Skip to Content

Configure four eyes authorization

  1. Enable four eyes authorization in Settings -> General -> Security

    enabling-four-eyes-auth



  2. Make sure Four Eyes Authorization Privilege is enabled for the user who would be granting access to view ssh logs. Go to Access Control->User-Action and grant the user Four Eye Authorization Privilege.

    acl-four-eyes




  3. Ensure that one of the two factor authentication method Google 2FA, Yubikey, or DUO Security is configured for the four eye authorizing user. In this case we are setting up Google 2FA.

    setup-google-2FA



  4. You have configured Four eyes authorization for viewing ssh logs.  Go to Users->SSH Logs to view the logs
    view-ssh-recordings



  5. The user with four eye authorizing privilege should enter his name and two factor code to authorize the viewing of logs.

    four-eye-authorizing-user


    google-four-eye



  6. The authorization by the four eye privileged user is complete!