Four eyes login

Overview

The four eyes principle is an important security concept in certain industries for certain business processes that require approval from two persons before approval for a single business transaction, for example, log in. The transaction may be continued only on condition both approvers have signed off the process.

Although the effectiveness of this two-tier approval process relies upon the ability, integrity and, diligence of the individuals involved, the damages of a potential inadequate approval may be mitigated, because a second person is always involved in the final approval process.

With this in mind, it becomes evident that when a business process containing four-eyes principle constraints is automatized, the machine must guarantee that two independent users perform the approval steps.  In other words, if User A approves one of the approval steps, the automation must make sure that user A is excluded from the subsequent approval step.

Configuring the Verba four eyes policy

With Verba, it is possible to define an observer user and/or an observer group for each user created in the recording system. If an observer user is defined for a user, the user can only log in with the observer user login information besides her/his original login information. In this way, these types of users can only access the Verba web application with the personal presence of the observer user. The same mechanism is applied when an observer group is defined (any member of the observer group can be an observer user). This is an optional security feature of the Verba system. For detailed information on user configuration, see Find and List Users.

Login with four eyes policy

To add the login information of the observer user, just select the checkbox next to the password input field.

If the provided credentials are not valid, no error message is displayed; the login page is displayed again as part of the security design of the system.