Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

User Details tab

User Details tab

Provides a summary for the user account, including user’s full name, sAMAccountName, and last successful authentication date and time.

If an authentication issue is detected, the corresponding value on this tab is displayed in red. This can occur if, for example, the violation count is incremented or the account is locked or disabled. If you can take an action to resolve the issue, this tab provides a link to perform the action.

Tokens tab

Tokens tab

Provides information about the security tokens (if any) assigned to the user, including token type, token serial number, and whether the token requires a PIN.

To view details for a token, in the Token column, click the token name.

To manage a token, click the Manage link provided next to the token. Depending on the token type, the page that opens may provide some or all of the following tabs:

  • Test  Allows you to run a test operation that checks if the token generates a valid response.
  • PIN  Allows you to assign a new PIN to the token. This is required if the authentication issue is related to an incorrect or forgotten PIN. On the page that opens, type the new PIN in the New PIN and Confirm PIN text boxes.

    If you want the user to change the PIN after the user logs on for the first time, select the User must change PIN at next authentication check box.

    When you are finished, click Set PIN to save the changes.

    To remove the PIN from the token, click Remove PIN.

  • Reset  Causes the token to resynchronize with the Defender Security Server. This is required if the authentication issue is related to a time drift on the token or, for event-based tokens, a number of token responses being used without user authentication taking place.
  • Temporary Response  Allows you to assign a temporary response to the token. You may need to assign a temporary response if the token does not function properly or if the user has lost the token but still needs access to the protected resources.

    Use the Expire temporary response in list to select a validity period for the temporary response.

    You can select the Response can be used multiple times check box, so that the user could use the temporary response multiple times before the response expires.

    Click Assign to assign a temporary response using the specified parameters.

    To remove the temporary response from the token, click Remove.

Authentication Routes tab

Authentication Routes tab

Displays the Defender Security Server, Access Node, and Defender Security Policy that apply to the user as configured in the Defender Administration Console.

If the Status column displays Invalid, it indicates that the user cannot authenticate using that route.

The Comment column provides a short description of the reason for the route being invalid. You can click the link in the Comment column to view suggestions for resolving the issue.

Authentications tab

Authentications tab

Lists the authentication attempts made by the user over a period of time. The columns in the table display the date, reason, Defender Security Server, Access Node, Defender Security Policy, and RADIUS payload related to the authentication attempt.

The Reason column may include, for example, Access Approved for a successful authentication attempt or a failure reason if the authentication attempt was unsuccessful.

For failed authentication attempts, you can click the link in the Reason column to view the failure reason and suggestions to resolve the issue.

Documentos relacionados