Proposed Two-Factor Authentication

Associated with: The System or Root Group

This status attribute is only displayed on systems on which the Enabled check box has ever been selected in the Two-Factor Authentication (2FA) Account Description section of the Root Group tab on the form of the Root Group (see Specify the Two-Factor Authentication (2FA) Account Description).

The status attribute indicates the 'proposed' two-factor authentication configuration of the system. This comprises the values of the Company Name and System Name that are configured in that section of the Root Group tab. These are appended with the text '(ACTIVE)' on a system on which the above-mentioned check box is selected, or '(Not Active)' if the check box is clear.

On a system on which two-factor authentication is yet to be rolled out, this status attribute enables you to view the proposed configuration for that system's two-factor authentication. You should then make any adjustments that are required to that configuration. Once the configuration is ready for deployment, ensure that the Enabled check box is selected for that configuration on the Root Group and then deploy the two-factor authentication configuration across the system using the Deploy 2FA Configuration pick action. This deployed configuration is indicated by the Currently Deployed Two-Factor Authentication Status attribute. Users of User Accounts that are configured to use two-factor authentication are then required to enroll for two-factor authentication before they can access the system. Thereafter, they can only use those User Accounts to access the system from clients that support two-factor authentication (see Considerations and Limitations (2FA)).

On a system on which two-factor authentication is already in use, the status attribute enables you to view the proposed changes to that system's existing two-factor authentication configuration. If the proposed configuration differs from the deployed configuration, you should determine whether the proposed configuration is correct. If need be, adjust, or revert the configuration back to that of the deployed configuration, as appropriate. (For example, if a database import was performed to update the database, if that import included the Root Group, that might have resulted in unintentional changes to the two-factor authentication configuration on the Root Group. If this occurs, change the Root Group configuration back to the required proposed configuration. For more information, see Considerations and Limitations (2FA).)

Care should be taken before triggering the Deploy 2FA Configuration pick action on a system on which two-factor authentication is already deployed. This is because any changes to the Company Name and System Name properties that help to identify the authenticator account that users need to use will not result in any changes to that text on existing authenticator accounts. (Changes to those properties on the Root Group get deployed when the pick action is executed.) Ensure that existing users whose User Accounts are configured to use two-factor authentication are made aware of the changes, so that they know which authenticator account they need to use to access the system.