You can use the properties of a user object in Active Directory to perform Defender-related tasks. For example, you can manage and view information about tokens assigned to the user and Security Policies and RADIUS payloads that apply to the user.
You can use the properties of a user object in Active Directory to perform Defender-related tasks. For example, you can manage and view information about tokens assigned to the user and Security Policies and RADIUS payloads that apply to the user.
To manage tokens for a user
Button |
Description |
Program |
Click to program a token for the user. |
Recover |
Click to recover the token selected in the list or reset the token’s passphrase. You may need to reset a token when it has reached its preset use limit or been invalidated because the user exceeded the preset number of bad PIN attempts. |
Test |
Allows you to verify that the token is programmed correctly and valid for the user. After you click this button, use the Response text box to type the one-time password displayed on the token. If a PIN is enabled for the token, you can also test the PIN by entering it in the PIN (Optional) text box. Click Verify to run the test on the token. If you use the Test button to test a token response, that token response cannot then be used for user authentication. |
Helpdesk |
Allows you to resynchronize the token selected in the list with the Defender Security Server or assign a temporary password to the token user. After you click the Helpdesk button, a dialog box opens. This dialog box provides the following options:
|
Unassign |
Removes the token selected in the list from the user. You can also use this option to delete the corresponding token object from Active Directory. To remove the token from the user and keep the token object in Active Directory, in the confirmation message that appears after you click this button, click No. In this case, the token object does not get deleted from Active Directory and can be reassigned. To remove the token from the user and delete the token object from Active Directory, in the confirmation message, click Yes. |
Add |
Allows you to search for and assign a token to the user. After you click this button, a new dialog box opens. In that dialog box, you can use the following elements:
Click OK to start your search. When the search completes, in the Select Defender Tokens dialog box, double-click the token you want to assign, and then click OK to assign the token to the user. The assigned token appears on the Defender tab in the Tokens list. |
Set PIN |
Allows you to set a new PIN for the token selected in the list. After you click the Set PIN button, a dialog box opens. This dialog box provides the following options:
When you require users to enter a PIN set for a selected token, users should enter the PIN followed by the token response to access a resource protected by Defender. For example, if the PIN is 1234 and the response is 5678, users should enter 12345678 when prompted for authentication. When users need to reset the PIN, they should enter the old and new PINs in the following format: <old PIN><new PIN><new PIN>. For example, if the old PIN is 1234 and the new PIN is 5678, users should enter the following: 123456785678. |
Password |
Allows you to specify the Defender password that the user must enter during the authentication process. The password is only required if Defender password is selected as the primary or secondary authentication method in the Defender Security Policy that applies to the user. After you click the Password button, a new dialog box opens. In the dialog box, use the Password and Confirm text boxes to type the new Defender password you want to assign. If you want the password to expire, select the Expire check box. |
Element |
Description |
Defender ID |
Use this text box to type the Defender ID you want the Defender Security Server to use to identify the user. You only need to specify a Defender ID for a user if the Access Node of which the user is a member has been configured to identify users by Defender ID. |
Violation Count |
Displays the number of violations accumulated by this user. The violation count is incremented each time the user exceeds the specified number of failed logon attempts. |
Reset Count |
Displays the number of times the user account has been reset following an account lockout. |
Last Logon |
Displays the time and date of the last successful logon. |
Reset |
Resets the violation count to zero and increments the reset count. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center