In This Article |
Clearlogin Guardian MFA is designed to tightly control access to your resources. Using Guardian MFA requires the sign in of two people:
With Guardian MFA, the designated guardian will use their credentials to sign in on behalf of the user after the user signs in themselves.
In addition to using Guardian MFA to control access to your resources, you can also use it to delegate permissions to a group of guardians who are allowed to reset the passwords for a group of users. For example, in an education environment you can delegate permissions to a group of teachers giving them the ability to reset the passwords of their students.
When planning for Guardian MFA here are the steps to take:
For more information on Clearlogin access rules, refer to the Access Rules article. |
Before associating the guardians with their users, you need to have the access rules configured. For information on creating and configuring access rules, refer to the Access Rules article.
The association with guardians to users is one to many:
Keep in mind that if you created groups in your directory, you can include multiple groups in an access rule. Therefore, you can create an access rule for the guardians that includes multiple groups. Additionally, you are not restricted to just creating one association. You can create as many associations as you need. |
Once you have the access rules configured, use the following steps to associate the guardians with their users: