立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Enabling the use of Microsoft Authenticator

You can allow users to authenticate via Defender by using one-time passwords generated with Microsoft Authenticator.

To enable Microsoft Authenticator for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
  3. In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
  4. Below the Tokens list, click the Program button.
  5. In the Select Token Type step, click to select the Software token option. Click Next.
  6. In the Select Software Token step, click to select the Microsoft Authenticator option.
  7. Complete the wizard to enable Microsoft Authenticator for the user.
  8. For more information about the wizard steps and options, see Defender Token Programming Wizard reference.

Enabling use of OneLogin Authenticator

You can get an activation code either from your system administrator or through a dedicated self-service Web site if it exists in your organization. The self-service Web site is called the Defender Self-Service Portal and it allows you to download and install software tokens, obtain activation code for software tokens, and register hardware tokens.

To enable OneLogin Authenticator for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
  3. In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
  4. Below the Tokens list, click the Program button.
  5. In the Select Token Type step, click to select the Software token option.
  6. Click Next.
  7. In the Select Software Token step, click to select the OneLogin Authenticator option.
  8. Complete the wizard to enable OneLogin Authenticator for the user.
  9. For more information about the wizard steps and options, see Defender Token Programming Wizard reference.

Enabling use of OneLogin Authenticator for PUSH Notifications

Defender 6.5.1 supports PUSH Notifications authentication using OneLogin protect app in addition to existing Defender Soft Token PUSH notifications.

It is configurable as following.

  1. The method for OneLogin token will remain same through ADUC or management Portal.

  2. User receives activation code only from OneLogin dedicated self-service Portal and allows them to register OneLogin token with OneLogin Protect app.

NOTE:

  • It can be used for authentication in clients named Defender Desktop Login, ISAPI, EAP.
  • It can be programmed through ADUC and the Management portal.
  • PUSH notification to OneLogin Protect will have precedence if both OneLogin token and Defender Soft token are enabled in registry and assigned to User.
  • There is no separate registry entry needed to configure push notifications time out value entry or to disable push notifications value entry. Single registry configuration for Timeout and Disable will work for both push tokens [OneLogin and Defender Soft Token]
  • In case, user has already existing OneLogin token assigned then only second step of activation through OneLogin portal is required.

Configuring OneLogin Portal

You can use OneLogin Protect/OneLogin SMS to authenticate and get access to resources protected with Defender. To start using OneLogin Protect/OneLogin SMS, you need to download and install it. Lastly, activate it by importing an activation code from OneLogin portal.

 

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级