Chat now with support
Chat with Support

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Resetting passphrase for a user

You can reset the passphrase for a user. For example, you can do so if the user has forgotten the passphrase and the passprhase has been locked. In order you could reset the passphrase, the user must provide to you the challenge code generated by the token.

To reset the passphrase for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node to select the container that contains the user.
  3. In the right pane, double-click the user object.
  4. In the dialog box that opens, click the Defender tab.
  5. In the Tokens area, select the token, and then click the Recover button.
  6. In the dialog box that opens, use the Challenge text box to type the challenge code provided to you by the user, and then click the Get Response button.
  7. Copy the passphrase unlock code displayed in the Response box and provide the code to the user.

Managing Defender Security Policy for a user

To manage Defender Security Policy for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node to select the container that contains the user for whom you want to manage Defender Security Policy (typically, this is the Users container).
  3. In the right pane, double-click the user object.
  4. In the dialog box that opens, click the Policy tab. This tab allows you to view the current or assign a new Defender Security Policy to the user. The tab has the following elements:
    • Assigned Policy  Shows the Defender Security Policy that is currently assigned to the user. When there is no Defender Security Policy assigned to the user, this option displays <undefined>.
    • Select  Allows you to select an existing Defender Security Policy to assign to the user.
    • Clear  Unassigns the current Defender Security Policy from the user.
    • Effective  Click this button to view the Defender Security Policy settings that will apply to the user for a particular Defender Security Server/Access Node combination. The window that opens looks similar to the following:

 

 

The DSS list shows the Defender Security Server that is currently selected for the user. If necessary, select any other Defender Security Server.

The DAN list shows the Access Node of which the user is a member. If necessary, select any other Access Node.

The User option displays the current user.

The Effective Policy area displays the Defender Security Policy details and authentication settings that will be effective when the user authenticates via Defender.

Managing RADIUS payload for a user

To manage RADIUS payload for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate domain node to select the container that contains the user for whom you want to manage RADIUS payload (typically, this is the Users container).
  3. In the right pane, double-click the user.
  4. In the dialog box that opens, click the RADIUS Payload tab. This tab allows you to view the current or assign a new RADIUS payload to the user. The tab has the following elements:
    • Assigned Payload  Shows the RADIUS payload that is currently assigned to the user. When there is no RADIUS payload assigned to the user, this option displays <undefined>.
    • Select  Allows you to select a RADIUS payload to assign to the user.
    • Clear  Unassigns the current RADIUS payload from the user.
    • Inherit payload entries from parent. Include these with entries explicitly defined here.  When selected, causes the user to inherit the RADIUS payload from the Access Node of which the user is a member.
    • Effective  Click this button to view the RADIUS payload that will apply to the user for a particular Defender Security Server/Access Node combination. The windows that opens looks similar to the following:
    • Effective  Click this button to view the RADIUS payload that will apply to the user for a particular Defender Security Server/Access Node combination. The windows that opens looks similar to the following:

 

The DSS list shows the Defender Security Server that is currently selected for the user. If necessary, select any other Defender Security Server.

The DAN list shows the Access Node that is currently selected for the user. If necessary, select any other Access Node.

The User option displays the current user.

The Effective Payload area displays the details of the RADIUS payload that will be effective when the selected user authenticates via Defender.

Managing security token objects

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating