For some profiles, a step-up verification is required as an additional security measure. A user is prompted to enter an OTP from the Authenticator app to check out a profile.
The following steps need to be done for step-up verification by the administrators:
- Configure the profile policy to enable Step-up verification. See Managing Britive Profile Policies.
- Configure the step-up validity duration. See Configuring Step-up Verification Validity.
The following steps need to be done by the users:
- Register a device for step-up verification. See User Settings.
- Check out a profile. See My Access.
Configuring Step-up Verification Validity
The administrator can configure the Multi-factor Authentication (MFA) Validity period. The user does not need re-verification within this period. The user is verified again after this duration.
- Log in to Britive as an administrator.
- Click on Admin->Security.
- Click on MFA Settings.
- Select the Allowed MFA Options for login and step-up verification. These MFA settings are valid for logging in, checking out a profile, and viewing/editing a secret. Note:WebAuthN verification is not supported for Slack and Teams apps.
- Enter the Step-up Verification Validity in minutes. You can enter any value between 15 and 60. The same verification is used for subsequent profile checkouts within this period. This setting applies only if Remember previous successful Verification from the profile policy is enabled. For more information, see Britive Profile Policies.