The Secondary user authentication parameter can only be enabled while editing a Client or Client group.
To enable secondary user authentication for a Client (or for all the Clients in a Client group), do the following:
1. Log in to the Management Tool as a user with the Client Configuration Management permission for Clients.
2. Click the Client Management navigation link on the left.
3. On the Client Management page, find the Linux Client which you want to enable secondary user authentication for, and click its name in the Client Name column (or select the Client Groups tab and find the required Client group, and then click on its name in the Client Group Name column).
NOTE: To find specific Clients, the Search box and filters at the top of the Client Management page can be used (or to find specific Client groups, the Search box at the top of the Client Groups page can be used).
4. On the Editing Client (or Editing Client Group) page that opens, select the Authentication Options tab, and in the Two-Factor and Secondary Authentication section, select the Enable secondary user authentication on login checkbox.
5. To exclude any specific users from secondary user authentication, enter the required user names in the Users to exclude from secondary user authentication field, separated by semicolons (e.g. user1;user2;user3).
6. Click the Finish button (in the bottom right) of the page.
7. Secondary user authentication is enabled immediately. When the user starts working with the terminal, they will be prompted to enter their secondary credentials.