Chat now with support
Chat con el soporte

Defender 5.9.3 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Uninstalling Defender Integration Pack for Active Roles

Uninstalling Defender Integration Pack for Active Roles

To uninstall the Defender Integration Pack for Active Roles

  1. Open the list of installed programs (appwiz.cpl).
  2. In the list, click to select the ActiveRolesIntegrationPack.exe entry.
  3. At the top of the list, click the Uninstall button and step through the wizard that starts.

    NOTE: Optionally click Change at the top of the list. In the Change, Repair, or Remove Installation step, click the Remove button.
  1. Complete the wizard.

To uninstall the Defender Integration Pack for Active Roles Administration Service

  1. Open the list of installed programs (appwiz.cpl).
  2. In the list, click to select the ActiveRolesAdminServiceIntegrationPack.exe entry.
  3. At the top of the list, click the Uninstall button and step through the wizard that starts.

    NOTE: Optionally click Change at the top of the list. In the Change, Repair, or Remove Installation step, click the Remove button.
  1. Complete the wizard.

Integration with Cloud Access Manager

You can use Defender to authenticate the users of One Identity Cloud Access Manager.

Cloud Access Manager is designed to provide a single authentication hub to the users of internal or external Web applications. By logging in to Cloud Access Manager, the user creates a session spanning multiple Web applications hosted locally or by software-as-a-service (SaaS) vendors, so there’s no need for the user to sign in to each of those applications individually. For more information about Cloud Access Manager, please go to https://www.oneidentity.com/products/cloud-access-manager/.

A customized version of Cloud Access Manager is available for download at https://support.oneidentity.com/defender/download-new-releases to use with Defender. This package is a fully functional 90-day trial license for using the product with Defender. After the trial license expires, you can only use Defender to authenticate the users of the Outlook Web App (OWA) managed by Cloud Access Manager.

NOTE: Cloud Access Manager replaces Webthority that was previously shipped with Defender. No direct upgrade from Webthority to Cloud Access Manager is supported.

To install Cloud Access Manager for Defender, go to https://support.oneidentity.com/defender/download-new-releases. Download Cloud Access manager for Defender Setup.iso. Mount the image file, and install the application (.exe) file.

When the installation completes, do the following:

  • In Cloud Access Manager, add a new Microsoft Active Directory front-end authenticator.
  • In the authenticator settings, configure two-factor authentication.

    When configuring two-factor authentication, use the RADIUS connection settings area to enter the name or IP address, RADIUS communication port, and shared secret of the Defender Security Server deployed in your environment.

    For detailed information on how to configure a front-end authenticator, see the video provided on the Support portal available at https://support.oneidentity.com/cloud-access-manager/.

    For more information on configuring and using Cloud Access Manager, please refer to the product documentation available at https://support.oneidentity.com/cloud-access-manager/.

You can configure the front-end authenticator to require two-factor authentication either for all or specific Web applications managed by Cloud Access Manager.

 

In this scenario, when the user enters the user name and password on the Cloud Access Manager log in page, Cloud Access Manager makes a program call to the Defender Security Server. The user is then prompted to authenticate on the log in page by entering additional credentials according to the settings defined in Defender. For instance, Defender may require a one-time password generated by a software or hardware security token assigned to the user.

 

In this scenario, the user is prompted to authenticate using two-factor authentication only when accessing specific Web applications from within Cloud Access Manager. You can enable or disable two-factor authentication by using Web application settings in Cloud Access Manager as needed.

Appendices

Appendix A: Enabling diagnostic logging

Appendix A: Enabling diagnostic logging

To gather additional information on various Defender components, you can enable diagnostic logging for each component.

To enable the logging for some Defender components, you need to edit the Registry.

Caution: The following sections instruct you to modify the Registry. Note that incorrectly modifying the Registry may severely damage the system. Therefore, you should make the changes carefully. It is highly advisable to create a backup of the Registry before making changes to Registry data.
Documentos relacionados