Enabling multi-factor authentication for Windows rights

In addition to the require MFA for login role, which requires users to provide both their password and a second form of authentication to log on to a Centrify-managed Windows computer, you can enable multi-factor authentication for a predefined right. When you define a desktop, application, or network access right, you can choose to enable multi-factor authentication for that right. For example, if you want to require multi-factor authentication before a user can open a privileged desktop, you would issue that user a role with a predefined desktop right that has multi-factor authentication enabled.

To enable multi-factor authentication for a right definition:

  1. Right-click the predefined right after adding it to a role definition.
  2. Select Properties.
  3. Click the Run As tab and select Re-authenticate current user and Require multi‑factor authentication.

    Note:   Before defining this right, you should be aware that multi-factor authentication for Centrify-managed Windows computers relies on the infrastructure provided by the Privileged Access Service.

  4. Click OK.