Chat now with support
Chat with Support

Defender 5.8 - Administrator Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Securing PAM-enabled services Defender Management Portal (Web interface) Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Getting started

Features and benefits

Centralized administration and tight integration with Active Directory  Defender is designed to base all administration and identity management on an organization's existing investment in Active Directory. This saves your time and resources, because to deploy and use Defender you can take advantage of the corporate directory already in place. Defender provides an administration and configuration interface called the Defender Administration Console. This console is implemented as an extension to Microsoft’s Active Directory Users and Computers tool known to any Active Directory administrator.
Authentication by means of the RADIUS protocol  Defender allows authentication by means of the RADIUS protocol for environments that include RADIUS users or RADIUS-protected access devices. Defender includes the facility for Vendor Specific Attributes (VSAs) to be specified in the RADIUS payload. For more information on VSAs, refer to the RADIUS RFCs posted on At the time of writing, the RFCs were available at
Secure access to VPN  You can use Defender to authenticate users who connect to your organization’s resources by using a virtual private network (VPN). Only those users who successfully authenticate via Defender are allowed to connect through VPN. For more information about this feature, see “Securing VPN access” in the Defender Administrator Guide.
Secure access to Web sites  With Defender, you can authenticate users who access Web sites hosted on Microsoft Internet Information Services (IIS) in your organization. For more information, see “Securing Web sites” in the Defender Administrator Guide.
Secure Windows-based computers  You can use Defender to authenticate the users of computers running the Windows® operating system. To sign in to a secured computer, the user needs to authenticate via Defender by supplying the correct passcode on the Windows sign-in screen. For more information, see “Securing Windows-based computers” in the Defender Administrator Guide.
Secure access to PAM-enabled services in UNIX  You can use Defender to authenticate the users of popular UNIX services that support Pluggable Authentication Modules (PAMs), such as login, telnet, ftp, and ssh. For more information, see “Securing PAM-enabled services” in the Defender Administrator Guide.
Data encryption  Defender supports AES, DES, and Triple DES encryption standards.
A wide range of supported security tokens  One of the authentication methods supported by Defender is security token. Defender provides native software and hardware security tokens and supports a variety of tokens produced by third-party vendors, such as Google Authenticator™, Authy, GrIDsure, DIGIPASS, VIP credentials, and YubiKey. You can also deploy and use with Defender any hardware tokens that comply with the Initiative for Open Authentication (OATH) standard. For more information, see “Configuring security tokens” in the Defender Administrator Guide.
Role-based management portal  This feature allows you to administer Defender from a Web browser. On the Defender Management Portal, you can manage software and hardware tokens and Defender users in your organization, view authentication reports and Defender logs, troubleshoot Defender authentication issues, and assign specific Defender roles to Active Directory groups of your choice. A portal role defines the Defender Management Portal functionality that is available to the user and the tasks the user can perform through the Defender Management Portal. For more information, see “Defender Management Portal (Web interface)” in the Defender Administrator Guide.
User self-service  You can simplify the administration of your Defender environment by deploying and configuring a self-service Web site called the Defender Self-Service Portal. On this portal, users can request and receive new software tokens, download and activate token software, and register existing hardware tokens without the need to contact a system administrator. The actions and tokens available to the users through the self-service portal are controlled by a number of settings you can configure to suit your needs. For more information, see “Defender Management Portal (Web interface)” in the Defender Administrator Guide.
Delegation  Defender provides a scalable approach to the administration of access rights, enabling you to delegate specific Defender roles, tasks, or functions to the users or groups you want. The Defender administration interface provides a wizard you can use to search for and select one or multiple user accounts, and then choose which Defender roles or tasks you want to delegate to those accounts.
Automation of administrative tasks  Defender Management Shell, built on Microsoft Windows PowerShell® technology, provides a command-line interface that enables the automation of Defender administrative tasks. With the Defender Management Shell, you can perform token-related tasks, for example, assign tokens to users, assign PINs, or check for expired tokens. For more information, see “Automating administrative tasks” in the Defender Administrator Guide.
Integration with Active Roles  Defender Integration Pack for Active Roles supplied in the Defender distribution package allows you to extend the functionality of the Active Roles Web Interface and Active Roles console. For example, with this Integration Pack installed, you can use the Active Roles user interface to perform Defender-related tasks: assign, remove, test, recover, and program security tokens and set Defender IDs and Defender passwords. Also you can enable the automatic deletion of tokens for deprovisioned users and use the Active Roles console to administer Defender objects and delegate Defender roles or tasks to the users you want. For more information, see “Integration with Active Roles” in the Defender Administrator Guide.
Integration with Cloud Access Manager  You can use Defender to authenticate the users of Dell™ One Identity Cloud Access Manager when they access the Cloud Access Manager log in page or Web applications managed by Cloud Access Manager. A customized version of Cloud Access Manager is already included in this Defender distribution package with a fully functional 90-day trial license for using the product with Defender. For more information, see “Integration with Cloud Access Manager” in the Defender Administrator Guide.

What you can do with Defender

Authenticating VPN users

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating