Chat now with support
Chat with Support

Defender 5.8 - Administrator Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Securing PAM-enabled services Defender Management Portal (Web interface) Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Integration with Cloud Access Manager Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Enabling automatic sign-in

4
Right-click the Anonymous Authentication option to select Disabled.

Configuring self-service for users

2
Click the Administer Defender option.
3
In the left pane, click the Self-Service Settings tab.
General tab  Allows you to set up a list of Active Directory groups whose members are allowed to request software tokens and register hardware tokens via the Defender Self-Service Portal. You can also use this tab to configure settings for storing token objects in Active Directory and view the URLs at which users can self-register their hardware tokens.
Software Tokens tab  Allows you to configure settings for verifying the identity of users who request software tokens via the Defender Self-Service Portal. Only users who successfully confirm their identity can receive the requested token. Also you can configure settings for e-mailing software token activation information to the users.
Hardware Tokens tab  Allows you to configure settings related to hardware tokens users register on the Defender Self-Service Portal.
E-mail Settings tab  Allows you to configure settings for sending e-mail messages to the Defender Self-Service Portal users.
PIN Settings tab  Allows you to configure PIN settings for the tokens requested or registered via the Defender Self-Service Portal.

General tab

Use the Permissions area to set up a list of Active Directory groups whose members are allowed to request software tokens and register hardware tokens on the Defender Self-Service Portal. For each group added to the list, you can select the security tokens the members of that group can request or register.
In the Permissions area, you can use the following elements:
Add Group  Allows you to add an Active Directory group to the list.
Remove Group  Removes the Active Directory groups selected in the list. After a group is removed from the list, its members can no longer request or register any security tokens on the Defender Self-Service Portal.
Edit permissions  Allows you to select the security tokens that the members of the corresponding Active Directory group can request or register via the Defender Self-Service Portal. This link is only available for the groups added to the list.
Use the Token storage in Active Directory area to configure settings for storing token objects in Active Directory.
In the Token storage in Active Directory area, you can use the following elements:
Create token objects in  Specify the Active Directory container in which you want the Defender Self-Service Portal to create token objects for the security tokens requested or registered by users.
Requested token overwrites existing token  Causes the security token requested or registered via self-service to overwrite the security token of the same type already assigned to the user.
Use the URLs for users area to view the self-service URLs at which users can request software tokens and register hardware tokens. You can provide the URLs listed on this page to the users as necessary.

Software Tokens tab

In the User verification settings area, from the Deliver verification code to users via list, you can select a method for verifying the identity of users who request software tokens on the Defender Self-Service Portal.
E-mail  When this method is selected, after requesting a software token, the user receives an e-mail message containing a verification link (URL) and code. To verify their identity and receive the token, the user must either click the link in the message or manually enter the provided verification code on the Defender Self-Service Portal.
The E-mail message subject text box allows you to view and modify the default subject of the e-mail messages containing the verification link and code.
The Verification code remains valid for (minutes) text box allows you to view and change the default period during which the verification link and code remain valid.
Automated phone call or SMS (TeleSign)  When this method is selected, after requesting a software token, the user receives a verification code via an automated phone call or SMS message. To verify their identity and receive the token, the user must manually enter the provided verification code on the Defender Self-Service Portal.
From the Use selected verification method list, select how the user will receive the verification code. You can select to provide the verification code via an automated phone call, SMS message, or let the user choose one of these delivery methods.
To make an automated phone call or send SMS, Defender can use telephone numbers specified for the user in the following Active Directory attributes: telephoneNumber, homePhone, mobile, pager, and ipPhone. The user will be prompted to select one of these telephone numbers on the Defender Self-Service Portal.
Disable user verification  When this method is selected, users do not have to verify their identity in order to receive the software token requested on the Defender Self-Service Portal.
In the Token activation information delivery area, configure e-mail settings to send activation information for software tokens requested via the Defender Self-Service Portal.
Users can specify delivery e-mail address  When this check box is selected, the users who request software tokens via self-service are prompted to specify a preferred e-mail address at which they want to receive the token activation information. When this check box is cleared, the users receive the token activation information at the e-mail address specified for them in Active Directory.
E-mail message subject  Allows you to view and edit the subject of e-mail messages containing activation information.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating