Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Creating a Security Policy and assigning it to the user

Follow the below steps to create a security policy and assign it to the user:

  1. Login to the Admin OneLogin Portal.

  2. Go to Security | Policies.

  3. Create New Users Policy and under the MFA tab, check the OTP Auth Required and OneLogin SMS option.

  4. To assign the policy that you created, go to the list of users under Users tab.

  5. Select the user whom you want to authenticate using OneLogin SMS.

    1. Under User section, add the mobile number for the user where the SMS will be sent by the service provider.

  6. Go to the Authentication tab and update the policy under the User Security Policy option.

Verify the Security Factor from the OneLogin

Follow the below steps to create and activate a OneLogin token:

  1. Login to OneLogin portal with credentials whom you want to authenticate using OneLogin SMS.

  2. Add the Security Factor and select the OneLogin SMS security factor. Confirm the SMS sent to the Mobile number added by administrator.

Configuring e-mail token

Enabling the e-mail token allows users in your organization to receive e-mail messages containing one-time passwords. To enable the e-mail token, use the properties of a Defender Security Policy. After enabling the e-mail token, make sure you assign the Defender Security Policy to the users you want. For more information, see Managing Defender Security Policies.

NOTE: To use Email Token, make sure that registry "useoneloginsmsprovider" is set to "0", if it exists.

To enable and configure the e-mail token

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
  3. In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
  4. Below the Tokens list, click the Program button.
  5. In the Select Token Type step, click to select the Software token option. Click Next.
  6. In the Select Software Token step, click to select the E-mail token option.
  7. Complete the wizard to configure the e-mail token for the user.

    For more information about the wizard steps and options, see Defender Token Programming Wizard reference

Configuring VIP credentials

You can configure Defender to use Symantec Validation & ID Protection (VIP) credentials for two-factor authentication of users within your organization. VIP credentials are security tokens allowing you to generate one-time passwords. VIP credentials can be implemented as security cards, hardware tokens, and software tokens for mobile phones and Windows-based computers.

When working with VIP credentials, Defender acts as a proxy server, redirecting authentication requests to the Symantec VIP Service, a cloud-based authentication solution.

 

 

Upon receiving an authentication request from a user who has a VIP credential assigned, Defender redirects the request to the Symantec VIP Service via HTTPS. The Symantec VIP Service validates the authentication request—for that, the user’s VIP credential must be properly registered with the Symantec VIP Service—and provides a response to Defender. If the user has been successfully authenticated by the Symantec VIP Service, Defender allows that user to access the protected resource.

To configure Defender for working with VIP credentials, you need to install a VIP certificate issued by Symantec, configure the correct URL to the Symantec VIP Service, and program VIP credentials for users in your organization.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating