Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Mail Configuration setting

Mail Configuration setting

You can use this setting to configure options for sending token activation codes to users via e-mail. With this setting configured, an option to send token activation codes by e-mail becomes available in the Defender Token Programming Wizard.

To enable this setting, select the Enabled option, and then specify the following:

  • SMTP Server  Type the IP address or DNS name of the SMTP server you want to use for sending e-mail messages containing token activation codes.
  • SMTP Server Port  Specify the communication port used by the SMTP server.
  • Address from which to send mails  Type the e-mail address you want to appear in the From field of the e-mail messages containing token activation codes.
  • CC address to which mails are sent  Type the e-mail address to which you want to send copies of the e-mail messages containing token activation codes.
  • Send message as plain text  Select this check box if you want to send the e-mail messages containing token activation codes in a plain text format. Note, that plain text messages do not contain QR codes or links for token activation. If you want to include QR codes and links for token activation in a message, clear this check box. When this check box is cleared, the e-mail messages are sent in an HTML format.
  • Text to include at the bottom of activation code mails  Type the text you want to include in each e-mail message containing token activation codes.

With the Mail Configuration setting enabled and configured, you can use the Defender Token Programming Wizard to send an e-mail containing token activation codes to the user:

 

Select the Send via e-mail check box, and then use the Send To text box to type the recipient’s e-mail address.

ADSI Configuration setting

ADSI Configuration setting

This setting provides a configurable performance enhancement for large installations by ensuring that for read and write operations Defender always uses the domain controller to which the Active Directory Users and Computer (ADUC) tool is connected.

When this setting is enabled and the Allow serverless bind check box is cleared, Defender reads and writes data in Active Directory by using the domain controller to which ADUC is connected.

When this setting is enabled and the Allow serverless bind check box is selected, Defender relies on the Active Directory Service Interfaces Editor (ADSI Edit) tool to select a domain controller through which to read and write data in Active Directory. This is also the default Defender behavior when this setting is not enabled.

Integration with Active Roles

The Defender installation package includes the Defender Integration Pack for Active Roles which extends the Active Roles functionality and allows you to perform Defender-related tasks from within the Active Roles console (MMC Interface) and the Active Roles Web Interface. For example, with this Integration Pack installed, you can assign, remove, test, recover, and program tokens, set Defender IDs and Defender passwords. Also you can enable the automatic deletion of tokens for deprovisioned users and use the Active Roles console to administer Defender objects and delegate specific Defender roles or tasks to the users you want.

Active Roles offers a practical approach to automated user provisioning and administration, for maximum security and efficiency. Active Roles provides total control of user provisioning and administration for Active Directory. For more information about Active Roles, please go to https://www.oneidentity.com/products/active-roles/.

Installing Defender Integration Pack for Active Roles

Installing Defender Integration Pack for Active Roles

Before installing the Defender Integration Pack for Active Roles, make sure the target system meets the system requirements listed in the Defender Release Notes.

To install the Defender Integration Pack for Active Roles

  1. On the target computer, run the ActiveRolesIntegrationPack.exe file supplied in the Defender installation package.
  2. Step through the Setup Wizard to complete the Integration Pack installation.

    In the Setup Wizard, you can select the following features for installation:

    • Active Roles Web Interface Extension  Install this feature to be able to perform Defender-related tasks from the Active Roles Web Interface. The computer on which you plan to install this feature must have the Active Roles Web Interface installed. For more information about the commands this feature adds to the Active Roles Web Interface, see Commands added to the Active Roles Web Interface.
    • Active Roles Console Extension  Install this feature to be able to perform Defender-related tasks from the Active Roles console (MMC Interface). After installing this feature, you can use the Active Roles console to manage Defender-related objects and perform Defender-related tasks. The steps you should perform in the Active Roles console to manage Defender objects are identical to those you perform in Microsoft’s Active Directory Users and Computers tool. For more information, see Managing Defender objects in Active Directory.
  3. After completing the Setup Wizard, restart the Active Roles Administration Service on the computer on which you have installed the Integration Pack.
  4. On each remote computer running the Active Roles Administration Service in your environment, install the Defender Integration Pack for Active Roles Administration Service.

    To install the Defender Integration Pack for Active Roles Administration Service, run the ActiveRolesAdminServiceIntegrationPack.exe file supplied in the Defender installation package, and then complete the wizard.

Documentos relacionados