Chat now with support
Chat with Support

Defender 5.8 - Administrator Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Securing PAM-enabled services Defender Management Portal (Web interface) Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Configuring YubiKey

Yubico OTP mode

c
On the menu bar, select Defender | YubiCloud Client Configuration.
e
Click the Test button, and follow the on-screen instructions to ensure the supplied client ID and API key are valid. If the test completes successfully, click OK to save the client ID and API key.
b
In the left pane, click the Self-Service Settings tab.
c
In the right pane, on the General tab, use the Permissions area to add Active Directory groups and enable their members to register their YubiKey tokens via the Defender Self-Service Portal.

OATH-HOTP mode

A  YubiKey serial number.
B  Normally, this column is blank. It may contain YubiKey ID.
C  Moving factor seed value.
D  160-bit secret.
E  Configuration password. Contains zeros if configuration password is not set.
F  Configuration time stamp.
A  YubiKey serial number
B  Moving factor seed value
C  160-bit secret

Defender Token Programming Wizard reference

Software token  Allows you to program and assign a software token, such as Defender Soft Token, e-mail token, GrIDsure token, or SMS token.
Hardware token  Allows you to program and assign a hardware token, such as DIGIPASS or YubiKey. This option does not support hardware VIP credentials.
Symantec VIP credential  Allows you to program and assign a software or hardware VIP credential. This option becomes available after you enable the use of VIP credentials. For details, see Enabling the use of VIP credentials.
Select the Expire token activation code after check box if you want to set a validity time period (in days) for the code with which the user must activate the software token. Then, specify the number of days during which you want the token activation code to remain valid.
Leave the Expire token activation code after text box cleared if you do not want to limit the validity time period of the token activation code.
Expire token activation code after  Select this check box if you want to set a validity time period (in days) for the code with which the user must activate the software token. Then, specify the number of days during which you want the token activation code to remain valid. The token activation code is generated when you complete this wizard.
Alert user about failed passphrase attempts  Select this check box to notify the user when the user has entered an incorrect passphrase when unlocking the token. Optionally, you can select the Lock token passphrase after check box to lock the passphrase after the user has expended the specified number of attempts to unlock the token.
Token requires a passphrase  Select this check box to enforce the user to configure a passphrase for using with the token. When this check box is cleared, no passphrase is required. If you select this check box, you can optionally select the Passphrase must be strong check box, which requires the user to configure a passphrase that is at least six characters long, includes uppercase and lowercase characters, and numbers or special characters.
Time based (TOTP)  One-time password remains valid for a particular amount of time. Then, Google Authenticator automatically generates a new one-time password.
Counter based (HOTP)  One-time password remains valid until the user manually generates a new one-time password in Google Authenticator.
One file for all users  Saves token activation codes for all users to a single file.
Individual file for each user  Saves token activation code for each user to an individual file.
File Location  Specify path to the folder in which you want to create files containing token activation codes.
File Name  Specify name for the file in which you want to store token activation codes. If a file with such name does not exist, it will be created.
Append activation codes to existing file  If you select this option and the file with the specified name already exists in the specified location, the wizard appends the activation codes to the file without overwriting its contents. If you leave this check box cleared, the existing file’s contents will be overwritten with the new token activation codes.
Overwrite existing tokens  Creates new GrIDsure token objects which overwrite the existing GrIDsure token objects assigned to the users. As a result, the users will have to configure their GrIDsure Personal Identification Pattern (PIP) the next time they access a protected resource.
Keep using existing tokens  Does not create new GrIDsure token objects for the users who already have GrIDsure tokens assigned.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating