Chat now with support
Chat with Support

Defender 6.3.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Assigned Users

This tab provides a list of users to whom the token is assigned. You can use this tab to assign or remove the token from users.

  • Assign  Allows you to assign the token to one or more users.
  • Unassign  Removes the token from the users or groups selected in the Assigned Users list.

Import Wizard reference

The table below provides information about the Import Wizard steps and options.

 

Table 8:

Import Wizard reference

Wizard step

Your action

File and Key

Browse for and select the file that contains the definitions of the token objects you want to import, and then specify the key for the file.

You can use the following options:

  • Filename  Click Browse to locate and select the file that contains the definitions of the token objects you want to import.
  • Key  Type or paste the key for the file selected in the Filename option.

Available Tokens

In the list, select the token objects you want to import into Active Directory.

You can use the following buttons:

  • Select All  Selects all token objects in the list.
  • Clear All  Clears currently selected tokens.

You can hold down CTRL and click in the list to select token objects.

If the token objects in the list support both synchronous and asynchronous modes, the following check boxes are available:

  • Response Only  When selected, causes the token objects to operate in the synchronous (response only) mode.
  • Challenge Response  When selected, causes the token objects to operate in the asynchronous (challenge-response) mode.

If the token objects in the list support both OTP1 and OTP2 applications, the following check boxes are available:

  • OTP1  When selected, causes the token to generate a first one-time password (OTP1).
  • OTP2  When selected, causes the token to generate a second one-time password (OTP2).

If you select only one of these check boxes, make sure to instruct the token users which button they should press on their hardware tokens for generating one-time passwords.

For example, when you import DIGIPASS 280 token objects and select the OTP1 check box while leaving the OTP2 check box cleared, then the token users should generate one-time passwords by pressing the OTP1 button on their DIGIPASS 280 tokens. In this scenario, pressing the OTP2 button will generate invalid one-time passwords.

Storage Location

Specify the Active Directory container in which you want to store the token objects being imported. Click the Select button to browse for and select the container.

The default container is Defender | Tokens.

If you change the default container, ensure that the Defender Security Server service account and the Defender administrator account have sufficient permissions on the new container you specify.

Import Progress

View the progress of the hardware token import.

Managing Defender Security Policies

You can use the Defender Administration Console to create and configure Defender Security Policies. A Defender Security Policy can be assigned to a user, group of users, Access Node, or Defender Security Server.

If a different Defender Security Policy is applied to each of the above elements, the policy assigned to the user takes the highest priority, followed by the policy assigned to the group, then the policy assigned to the Access Node and finally, the policy assigned to the Defender Security Server. Security Policies cannot be aggregated.

Logon attempts made by the user are rejected if the user belongs to two groups with conflicting security policies and both groups are assigned to the Access Node through which the user connects to the Defender Security Server.

If no Defender Security Policy has been assigned, the default Defender Security Policy is applied. For more information, see Default Defender Security Policy.

When you have defined the Defender Security Policy, you can use its property pages to:

  • Change the Defender Security Policy configuration.
  • Change user account lockout information.
  • Configure password and PIN expiration policies.
  • Specify permitted logon hours.
  • Configure settings for SMS tokens.
  • Configure settings for e-mail tokens.
  • Configure settings for GrIDsure tokens.

Creating a Defender Security Policy object

To create a Defender Security Policy

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node, and then expand the Defender container.
  3. Right-click the Policies container, point to New, and then click Defender Policy.
  4. Complete the wizard that starts to create a new Defender Security Policy.

    For more information about the wizard steps and options, see New Object - Defender Policy Wizard reference.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating