Chat now with support
Chat with Support

Defender 6.2 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Defender Desktop Login Configuration tool reference

You can configure a number of settings for Defender Desktop Login. For more information on how to access these settings, see Configuring Defender Desktop Login by using a configuration tool and Configuring Defender Desktop Login by using Group Policy.

 

Table 14:

Configuration settings for Defender Desktop Login

Tab

Description

DSS

Set up a list of the Defender Security Servers you want Defender Desktop Login to use; specify the shared secret that has been configured on the Access Node to be used for authentication requests.

You can use the following elements:

  • Add  Adds a new Defender Security Server entry to the list. In the dialog box that opens, type the server IP address or DNS name and communication port.
  • Edit  Allows you to edit the selected list entry.
  • Remove  Removes the selected list entry.
  • Up  Moves the selected list entry up.
  • Down  Moves the selected list entry down.
  • If Defender Desktop Login is configured by using Group Policy, this tab also provides the Group Policy Settings (read only) list that shows the Defender Security Servers used by Defender Desktop Login.

Logon Settings

Configure which users or groups are required to authenticate via Defender.

You can use the following elements:

  • Require domain users to log on using Defender. Specifies that all domain users who log on to a computer that has Defender Desktop Login installed must authenticate via Defender.
  • Allow specified users to bypass Defender authentication. Specifies that users in groups added to the Groups list do not have to authenticate via Defender when logging on to computers that have Defender Desktop Login installed.
  • Require specified users to log on using Defender. Specifies that users in groups added to the Groups list must authenticate via Defender when logging on to computers that have Defender Desktop Login installed.

If you want local users always to be able to log on to a computer that has Defender Desktop Login installed without authenticating via Defender, select the Always allow local users to bypass Defender authentication check box.

If Defender Desktop Login is configured by using Group Policy, you can click the Group Policy (read-only) tab to view a list of groups whose users must or do not have to authenticate via Defender Desktop Login.

Offline

Configure how to handle users’ logon attempts when all the Defender Security Servers installed in your environment are unavailable.

  • Logins without the Defender Security Server are disabled  Users cannot log on if all the Defender Security Servers are unavailable.
  • Users may login for a set number of days after the previous login against the Defender Security Server  Users can only log on for a specified number of days from the moment when all Defender Security Servers become unavailable.
  • Users have a set number of logins after the previous login against the Defender Security Server  Users can only log on a specified number of times from the moment when all the Defender Security Servers become unavailable
  • Notify user when offline data is downloaded  When this check box is selected, each time an offline logon occurs, the user is provided with information about the remaining number of offline logons or the remaining number of days when the offline logon will be available.

Options

Configure additional settings for Defender Desktop Login. You can use the following options:

  • Remember user's passwords  With this option selected users Active Directory (AD) passwords will be remembered and the user will not need to enter this during the logon process. Only Defender authentication is required. (The user will be prompted for the AD password on first use).
  • Automatically change user's password as required  Causes Defender to automatically change user’s password when it expires.
  • Time to wait for workstation service to be ready (seconds)  
  • Credential Provider Filter  Provides a filter that allows you to display only specific credentials providers.

Test Authentication

Allows you to test the Defender Desktop Login settings you have configured. Type the user name and passcode in the appropriate text boxes, use the Log on to list to select the domain to which you want to log on, and then click Test.

Defender Management Portal (Web interface)

Defender provides a Web interface that is called the Defender Management Portal. The portal implements role-based security, so that portal administrators can control who can do what on the portal.

Depending on the assigned portal role, portal users can configure Defender authentication settings, view authentication information and statistics, troubleshoot authentication issues, and view Defender reports. The Defender Management Portal also provides a configurable self-service where users can download and activate software tokens and register their hardware tokens without the need to contact a Defender administrator.

Installing the portal

To install the Defender Management Portal

  1. In the Defender distribution package, open the Setup folder, and then run the Defender.exe file.
  2. Complete the Defender Setup Wizard. When stepping through the wizard, make sure to select the Defender Management Portal feature for installation.

    For more information about the wizard steps and options, see Defender Setup Wizard reference.

    After installing the Defender Management Portal, you need to prepare it for first use by specifying a service account. For more information, see Specifying a service account for the portal.

To install the Defender Management Portal from the command line, use the following installation switches

 

Table 15: Defender Management Console Installation Switches

Switch

Description

/ADDLOCAL=Web

Installs Defender Web Interface component only

/SCHEMAINSTALL =0

Do not install the Defender Schema extensions.

/SCHEMAINSTALL =1

Install the Defender Schema extensions.

/CARINSTALL =0

Do not install Defender Control Access Rights.

/CARINSTALL =1

Install Defender Control Access Rights.

/OUINSTALL =0 Do not create the Defender organizational unit.
/OUINSTALL =1 Create the Defender organizational unit.
/PORTNUM=XXXX (Default 8080) Set Port Number for Management Portal Web Interface
/ADMINGROUP=xxxx Set Administrative Group
NOTE: This list doesn't include standard windows installer options (you can get them by running "msiexec.exe /?")

Opening the portal

We strongly recommend using HTTPS to access the Defender Management Portal. The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer encrypted information between computers over the World Wide Web. For instructions on how to configure SSL in order to support HTTPS connections from client applications, see the article “Configuring Secure Sockets Layer in IIS 7” at http://technet.microsoft.com/en-us/library/cc771438%28WS.10%29.aspx.

To open the Defender Management Portal

  1. In your Web browser, go to the following address:

    http(s)://<portal computer>:<port>

    where

    • <portal computer>  is the fully qualified domain name of the computer on which the Defender Management Portal is installed.
    • <port>  is the port number at which the Defender Management Portal can be accessed. You specify this port when installing the Defender Management Portal. The default port is 8080.
  2. On the Defender Management Portal sign-in page, enter your user name, password, and domain, and then click Sign in.

    The Defender Management Portal home page opens.

The options available to you on the Defender Management Portal home page depend on the portal role assigned to the user account with which you sign in to the portal. For more information, see Portal roles.

When you sign in to the Defender Management Portal as a portal administrator, the home page provides all available options and looks as follows:

 

 

  • Administer Defender  Allows you to manage the Defender Management Portal configuration, configure self-service for users, manage users and security tokens, diagnose and resolve authentication issues, view authentication statistics, and view information about the Defender Security Servers deployed in your environment.
  • Defender reports  Allows you to schedule, generate, and view Defender reports.
  • Register a hardware token  Starts a wizard that guides you through registering the hardware token given to you by your system administrator.
  • Request a software token  Starts a wizard that helps you to request, download, and activate a software token.

To return to the Defender Management Portal home page from any other page of the portal, in the upper right corner of your current portal page, click the Home button.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating