Understanding Re-authentication & Justification Text

There might be times you want users to re-authenticate and/or provide justification text about their actions. Justification text is logged to the local event log for later review.

Here, on the left you’ll see a Self Elevate rule, and on the right a standard Elevation rule.

You can see both rule types have the options for Require Justification Text and Force user to reauthenticate.

![A screenshot of a computer

Description automatically generated](/img/product_docs/endpointpolicymanager/endpointpolicymanager/leastprivilege/understanding_re_authentication.webp)

NOTE: See the Endpoint Policy Manager Least Priv Manager: Self Elevate Mode video for a demonstration of Justification text for Self Elevate.

NOTE: See the Endpoint Privilege: Re-Authenticate with Self Elevate video for a demonstration of re-authentication for Self Elevate.

You can force a user to Require Justification Text for normal elevation actions, as well as Self Elevate policies.

The following cases highlight how this might work.

Case 1

Show popup message is selected, but neither sub-option are checked.

When the application launches, the pop up is presented.

Text input from the user is optional. The user must at least click OK to continue and launch the application.

Case 2

Show popup message and Justification text required are selected, but Force user re-authenticate is not.

The pop-up box appears, and user must type in something before continuing onward by pressing OK button.

Case 3

Show popup message and Force user re-authenticate is selected, but Justification text required is not.

The user is required to re-authenticate, but then the pop-up occurs, no text input is required by the user.

Case 4

Force user re-authenticate and Justification text required are both selected.

The User must re-authenticate, then when a pop-up is shown, theuser must type in something before OK is allowed an application proceeds.