After a user authenticates to Retain by entering a correct username and password, Retain must then determine whether additional authentication is required before granting access to its archives and administrative functions.
Figure 6-2 illustrates how Retain determines additional authentication requirements and provides a high-level overview of how and when processes happen.
Figure 6-2 Authentication - Part 2
Table 6-2 Authentication - Part 2
Letter |
Explanation |
---|---|
|
All other users start the authentication process by entering a Username and Password. |
|
After the request is validated as illustrated in Figure 6-1, Retain accesses the user’s configuration settings to determine whether there are MFA requirements. User settings always override group settings. |
|
If a user’s MFA setting Is Blank (not set): Retain checks the Configuration Group’s MFA setting, as explained in H below. |
|
If a user’s MFA setting is Enabled: Retain displays the MFA prompts defined in the applicable NetIQ Advanced Authentication configuration. For more information about configuring Retain to interface with NetIQ Advanced Authentication, see |
|
If a user’s MFA setting is disabled: Retain verifies the username and password and logs the user in. |
|
If a user’s MFA setting is blank (C), Retain uses the applicable Configuration Group’s setting as follows:
|
|
If the user completes the MFA requirements successfully, Retain recognizes the authentication as valid. |
|
If the user fails the MFA requirements, Retain rejects the authentication request and notifies the user |
See the following sections for more information on Multi-factor Authentication in Retain: