Replies: 2 comments 1 reply
-
|
Hi, @jojobgl Yes, it is possible to let operators who are neither domain administrators nor local administrators manage the majority of the settings of the MFA module. However, this functionality is specific to ADFS and not to the MFA module. Then your helpdesk will be able to use powershell commands and the administration console. refer to the list of supported Powershell commands (marked A).
To generate a TOTP key, get-help Add-MFAUsers -Detailed Bulk import regards |
Beta Was this translation helpful? Give feedback.
-
|
I tested it, but is this also remote possible? I installed the mmc on another machine and only get the "you have to be admin" message. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @jojobgl There are prerequisites, have you read them? It is indicated that certain PowerShell commands can be executed remotely (using the Windows WinRM infrastructure) Under no circumstances should you install the console on another machine, this will never be the case, the plugin should only be installed on ADFS servers (not WAP proxies). This is not supported! and for security reasons it never will be. If your HelpDesk operators are ADFS delegated administrators, they have every right to access ADFS machines (with restricted possibilities), these rights are granted in the ADFS configuration and the plugin only respect this configuration. regards |
Beta Was this translation helpful? Give feedback.
-
Hello,
I read in the Changelogs, that it should be possible to give non ADFS Admins the right to set new TOTP Keys for Users.
We want set the possiblity to our Helpdesk.
How is this possible, in the Documentation I found nothing.
Beta Was this translation helpful? Give feedback.
All reactions