Assigning Privilege Elevation (Re-authentication) Profile

Finally, you must assign privilege elevation profiles.

  1. For Elevated Privileges Profile, click Privilege Elevation Policies > Privilege Elevation, select Yes for Enable authentication policy controls, and Add Rule > Add Filter, click Authentication Profiles and display the list of existing profiles and select a profile to use or click Add New Profile.

    You can use the same profile for server access, and to re-authenticate for roles and rights that require multi-factor authentication. However, if you want to specify different authentication challenges from which a user can select when executing UNIX commands or accessing Windows applications, select Add New Profile.

    As with the Login Authentication Profile, you can select multiple types of authentication to present for the first and second challenges. However, only the authentication challenges that are applicable for a user can be presented when the user attempts to access privileged Windows rights or execute UNIX commands with elevated privileges (dzdo) or in a restricted shell (dzsh).

  2. Click Save.