If you included the Help Desk Verification Service in the installation of your DualShield server, then the following components with the same name "Help Desk Verification Service" will be automatically created in the MFA server:
Application
Realm
Agent
Logon Procedure
To set up the Help Desk Verification Service, you only need to configure the realm and logon procedure that are used by the Help Desk Verification Service, and you also need to create a new logon policy for the Help Desk Verification Service.
Please follow the steps below:
Set up Realm
For the realm, you simply need to add the AD domain to the realm
Set up Logon Procedure
The logon procedure defines how users can be verified. You need to add logon steps and authentication methods
Add any authentication method that can be used to verify a user's identity, e.g. One-Time Password.
Create Logon Policy
The Help Desk Verification Service is used by the admin or helpdesk team to verify the identity of users. Therefore, you need to make sure that MFA is enabled on all users. The simplest and most reliable way of enabling MFA on all users is to create a dedicated logon policy for the Help Desk Verification Service application.
To create or edit a policy, we need to open the policy editor window first.
Select "Administration | Policies" on the side panel,
To create a new policy, click the "CREATE" button on the toolbar to open the policy editor window.
In the policy editor, firstly select Logon from the Category drop-down list
Policy Bindings
Enter or select the following policy bindings:
Holder:
The policy holder defines the scope of the policy.
Name:
An unique name that describe this policy
Applications:
Optionally, you can bind the policy to a specific applicaiton or a list of applications. To specify the application(s), select the field: Apply policy to these applications
If the field Apply policy to these applications is left empty, then the policy will be applied to all applications.
Policy Options
There are 3 authentication options:
Multi-Factor Authentication is not required for all users
Multi-Factor Authentication is required for users with tokens only
Multi-Factor Authentication is required for all user
Multi-Factor Authentication is not required for all users
This option means that all users will be exempted from 2FA or MFA. This option is typically used to exempt a group of users from 2FA or MFA.
Multi-Factor Authentication is required for users with tokens only
This option means that users who have a 2FA/MFA token in their account will be enforced to login with 2FA/MFA, while those users who do not have a token 2FA/MFA token will be exempted from 2FA/MFA in the logon process.
Multi-Factor Authentication is required for all users
This option means that all users will be enforced to login with 2FA/MFA
Please note that users in the context of a policy include users in the scope of the policy only, i.e. the policy holder.
Create a new logon policy, and apply the new policy to the Help Desk Verification Service application. Also, select "Multi-factor authentication is required for all users"