Assign the access node to the security server
You must assign an access node to a Defender security server in order for machines assigned to that access node to know where to send one-time passwords for authentication.
To assign the access node to the security server
- Open Active Directory Users and Computers.
- Under the Defender node, open Access Nodes.
- Double-click the access node that you created previously.
- On the Access Node tab, click Assign.
- Select your Defender security server from the list and click OK.
- Click OK to save your changes to the access node.
Select the security policy for the access node
An access node needs security parameters to follow as one-time password services are extended to the machines assigned to the access node. Use this step to assign a previously created security policy to your access node.
To select the security policy for the access node
- Open Active Directory Users and Computers.
- Under the Defender node, open Access Nodes.
- Double-click the access node that you created previously.
- On the Policy tab, click Select.
- Select your security policy from the list and click OK.
- Click OK to save your changes to the access node.
Add members to the access node
This step is optional. If you only want to use Defender one-time passwords with specific users, then add members to the access nodes. You can add users individually or groups as members of an access node. If you add no member to the access node, all users will be required to use one-time passwords, including local Unix users such as root.
To add members to the access node
- Open Active Directory Users and Computers.
- Under the Defender node, open Access Nodes.
- Double-click the access node that you created previously.
- On the Members tab, click Add.
-
Find the users and groups that you want to add as members and click OK.
Note: Defender does not support implicit group membership.
- Click OK or Apply to save your changes to the access node.
Adding one-time password tokens
Defender supports many different types of hardware and software tokens. Before you can use one-time passwords to access your Unix and Linux machines, you must add your tokens to Active Directory so they can be assigned to users.
To add one-time password tokens
- Open Active Directory Users and Computers.
-
Under the Defender node
- open Import Tokens for hardware tokens.
- OR -
- open Program Tokens for software tokens.
Note: Refer to the Defender documentation for specific instructions on adding your tokens.