立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Integration with Active Roles

The Defender installation package includes the Defender Integration Pack for Active Roles which extends the Active Roles functionality and allows you to perform Defender-related tasks from within the Active Roles console (MMC Interface) and the Active Roles Web Interface. For example, with this Integration Pack installed, you can assign, remove, test, recover, and program tokens, set Defender IDs and Defender passwords. Also you can enable the automatic deletion of tokens for deprovisioned users and use the Active Roles console to administer Defender objects and delegate specific Defender roles or tasks to the users you want.

Active Roles offers a practical approach to automated user provisioning and administration, for maximum security and efficiency. Active Roles provides total control of user provisioning and administration for Active Directory. For more information about Active Roles, please go to https://www.oneidentity.com/products/active-roles/.

NOTE: Always install OS with Native English language option. For any other language, add Language Pack [e.g German, French] to make Defender appear in ARS web console.

Installing Defender Integration Pack for Active Roles

Before installing the Defender Integration Pack for Active Roles, make sure the target system meets the system requirements listed in the Defender Release Notes.

To install the Defender Integration Pack for Active Roles

  1. On the target computer, run the ActiveRolesIntegrationPack.exe file supplied in the Defender installation package.
  2. Step through the Setup Wizard to complete the Integration Pack installation.

    In the Setup Wizard, you can select the following features for installation:

    • Active Roles Web Interface Extension  Install this feature to be able to perform Defender-related tasks from the Active Roles Web Interface. The computer on which you plan to install this feature must have the Active Roles Web Interface installed. For more information about the commands this feature adds to the Active Roles Web Interface, see Commands added to the Active Roles Web Interface.
    • Active Roles Console Extension  Install this feature to be able to perform Defender-related tasks from the Active Roles console (MMC Interface). After installing this feature, you can use the Active Roles console to manage Defender-related objects and perform Defender-related tasks. The steps you should perform in the Active Roles console to manage Defender objects are identical to those you perform in Microsoft’s Active Directory Users and Computers tool.For more information, see Managing Defender objects in Active Directory.
  3. After completing the Setup Wizard, restart the Active Roles Administration Service on the computer on which you have installed the Integration Pack.
  4. On each remote computer running the Active Roles Administration Service in your environment, install the Defender Integration Pack for Active Roles Administration Service.

    To install the Defender Integration Pack for Active Roles Administration Service, run the ActiveRolesAdminServiceIntegrationPack.exe file supplied in the Defender installation package, and then complete the wizard.

Commands added to the Active Roles Web Interface

The Defender Integration Pack for Active Roles adds the Defender category to the Active Roles Web Interface:

 

Click the Defender category to access the commands added by the Defender Integration Pack for Active Roles to the Active Roles Web Interface.

These commands are as follows:

Defender Properties

The Defender Properties command allows you to administer tokens, and view and manage the Defender properties for the selected user.

On Defender Properties page, you can use the User tokens list to view and administer security tokens for the user, view the serial number of each security token assigned to the user, and if the tokens have a PIN configured.

Below the User tokens list, you can use the following elements:

  • Add  Click this button to search for existing token objects in Active Directory and assign them to the user if necessary.
  • Defender ID  Allows you to view or change the Defender ID of the user.
  • Violation count  Displays the number of unsuccessful authentication attempts for the user. To reset violation count for the user, click the Reset Violation Count button, and then click Save.
  • Reset count  Displays how many times the violation count has been reset so far.
  • Last authentication  Displays the time and date of user’s last successful authentication.

In the Type column of the User tokens list, you can click a security token name to administer the token. On the page that opens, you can use the following buttons:

 

Table 36:

Buttons to administer tokens

Button

Description

Set PIN

Click to set a new PIN for the token. On the page that opens, use the New PIN and Confirm PIN text boxes to type the new PIN. If you want the user to change the new PIN on first use, select the Expire PIN check box. When finished, click the Set PIN button.

Clear PIN

Click to remove the current PIN from the token. The PIN is removed right after you click this button.

Temporary Response

Click to generate a temporary response for the token user. A temporary response is required when the user needs to authenticate but does not currently have a token available. On the page that opens use the following options:

  • Expires  Sets a validity period for the temporary response.
  • Allow response to be used multiple times  Allows you to set if the temporary response can be used more that once during the specified validity period. When this check box is cleared, the temporary response can only be used once.
  • Assign  Generates the temporary token response, assigns it to the user’s token, and displays the assigned response in a separate window.
  • Clear  Immediately removes the temporary token response from the user’s token.

Test Token

Click to open a page that allows you to test the token response for the selected token: In the Response text box, enter a token response, and then click Verify.

Reset

Click to re-synchronize the token.

Recover

Click to reset the passphrase for the token.

Unassign

Click to unassign the token from the user.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级