Looking for easier access while using strong two-factor authentication? You can accomplish this by using multiple SoftTokens, one on your smartphone and one on a YubiKey. With the Grouped Users feature in AuthAnvil you can tie two SoftTokens to one user and simplify your access control.
If you already have an AuthAnvil SoftToken running on your smartphone, you may feel like you don’t want to give up the flexibility of having your authenticator on your phone. We understand that. We also know that you want fast access to the environments that you need to log into each day, and think you shouldn’t have to sacrifice that time savings so you can have another app on your phone.
So why not use both?
This is exactly what Grouped Users are for in AuthAnvil Two Factor Auth. Imagine you had a user with the windows account name of Bob. He has an iPhone and still wants the benefits of a YubiKey. Here is our suggestion:
- Create a Standard User called Bob-iPhone and assign a SoftToken to the account.
- Create a Standard User called Bob-YubiKey and assign a SoftToken to the account.
- Create a Grouped User called Bob and assign Bob-iPhone and Bob-YubiKey to the account.
At this point, you now have the ability to log into any resource that supports Bob with any of those three accounts. When you use “Bob”, you can use either SoftToken. In the audit system, you will get an event that says something like:
Grouped User ‘Bob’ was logged on by member ‘Bob-YubiKey’.
You can use this same methodology for shared accounts like “Administrator” or “root”, binding the authentication transaction with the actual account used. This is very useful when needing to audit just which technician logged into a critical account on a firewall, router or domain controller.
NOTE: When using two accounts bound together like this, the AuthAnvil licensing system sees this as two separate seats. You are not charged for the grouped user, but are charged for both accounts. The balance of cost vs. time saving in OTP entry has to be considered to ensure you are meeting your budget for authentication use. Most customers find the ROI if they log into more than five systems in any given day where an AuthAnvil credential is used. Take a look at your login workflow and account for this accordingly.
Comments