A Defender Security Policy object defines a number of authentication settings for Defender users, such as primary and secondary authentication methods, number of allowed failed authentication attempts, lockout and unlock conditions for the user accounts, and allowed logon hours. You can also use a Defender Security Policy object to enable and configure built-in security tokens, such as SMS token, e-mail token, and GrIDsure token.
After creating a Defender Security Policy object, you need to assign it to the appropriate user objects in Active Directory. You can assign a Defender Security Policy in one of the following ways:
If you assign a Defender Security Policy to a Defender Security Server, that policy is applied to the users who authenticate through that Defender Security Server.
If you assign a Defender Security Policy to an Access Node object, that policy is applied to the users who are listed as members of that Access Node.
When a user is a member of an Access Node and no Defender Security Policy is defined for the user explicitly or implicitly, then a default Defender Security Policy applies to the user. For more information, see “Default Defender Security Policy” in the Defender Administration Guide.
To create a Defender Security Policy object
For detailed instructions on how to create and configure a Defender Security Policy object, see “Managing Defender Security Policy objects” in the Defender Administration Guide.
A Defender Security Server object represents a computer on which the Defender Security Server component is installed. Therefore, when creating or configuring a Defender Security Policy object, make sure you specify the correct IP address of the corresponding computer in the object properties.
To create a Defender Security Server object
For detailed instructions on how to create and configure a Defender Security Server object, see “Managing Security Server objects” in the Defender Administration Guide.
An Access Node object defines an IP address or a range of IP addresses from which the Defender Security Server accepts authentication requests. If Access Node is misconfigured, authentication requests may not reach the Defender Security Server and the user cannot get access to the required resources.
To create an Access Node object
After creating an Access Node object, use its properties to assign the Access Node to a Defender Security Server, specify Access Node members (users or groups that will be authenticating through the Access Node), and assign a Defender Security Policy object to the Access Node.
For detailed instructions on how to create and configure an Access Node object, see “Managing Access Node objects” in the Defender Administration Guide.
To assign a security token to a user
Before assigning a hardware token to a user, you may need to import the corresponding hardware token object into Active Directory. For more information about importing and assigning hardware token objects, see “Managing security token objects” in the Defender Administration Guide.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center