Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Details tab

This tab displays information about the token. The information provided depends on the token type.

For a hardware token, this tab can display the following settings and their values:

  • Token Type  Displays the type of token.
  • Usage Count  Displays the number of times this token has been used for successful authentication.
  • Last Token Time Used  Displays the most recent successful authentication.
  • Last Token Time Shift  Displays the time difference between the token clock and the Defender Security Server clock.
  • Current Error Count  Not applicable.
  • Binary Codeword  Not applicable.
  • Triple DES flag  Indicates whether Triple DES is enabled or disabled for this token
  • Challenge/Data fields nbr  Not applicable.
  • Response Length  Displays the number of digits included in a token response.
  • Output Type  Displays the type of output (decimal or hexadecimal).
  • Checksum Requested Flag  Not applicable.
  • Time step used if any  Displays the time interval at which new responses are generated by the token.
  • For a software token, this tab can display the following:
  • Token Type  Displays the type of token.
  • Encryption Type  Displays the type of encryption used by the token (such as AES, DES or Triple DES)
  • Response Length  Displays the number of digits included in a token response.
  • Response Type  Displays the type of response used by the token (response only or challenge-response).
  • Response Format  Displays the format of response (decimal or hexadecimal).
  • Platform  Displays the platform on which the token can be used.
  • Activation Key  Displays the key required to activate the token. The key is no longer displayed after token activation.
  • Status  Indicates whether this token has been activated.

Assigned Users

This tab provides a list of users to whom the token is assigned. You can use this tab to assign or remove the token from users.

  • Assign  Allows you to assign the token to one or more users.
  • Unassign  Removes the token from the users or groups selected in the Assigned Users list.

Import Wizard reference

The table below provides information about the Import Wizard steps and options.

 

Table 8:

Import Wizard reference

Wizard step

Your action

File and Key

Browse for and select the file that contains the definitions of the token objects you want to import, and then specify the key for the file.

You can use the following options:

  • Filename  Click Browse to locate and select the file that contains the definitions of the token objects you want to import.
  • Key  Type or paste the key for the file selected in the Filename option.

Available Tokens

In the list, select the token objects you want to import into Active Directory.

You can use the following buttons:

  • Select All  Selects all token objects in the list.
  • Clear All  Clears currently selected tokens.

You can hold down CTRL and click in the list to select token objects.

If the token objects in the list support both synchronous and asynchronous modes, the following check boxes are available:

  • Response Only  When selected, causes the token objects to operate in the synchronous (response only) mode.
  • Challenge Response  When selected, causes the token objects to operate in the asynchronous (challenge-response) mode.

If the token objects in the list support both OTP1 and OTP2 applications, the following check boxes are available:

  • OTP1  When selected, causes the token to generate a first one-time password (OTP1).
  • OTP2  When selected, causes the token to generate a second one-time password (OTP2).

If you select only one of these check boxes, make sure to instruct the token users which button they should press on their hardware tokens for generating one-time passwords.

For example, when you import DIGIPASS 280 token objects and select the OTP1 check box while leaving the OTP2 check box cleared, then the token users should generate one-time passwords by pressing the OTP1 button on their DIGIPASS 280 tokens. In this scenario, pressing the OTP2 button will generate invalid one-time passwords.

Storage Location

Specify the Active Directory container in which you want to store the token objects being imported. Click the Select button to browse for and select the container.

The default container is Defender | Tokens.

If you change the default container, ensure that the Defender Security Server service account and the Defender administrator account have sufficient permissions on the new container you specify.

Import Progress

View the progress of the hardware token import.

Managing Defender Security Policies

You can use the Defender Administration Console to create and configure Defender Security Policies. A Defender Security Policy can be assigned to a user, group of users, Access Node, or Defender Security Server.

If a different Defender Security Policy is applied to each of the above elements, the policy assigned to the user takes the highest priority, followed by the policy assigned to the group, then the policy assigned to the Access Node and finally, the policy assigned to the Defender Security Server. Security Policies cannot be aggregated.

Logon attempts made by the user are rejected if the user belongs to two groups with conflicting security policies and both groups are assigned to the Access Node through which the user connects to the Defender Security Server.

If no Defender Security Policy has been assigned, the default Defender Security Policy is applied. For more information, see Default Defender Security Policy.

When you have defined the Defender Security Policy, you can use its property pages to:

  • Change the Defender Security Policy configuration.
  • Change user account lockout information.
  • Configure password and PIN expiration policies.
  • Specify permitted logon hours.
  • Configure settings for SMS tokens.
  • Configure settings for e-mail tokens.
  • Configure settings for GrIDsure tokens.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating