You can allow users to authenticate via Defender by using one-time passwords generated with the Authy app. For more information about Authy, please visit http://www.authy.com.
To enable Authy for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
- In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
- Below the Tokens list, click the Program button.
- In the Select Token Type step, click to select the Software token option. Click Next.
- In the Select Software Token step, click to select the Authy token option.
- Complete the wizard to enable Authy for the user.
For more information about the wizard steps and options, see Defender Token Programming Wizard reference.
You can allow users to authenticate via Defender by using one-time passwords generated with Google Authenticator.
To enable Google Authenticator for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
- In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
- Below the Tokens list, click the Program button.
- In the Select Token Type step, click to select the Software token option. Click Next.
- In the Select Software Token step, click to select the Google Authenticator option.
- Complete the wizard to enable Google Authenticator for the user.
For more information about the wizard steps and options, see Defender Token Programming Wizard reference.
Defender 6.5.1 supports the options to use multiple mobile providers for SMS authentication via OneLogin portal in addition to existing 2SMS service provider.
Following is the list of supported mobile providers that can be configured in Onelogin portal for SMS authentication.
-
Twilio
-
Moobicast
-
Hutchison
-
Msg91
-
Telesign
-
Textlocal
NOTE: The default option for SMS token authentication will be assigned to the Defender Mobile Provider. However, it is possible to switch to the OneLogin Mobile Provider by adjusting registry settings.
Administrators can modify the option to utilize the OneLogin Mobile Provider by manually inserting the following registry entry:
To use OneLogin Mobile Providers, the user needs to manually create the following registry value at:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PassGo
Technologies\Defender\DSS Active Directory Edition
Value type: REG_DWORD
Value name: useoneloginsmsprovider
Value data: XX - The value can be either 0 or 1. Any other value beyond this range is invalid and will set the default Defender Mobile Provider Authentication on. Set 1 to use OneLogin Mobile Providers and 0 to Defender mobile Provider. In case if theregistry key for the useoneloginsmsprovider is not found (not added), then the default Defender Mobile Provider on is set.
NOTE: In case, SMS token are assigned with Push type Token [Onelogin protect, Defender Soft Token] Then Admin can change the priority to use SMS Token by Disabling the Push Notification token in registry. To Disable Push Notification, Refer this section: Defender push notifications can be disabled.
NOTE: The authentication method defined in Defender policies can have token or token related method (e.g. token with Active Directory) in One Authentication Factor only while using authentication token from Onelogin Portal.
SMS token allows users in your organization to receive SMS messages containing one-time passwords on their SMS-capable devices. Before configuring and assigning the SMS token, you need to enable the use of the SMS token in the Defender Security Policy properties. After enabling the SMS token, make sure you assign the Defender Security Policy to the users you want. For more information, see Managing Defender Security Policies.
Ensure you provide the following information to each SMS token user:
- User ID
- Initial PIN (if the SMS token is configured to use a PIN)
To configure the SMS token for a user
- On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
- In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
- In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
- Below the Tokens list, click the Program button.
- In the Select Token Type step, click to select the Software token option. Click Next.
- In the Select Software Token step, click to select the SMS token option.
- Complete the wizard to configure the SMS token for the user.
For more information about the wizard steps and options, see Defender Token Programming Wizard reference