Tokens tab
Provides information about the security tokens (if any) assigned to the user, including token type, token serial number, and whether the token requires a PIN.
To view details for a token, in the Token column, click the token name.
To manage a token, click the Manage link provided next to the token. Depending on the token type, the page that opens may provide some or all of the following tabs:
- Test Allows you to run a test operation that checks if the token generates a valid response.
- PIN Allows you to assign a new PIN to the token. This is required if the authentication issue is related to an incorrect or forgotten PIN. On the page that opens, type the new PIN in the New PIN and Confirm PIN text boxes.
If you want the user to change the PIN after the user logs on for the first time, select the User must change PIN at next authentication check box.
When you are finished, click Set PIN to save the changes.
To remove the PIN from the token, click Remove PIN.
- Reset Causes the token to resynchronize with the Defender Security Server. This is required if the authentication issue is related to a time drift on the token or, for event-based tokens, a number of token responses being used without user authentication taking place.
- Temporary Response Allows you to assign a temporary response to the token. You may need to assign a temporary response if the token does not function properly or if the user has lost the token but still needs access to the protected resources.
Use the Expire temporary response in list to select a validity period for the temporary response.
You can select the Response can be used multiple times check box, so that the user could use the temporary response multiple times before the response expires.
Click Assign to assign a temporary response using the specified parameters.
To remove the temporary response from the token, click Remove.
Authentication Routes tab
Displays the Defender Security Server, Access Node, and Defender Security Policy that apply to the user as configured in the Defender Administration Console.
If the Status column displays Invalid, it indicates that the user cannot authenticate using that route.
The Comment column provides a short description of the reason for the route being invalid. You can click the link in the Comment column to view suggestions for resolving the issue.
Authentications tab
Lists the authentication attempts made by the user over a period of time. The columns in the table display the date, reason, Defender Security Server, Access Node, Defender Security Policy, and RADIUS payload related to the authentication attempt.
The Reason column may include, for example, Access Approved for a successful authentication attempt or a failure reason if the authentication attempt was unsuccessful.
For failed authentication attempts, you can click the link in the Reason column to view the failure reason and suggestions to resolve the issue.
Managing users
You can use the Defender Management Portal to manage users in your Defender environment. You can search for and select a particular user, and then do the following:
- View user’s authentication details
- Manage security tokens for the user
- Manage Defender password for the user
- Manage PIN for the tokens assigned to the user
To manage users, the account with which you sign in to the Defender Management Portal must have the administrator role assigned. For more information, see Portal roles.
To manage a user
- Sign in to the Defender Management Portal.
For more information, see Opening the portal.
- Click the Administer Defender option.
- In the left pane, click the Management tab.
- In the right pane, click the Users tab.
- Search for and select the user you want to manage:
- In the Search by user name text box, type the complete user name or its part.
- Click the Search button and wait for your search to complete.
- If prompted, select the user from the search results.
- Use the following areas to manage the user:
- Tokens assigned to <user name> Provides a list of security tokens assigned to the user. You can use this area to view information about the assigned tokens, program new software tokens, assign existing token objects to the user, remove tokens from the user, and set a Defender password for the user. For more information about elements you can use in this area, see the table below this procedure.
- Authentication details Use this area to view information about the user account, such as the time of last authentication, violation count, and violation reset count. If necessary, you can reset the violation count for the user. You can also enable, view, and change user’s Defender ID. The user can authenticate to Defender by using the enabled Defender ID.
Table 17:
Tokens assigned to <user name> area
|
Program Token |
Allows you to program a new software token for the user. |
|
Assign Token |
Allows you to select and assign an existing token object to the user. |
|
Set Defender Password |
Allows you to configure a new Defender password for the user. |
|
Unassign |
Removes the tokens selected in the list from the user. Note that this does not delete the corresponding token objects from Active Directory. |
|
Manage |
Allows you to manage the corresponding token. Depending on the token type, the page that opens may provide some or all of the following tabs:
- Test Allows you to run a test operation that checks if the token generates a valid response.
- PIN Allows you to assign a new PIN to the token. This is required if the authentication issue is related to an incorrect or forgotten PIN. On the page that opens, type the new PIN in the New PIN and Confirm PIN text boxes.
If you want the user to change the PIN after the user logs on for the first time, select the User must change PIN at next authentication check box.
When you are finished, click Set PIN to save the changes.
To remove the PIN from the token, click Remove PIN.
- Reset Causes the token to resynchronize with the Defender Security Server. This is required if the authentication issue is related to a time drift on the token or, for event-based tokens, a number of token responses being used without user authentication taking place.
- Temporary Response Allows you to assign a temporary response to the token. You may need to assign a temporary response if the token does not function properly or if the user has lost the token but still needs access to the protected resources.
Use the Expire temporary response in list to select a validity period for the temporary response.
You can select the Response can be used multiple times check box, so that the user could use the temporary response multiple times.
Click Assign to assign a temporary response using the specified parameters.
To remove the temporary response from the token, click Remove. |
|
<token name> |
Click the token name in the Token column to view token details. The page that opens provides such information as token type, encryption used by the token, response length and response type, token activation key, and current status of the token. |
