Identification Policy

When ObserveIT's Identification Services are enabled and configured, Forced-Identification users are required to identify themselves by a secondary log on prompt when logging on to any ObserveIT-monitored endpoint.

This topic describes how to configure identification policy settings for Forced-Identification users.

You can configure these policy settings manually per endpoint (Agent) from the Configuration > Endpoints page, or by using Recording Policies to configure many endpoints (Agents) simultaneously.

This feature is supported on Windows-based and Unix-based server policies.

To configure identification policy settings using Recording Policies

  1. In the ConfigurationEndpoint ManagementRecording Policiespage, click Create or select a server policy template (Windows or Unix-based policy).

  2. In the Identification Policy section of the Recording Policy Template page, select the Enforce Login check box. By default, this check box is selected.

    Selecting this check box when no Forced-Identification users have been defined will have no effect.

    If required, you can edit the text of the default message that will be displayed to the user when requested to provide secondary authentication.

  3. Select All Users to enforce a secondary login on all the users who are logged in to the monitored endpoints.

    Or

    Select User to enforce a secondary login on a specific user, enter the required Domain name or select it from the list, and specify the user's Login name. Click the Add button.

    The Domain drop-down list displays all the domains in the Active Directory forest in which the ITM On-Prem (ObserveIT) Application Server is a member. You can select "*" to select all domains.

    By default, the use of domain local groups is disabled. In order to use domain local groups, you must enable the "Allow LDAP local groups" option in the System Settings page of the Web Console.

  4. Select the Save last used login check box if you want to auto-populate the User Name box of the secondary ITM On-Prem (ObserveIT) logon screen with the last logged-on user name.

    If you select this setting, the next user that logs on will be able to see which user was previously logged on to the system. For security reasons, it is recommended that you do not select this setting.

  5. Click Save to save the changes.

    Setting changes will take effect on new user sessions, after the current sessions are closed.