Chat now with support
Chat with Support

Defender 6.4 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Defender Security Server

A Defender Security Server object represents a computer on which the Defender Security Server component is installed. Therefore, when creating or configuring a Defender Security Policy object, make sure you specify the correct IP address of the corresponding computer in the object properties.

To create a Defender Security Server object

  1. On the computer where the Defender Administration Console is installed, start the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane, expand the node representing the domain where you installed Defender.
  3. Expand the Defender container, right-click the Security Servers container, and then select New | Defender Security Server.

For detailed instructions on how to create and configure a Defender Security Server object, see “Managing Security Server objects” in the Defender Administration Guide.

Access Node

An Access Node object defines an IP address or a range of IP addresses from which the Defender Security Server accepts authentication requests. If Access Node is misconfigured, authentication requests may not reach the Defender Security Server and the user cannot get access to the required resources.

To create an Access Node object

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane, expand the node representing the domain where you installed Defender.
  3. Expand the Defender container, right-click the Access Nodes container, and then from the shortcut menu select New | Defender Access Node.

After creating an Access Node object, use its properties to assign the Access Node to a Defender Security Server, specify Access Node members (users or groups that will be authenticating through the Access Node), and assign a Defender Security Policy object to the Access Node.

For detailed instructions on how to create and configure an Access Node object, see “Managing Access Nodes” in the Defender Administration Guide.

Step 4: Program and assign security tokens to users

To assign a security token to a user

  1. On the computer on which the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane, expand the node representing the domain where you installed Defender, and then click to select the Users container.
  3. In the right pane, double-click the user for whom you want to program and assign a security token.
  4. In the dialog box that opens, on the Defender tab, do one of the following:
    • To assign a software token, click the Program button, and then complete the wizard. If necessary, install the token software on the user’s computer and activate the token by entering the activation code.
    • To assign a hardware token, click the Add button, and then follow the on-screen instructions.

Before assigning a hardware token to a user, you may need to import the corresponding hardware token object into Active Directory. For more information about importing and assigning hardware token objects, see “Managing security token objects” in the Defender Administration Guide.

Defender Setup Wizard reference

Table 1:

Defender Setup Wizard reference

Wizard step

Options

Software Transaction Agreement

Select the I accept these terms check box to accept the terms in the Software Transaction Agreement.

Select Features

Select the features you want to install.

Make sure you install the following required features:

  • Active Directory Preparation Installs Active Directory schema extensions, creates and configures control access rights, and creates organizational units required by Defender.
  • Defender Security Server Installs a server that performs two-factor authentication of users in your organization. Consider adding a second Defender Security Server to ensure that user authentication continues to work in case the primary Defender Security Server becomes unavailable.

    After installing the Defender Security Server, you need to configure it. For details, see Step 2: Configure Defender Security Server.

  • Defender Administration Console  Adds Defender menus and commands into Microsoft’s Active Directory Users and Computers tool.

You can also install the following optional features:

  • Defender Management Portal Installs a Web-based portal that allows administrators to manage and deploy tokens, view Defender logs in real time, troubleshoot authentication issues, and view a number of reports providing information about Defender configuration, users, authentication statistics, audit trail, and security tokens

    The portal also includes a self-service Web site for users called the Defender Self-Service Portal. Where possible, to guard against external password-based attacks, we recommend you to place the Defender Self-Service Portal on the internal network with no access from the Internet.

  • Defender Management Shell  Installs a command-line interface that enables the automation of Defender administrative tasks. With the Defender Management Shell, administrators can use Windows PowerShell scripts to perform token-related tasks such as assign tokens to users, assign PINs, or check for expired tokens.

Upgrade Installed Features

If this step appears, it indicates that there are previous versions of Defender features installed on the computer on which you are using the Defender Setup Wizard.

By default, only the features that are currently installed are selected for upgrade in this step. If necessary, you can select to install other features.

For the descriptions of the Defender features you can select in this step, see the Select Features step description earlier in this table.

Connect to Active Directory

Use the following options to specify parameters for connecting to Active Directory:

  • AD domain or domain controller name  Type the fully qualified domain name of the domain or domain controller in the domain where you want to install Defender.

    Defender Setup will use the specified domain to extend Active Directory schema with Defender classes and attributes and create organizational units (OUs) required by Defender.

  • Connect using  Specify the user account under which you want the Defender Setup to make changes in Active Directory.

Prepare Active Directory

Make sure that all check boxes provided in this step are selected.

Specify Port

This step only shows up if you have selected to install the Defender Management Portal (Web interface).

Specify a communication port to be used by the Defender Management Portal. The default port is 8080.

Assign Administrator Role

This step only shows up if you have selected to install the Defender Management Portal (Web interface).

In this step, you can assign the Defender Management Portal Administrator role to an Active Directory group. As a result, members of that group will have full administrative access to the Defender Management Portal. Note that members of the Domain Admins group always have the Administrator role assigned by default.

To select the group to which you want to assign the Administrator role, click the Change button.

If you specify an Active Directory group other than Domain Admins, ensure you delegate sufficient permissions to that group. You can delegate permissions by using the Defender Delegated Administration Wizard. For more information, see “Delegating Defender roles, tasks, or functions” in the Defender Administration Guide.

Completed the Setup Wizard

You can select the Start Defender Security Server Configuration tool check box to start the configuration tool after you complete the Defender Setup Wizard.

For instructions on how to configure the Defender Security Server, see Step 2: Configure Defender Security Server.

Installer prerequisite warning

This step only shows up if you have selected to install the Defender Management Portal (Web interface).

In this step, you can choose Microsoft SQL Express server or Microsoft SQL Compact server as the database for Defender Management Portal (Web interface). Click cancel and install SQL Express manually from autorun prerequisites before installing defender web component or click ok to continue with default SQL Compact installation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating