立即与支持人员聊天
与支持团队交流

Defender 6.6 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Enabling the use of Authy

You can allow users to authenticate via Defender by using one-time passwords generated with the Authy app. For more information about Authy, please visit http://www.authy.com.

To enable Authy for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
  3. In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
  4. Below the Tokens list, click the Program button.
  5. In the Select Token Type step, click to select the Software token option. Click Next.
  6. In the Select Software Token step, click to select the Authy token option.
  7. Complete the wizard to enable Authy for the user.

    For more information about the wizard steps and options, see Defender Token Programming Wizard reference.

Enabling the use of Google Authenticator

You can allow users to authenticate via Defender by using one-time passwords generated with Google Authenticator.

To enable Google Authenticator for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
  3. In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
  4. Below the Tokens list, click the Program button.
  5. In the Select Token Type step, click to select the Software token option. Click Next.
  6. In the Select Software Token step, click to select the Google Authenticator option.
  7. Complete the wizard to enable Google Authenticator for the user.

    For more information about the wizard steps and options, see Defender Token Programming Wizard reference.

Managing SMS Token

Defender 6.5.1 supports the options to use multiple mobile providers for SMS authentication via OneLogin portal in addition to existing 2SMS service provider.

Following is the list of supported mobile providers that can be configured in Onelogin portal for SMS authentication.

  • Twilio

  • Moobicast

  • Hutchison

  • Msg91

  • Telesign

  • Textlocal

NOTE: The default option for SMS token authentication will be assigned to the Defender Mobile Provider. However, it is possible to switch to the OneLogin Mobile Provider by adjusting registry settings.

Administrators can modify the option to utilize the OneLogin Mobile Provider by manually inserting the following registry entry:

To use OneLogin Mobile Providers, the user needs to manually create the following registry value at:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\PassGo

Technologies\Defender\DSS Active Directory Edition

Value type: REG_DWORD

Value name: useoneloginsmsprovider

Value data: XX - The value can be either 0 or 1. Any other value beyond this range is invalid and will set the default Defender Mobile Provider Authentication on. Set 1 to use OneLogin Mobile Providers and 0 to Defender mobile Provider. In case if theregistry key for the useoneloginsmsprovider is not found (not added), then the default Defender Mobile Provider on is set.

NOTE: In case, SMS token are assigned with Push type Token [Onelogin protect, Defender Soft Token] Then Admin can change the priority to use SMS Token by Disabling the Push Notification token in registry. To Disable Push Notification, Refer this section: Defender push notifications can be disabled.

NOTE: The authentication method defined in Defender policies can have token or token related method (e.g. token with Active Directory) in One Authentication Factor only while using authentication token from Onelogin Portal.

Configuring SMS Token using 2SMS Mobile Provider via Defender

SMS token allows users in your organization to receive SMS messages containing one-time passwords on their SMS-capable devices. Before configuring and assigning the SMS token, you need to enable the use of the SMS token in the Defender Security Policy properties. After enabling the SMS token, make sure you assign the Defender Security Policy to the users you want. For more information, see Managing Defender Security Policies.

Ensure you provide the following information to each SMS token user:

  • User ID
  • Initial PIN (if the SMS token is configured to use a PIN)

To configure the SMS token for a user

  1. On the computer where the Defender Administration Console is installed, open the Active Directory Users and Computers tool (dsa.msc).
  2. In the left pane (console tree), expand the appropriate nodes to select the container where the user object is located.
  3. In the right pane, double-click the user object, and then click the Defender tab in the dialog box that opens.
  4. Below the Tokens list, click the Program button.
  5. In the Select Token Type step, click to select the Software token option. Click Next.
  6. In the Select Software Token step, click to select the SMS token option.
  7. Complete the wizard to configure the SMS token for the user.

    For more information about the wizard steps and options, see Defender Token Programming Wizard reference

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级