Chat now with support
Chat with Support

Defender 5.8 - Administrator Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Securing PAM-enabled services Defender Management Portal (Web interface) Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Import Wizard reference

Filename  Click Browse to locate and select the file that contains the definitions of the token objects you want to import.
Key  Type or paste the key for the file selected in the Filename option.
Select All  Selects all token objects in the list.
Clear All  Clears currently selected tokens.
Response Only  When selected, causes the token objects to operate in the synchronous (response only) mode.
Challenge Response  When selected, causes the token objects to operate in the asynchronous (challenge-response) mode.
OTP1  When selected, causes the token to generate a first one-time password (OTP1).
OTP2  When selected, causes the token to generate a second one-time password (OTP2).
For example, when you import DIGIPASS 280 token objects and select the OTP1 check box while leaving the OTP2 check box cleared, then the token users should generate one-time passwords by pressing the OTP1 button on their DIGIPASS 280 tokens. In this scenario, pressing the OTP2 button will generate invalid one-time passwords.
The default container is Defender | Tokens.

Managing Defender Security Policies

Creating a Defender Security Policy object

3
Right-click the Policies container, point to New, and then click Defender Policy.

New Object - Defender Policy Wizard reference

Name  Type a name for the Defender Security Policy being created.
Description  Type a description for the Defender Security Policy being created.
Method  Select a primary authentication method for the Defender Security Policy. An authentication method determines the passcode that the user must enter when attempting to authenticate. You can select one of the following authentication methods:
Token  The user must use a token response to authenticate.
Defender password  The user must enter a valid Defender password to authenticate.
Active Directory password  The user must enter a valid Active Directory password to authenticate.
Token with Defender password  The user must enter a token response followed by a valid Defender password to authenticate.
Defender password with token  The user must enter a valid Defender password followed by a token response to authenticate.
Token with Active Directory password  The user must enter a token response followed by a valid Active Directory password to authenticate.
Active Directory password with token  The user must enter a valid Active Directory password followed by a token response to authenticate.
Active Directory password (rollout mode)  The user can authenticate with the Active Directory password until a security token is assigned or registered to the user’s Active Directory account. After a security token has been assigned or registered for the user, the user must submit the token response to authenticate. For more information about this option, please contact Dell Software support.
GrIDsure token (auto-enrollment mode)  The user must authenticate by using a GrIDsure Personal Identification Pattern (PIP). During the first authentication, the user is prompted to configure a GrIDsure PIP to be used for subsequent authentications.
Logon Attempts  Enter the number of times that the user can attempt to log on. If the number of unsuccessful logon attempts exceeds the specified limit, the violation count for the user’s account is incremented.
Use Synchronous tokens as event tokens  Enables the use of the same DIGIPASS GO token response for logon to more that one system without generating a new response, provided that the logon process takes less than 36 seconds which is the validity period for a DIGIPASS GO token response.
Other options in the Method list are identical to those available in the Select an authentication method step of the wizard.
Enable Account Lockout  When this check box is selected, it causes the user’s Defender account to be locked out if the user has exceeded the number of violations (failed logon attempts) specified n the Lockout after n violations option.
If you select the Lockout Windows account after indicated violations check box, this causes the user’s Windows account to be locked out after the specified number of failed logon attempts has been exceeded by the user. This option requires the Windows account lockout option to be enabled in Domain Security Policy or Domain Controller Security Policy.
Locked accounts must be unlocked by an administrator  Specifies that locked accounts can only be unlocked by an administrator. Use the Lockout duration option to set the lockout duration in minutes. The lockout duration period is counted from the moment of most recent logon attempt. That is, if the user attempts to logon while the account is still locked, the lockout duration is recalculated from the moment of that last attempt. If you set the Lockout duration value to 0, the locked user accounts can only be unlocked by an administrator.
Automatically reset account after successful login  Resets the count of unsuccessful logon attempts to 0 after the user successfully logs on.
Enable Defender Password Expiry  When this check box is selected, it causes the Defender password to expire after the number of days specified in the Expire after option.
Enable PIN Expiry  When this check box is selected, it causes the token PIN to expire after the number of days specified in the Expire after option. This check box is only available if the token selected for authentication has a PIN.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating