.
-
Enter the required fields in the Enterprise Authenticator Management Settings modal.
-
Enable
This setting allows the use of enterprise authenticators.
Once enabled, the following configuration items become editable.Additionally, the following related items will be added to the respective screens:
- Group Policy Management …Adds the “Enterprise Authenticator Settings” section to the two-factor authentication settings.
- Account Management …Adds “Enterprise Authenticator” to the account list.
- Account Management …Adds a “Bulk Assignment of Domain Accounts and Authenticators” icon.
- Account Management …In the credential modal, adds “Authenticator ID” to the list and “Assign Enterprise Authenticator” to the top-right add icon menu.
- Admin Management …Adds “Enterprise Authenticator” to the admin list.
- Admin Management …In the credential modal, adds “Authenticator ID” to the list and a top-right add icon for assigning authenticators.
- Personal Settings …Adds “Vendor” and “Authenticator ID” to the list of usable authenticators.
- Adds the “Enterprise Authenticator Management” screen.
-
Disable
This setting disables the use of enterprise authenticators.
Local Account Device Logon Authenticator Registration Restrictions
Configure whether to restrict enterprise authenticators when registering an authenticator for a local account.
Setting Description Only enterprise authenticators can be registered Any enterprise authenticator can be registered, even without prior assignment. General authenticators cannot be registered. Only enterprise authenticators assigned for the account can be registered Only enterprise authenticators that have been pre-assigned to the account can be registered. General authenticators cannot be registered. Set by Group Policy This setting is managed through group policies. All FIDO authenticators can be registered No restrictions on authenticator registration. Both enterprise and general authenticators can be registered. Domain Account Device Logon Authenticator Registration Restrictions
Configure whether to restrict enterprise authenticators when registering an authenticator for a domain account.
Setting Description Only enterprise authenticators can be registered Any enterprise authenticator can be registered, even without prior assignment. General authenticators cannot be registered. Only enterprise authenticators assigned for the account can be registered Only enterprise authenticators that have been pre-assigned to the account can be registered. General authenticators cannot be registered. All FIDO authenticators can be registered No restrictions on authenticator registration. Both enterprise and general authenticators can be registered. Admin Authenticator Registration Restrictions
Configure whether to restrict enterprise authenticators when registering an authenticator for administrators logging in to the management website.
Setting Description Only enterprise authenticators can be registered Any enterprise authenticator can be registered, even without prior assignment. General authenticators cannot be registered. Only enterprise authenticators assigned for the administrator can be registered Only enterprise authenticators that have been pre-assigned to the administrator can be registered. General authenticators cannot be registered. All FIDO authenticators can be registered No restrictions on authenticator registration. Both enterprise and general authenticators can be registered. -
-
Click the Update button to save your changes.