Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Hardware Tokens tab

Hardware Tokens tab

In the Default hardware token list, select a hardware token that will be automatically selected for the users when they go to the universal token registration URL shown on the General tab.

E-mail Settings tab

E-mail Settings tab

Use the E-mail Settings tab to configure settings for sending e-mail messages to the Defender Self-Service Portal users.

In the SMTP server settings area, use the following options:

  • SMTP server  Type the name or IP address of the SMTP server you want to use for sending e-mail messages to the Defender Self-Service Portal users.
  • Port  Type the port number at which you want to connect to the SMTP server.
  • SMTP server requires authentication  Select this check box if the SMTP server requires authentication. Then, type the user name and password of the account with which you want to authenticate on the SMTP server.

In the Sender details area, use the following options:

  • From  Type the e-mail address you want to appear in the From field of the e-mail messages sent by the Defender Self-Service Portal.
  • Select how to address the user in e-mail messages  Select by which name you want to address the user in e-mail messages sent by the Defender Self-Service Portal.

PIN Settings tab

PIN Settings tab

Use the PIN Settings tab to configure PIN settings for the tokens requested or registered via the Defender Self-Service Portal.

On this tab, you can use the following elements:

  • Require PIN for hardware tokens  Select this check box if you want all hardware tokens to require a PIN. When this check box is cleared, the hardware tokens do not require a PIN.
  • Require PIN for software tokens  Select this check box if you want all software tokens to require a PIN. When this check box is cleared, the software tokens do not require a PIN.
  • Minimum PIN length  Specify the minimum number of digits each PIN must contain.
  • Maximum PIN length  Specify the maximum number of digits each PIN can contain.

When you require users to enter a PIN set for a selected token, users should enter the PIN followed by the token response to access a resource protected by Defender. For example, if the PIN is 1234 and the response is 5678, users should enter 12345678 when prompted for authentication.

When users need to reset the PIN, they should enter the old and new PINs in the following format: <old PIN><new PIN><new PIN>. For example, if the old PIN is 1234 and the new PIN is 5678, users should enter the following: 123456785678.

Troubleshooting authentication issues

Troubleshooting authentication issues

You can use the Defender Management Portal to troubleshoot authentication issues experienced by users in your Defender environment. You can search for a particular user, see if the user experiences any authentication issues, and resolve the authentication issues found.

To diagnose and resolve authentication issues, the user account with which you sign in to the Defender Management Portal must have an appropriate portal role assigned. For more information, see Portal roles.

To troubleshoot authentication issues

  1. Sign in to the Defender Management Portal.

    For more information, see Opening the portal.

  2. Click the Administer Defender option.
  3. In the left pane, click the Helpdesk tab.
  4. Use the right pane to search for the user for whom you want to troubleshoot authentication issues:
    1. In the Search by user name text box, type the complete user name or its part, and then click the Search button.
    2. If prompted, select the user from the search results.
  5. Use the below-listed tabs to diagnose and resolve authentication issues for the user.

These tabs only appear after you select a user. On these tabs, the values that cause authentication issues are marked in red.

  • User Details tab  Provides a summary for the user account, including user’s full name, sAMAccountName, and last successful authentication date and time.
  • Tokens tab  Provides information about the security tokens (if any) assigned to the user, including token type, token serial number, and whether the token requires a PIN. You can use this tab to manage tokens.
  • Authentication Routes tab  Displays the Defender Security Server, Access Node, and Defender Security Policy that apply to the user as configured in the Defender Administration Console.
  • Authentications tab  Lists the authentication attempts made by the user over a period of time. The columns in the table display the date, reason, Defender Security Server, Access Node, Defender Security Policy, and RADIUS payload related to the authentication attempt
Documentos relacionados