You can allow users to authenticate to another user’s account by using their own authenticators. For example, if the share authenticator option is enabled, the secretary’s account can be shared with the account of boss and the secretary will be able to authenticate to the account of boss by using her own authenticators.
The authenticators that can be shared are: TOTP, HOTP, Password, Fingerprint, Card, and FIDO U2F.
To share the authenticators of a user with another user, perform the following steps:
Login and specify the name of the user to whom you want to share the authenticators to.
Click the Linked Authenticators tab on the screen.
Specify the user name whose authenticator you want to use. For example, if you want to use secretary's fingerprint to authenticate to the account of boss, specify the name as Secretary-Fingerprint.
Click Save.
Secretary will now be able to authenticate to the account of boss by authenticating with her own fingerprint.
NOTE:
To authenticate to the account of boss, the secretary must have the same method enrolled and the same authentication chain available for the same event.
The shared authenticator cannot be used to login to the Self-Service Portal by design.
The boss must have a chain with the LDAP Password method assigned to the Windows logon, Linux logon, or Mac OS logon event. Boss must authenticate at least once to have the LDAP Password cached on the workstation (for Windows, Linux, or Mac OS Clients).
After the authenticator of the secretary is shared with the account of the boss, the secretary must perform the following steps to get authenticated:
Secretary specifies the username of boss.
Secretary uses her authenticator to authenticate to the account of boss.