Integration with Active Roles
The Defender installation package includes the Defender Integration Pack for Active Roles which extends the Active Roles functionality and allows you to perform Defender-related tasks from within the Active Roles console (MMC Interface) and the Active Roles Web Interface. For example, with this Integration Pack installed, you can assign, remove, test, recover, and program tokens, set Defender IDs and Defender passwords. Also you can enable the automatic deletion of tokens for deprovisioned users and use the Active Roles console to administer Defender objects and delegate specific Defender roles or tasks to the users you want.
Active Roles offers a practical approach to automated user provisioning and administration, for maximum security and efficiency. Active Roles provides total control of user provisioning and administration for Active Directory. For more information about Active Roles, please go to https://www.oneidentity.com/products/active-roles/.
NOTE: Always install OS with Native English language option. For any other language, add Language Pack [e.g German, French] to make Defender appear in ARS web console.
Installing Defender Integration Pack for Active Roles
Before installing the Defender Integration Pack for Active Roles, make sure the target system meets the system requirements listed in the Defender Release Notes.
To install the Defender Integration Pack for Active Roles
- On the target computer, run the ActiveRolesIntegrationPack.exe file supplied in the Defender installation package.
- Step through the Setup Wizard to complete the Integration Pack installation.
In the Setup Wizard, you can select the following features for installation:
- Active Roles Web Interface Extension Install this feature to be able to perform Defender-related tasks from the Active Roles Web Interface. The computer on which you plan to install this feature must have the Active Roles Web Interface installed. For more information about the commands this feature adds to the Active Roles Web Interface, see Commands added to the Active Roles Web Interface.
- Active Roles Console Extension Install this feature to be able to perform Defender-related tasks from the Active Roles console (MMC Interface). After installing this feature, you can use the Active Roles console to manage Defender-related objects and perform Defender-related tasks. The steps you should perform in the Active Roles console to manage Defender objects are identical to those you perform in Microsoft’s Active Directory Users and Computers tool.For more information, see Managing Defender objects in Active Directory.
- After completing the Setup Wizard, restart the Active Roles Administration Service on the computer on which you have installed the Integration Pack.
- On each remote computer running the Active Roles Administration Service in your environment, install the Defender Integration Pack for Active Roles Administration Service.
To install the Defender Integration Pack for Active Roles Administration Service, run the ActiveRolesAdminServiceIntegrationPack.exe file supplied in the Defender installation package, and then complete the wizard.
Commands added to the Active Roles Web Interface
The Defender Integration Pack for Active Roles adds the Defender category to the Active Roles Web Interface:
Click the Defender category to access the commands added by the Defender Integration Pack for Active Roles to the Active Roles Web Interface.
These commands are as follows:
Defender Properties
The Defender Properties command allows you to administer tokens, and view and manage the Defender properties for the selected user.
On Defender Properties page, you can use the User tokens list to view and administer security tokens for the user, view the serial number of each security token assigned to the user, and if the tokens have a PIN configured.
Below the User tokens list, you can use the following elements:
- Add Click this button to search for existing token objects in Active Directory and assign them to the user if necessary.
- Defender ID Allows you to view or change the Defender ID of the user.
- Violation count Displays the number of unsuccessful authentication attempts for the user. To reset violation count for the user, click the Reset Violation Count button, and then click Save.
- Reset count Displays how many times the violation count has been reset so far.
- Last authentication Displays the time and date of user’s last successful authentication.
In the Type column of the User tokens list, you can click a security token name to administer the token. On the page that opens, you can use the following buttons:
Table 36:
Buttons to administer tokens
Set PIN |
Click to set a new PIN for the token. On the page that opens, use the New PIN and Confirm PIN text boxes to type the new PIN. If you want the user to change the new PIN on first use, select the Expire PIN check box. When finished, click the Set PIN button. |
Clear PIN |
Click to remove the current PIN from the token. The PIN is removed right after you click this button. |
Temporary Response |
Click to generate a temporary response for the token user. A temporary response is required when the user needs to authenticate but does not currently have a token available. On the page that opens use the following options:
- Expires Sets a validity period for the temporary response.
- Allow response to be used multiple times Allows you to set if the temporary response can be used more that once during the specified validity period. When this check box is cleared, the temporary response can only be used once.
- Assign Generates the temporary token response, assigns it to the user’s token, and displays the assigned response in a separate window.
- Clear Immediately removes the temporary token response from the user’s token.
|
Test Token |
Click to open a page that allows you to test the token response for the selected token: In the Response text box, enter a token response, and then click Verify. |
Reset |
Click to re-synchronize the token. |
Recover |
Click to reset the passphrase for the token. |
Unassign |
Click to unassign the token from the user. |