Preparing to Use Multi-Factor Authentication

This guide is intended for UNIX or Windows administrators who intend to configure multi-factor authentication for computers managed by Server Suite.

Configuration information for Delinea customers who are not using Server Suite to manage their environment, but want to configure multi-factor authentication to log in Windows computers, should go to Downloading the Server Suite Agent for Windows.

There are two separate scenarios for which you might want to require multi-factor authentication:

• Login access to Server Suite-managed computers.
• As part of a re-authentication process so that users who are attempting to use Application, Network, and Desktop rights on Windows machines, or command rights with elevated privileges or in a restricted shell on UNIX machines, must provide a password and another form of authentication before they can execute the selected command.

With these two scenarios in mind, you can configure multi-factor authentication based on user roles or computer roles, for specific applications, or for individual commands. You can also skip multi-factor authentication for applications that do not support it or for other reasons on a case-by-case basis by enabling and applying group policy or by setting configuration parameters.