立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Portal roles

A portal role defines the actions available to the role holder in the Defender Management Portal. You can assign the following portal roles to users:

  • Administrator
  • Helpdesk
  • Read-Only Helpdesk
  • Reports

The next table provides information about the actions that a particular role allows its holder to perform in the Defender Management Portal. For instructions on how to assign portal roles to users, see Configuring the portal.

 

Table 16:

Defender Management Portal roles

Action

Administrator

Helpdesk

Read-Only Helpdesk

Reports

View authentication statistics on the Dashboard

Yes

Yes

Yes

No

Configure Defender Management Portal

Yes

No

No

No

View Defender Security Server logs and warnings

Yes

Yes

Yes

No

View token requests from users

Yes

No

No

No

Configure self-service for users

Yes

No

No

No

Use Helpdesk to diagnose authentication issues

Yes

Yes

Yes

No

Use Helpdesk to resolve authentication issues

Yes

Yes

No

No

Manage users

Yes

No

No

No

Manage security tokens

Yes

No

No

No

View Defender reports

Yes

No

No

Yes

Enabling automatic sign-in

By default, the Defender Management Portal is configured to use form-based authentication. As a result, the users need to supply their credentials to sign in to the portal. However, you can enable automatic sign-in for the portal users who are already logged on to the Active Directory domain where the Defender Management Portal is installed.

To enable the automatic sign-in, use IIS Manager to disable anonymous authentication in the Defender Management Portal Web site settings.

To enable automatic sign-in to the portal

  1. On the Defender Management Portal computer, open IIS Manager.
  2. In the left pane, expand the appropriate nodes to select the Defender Web Interface site.
  3. In the right pane, under IIS, double-click Authentication.
  4. Right-click the Anonymous Authentication option to select Disabled.

With anonymous authentication disabled, when users access the Defender Management Portal, they are automatically signed in with their Windows credentials. When an administrator accesses the Defender Management Portal, the user name and domain name are entered on the sign-in page automatically — only the password is required.

Configuring self-service for users

The Defender Management Portal provides a self-service Web site to users. This site is called the Defender Self-Service Portal. On the Defender Self-Service Portal, users can register their hardware tokens and request, download, and activate software tokens without the need to contact system administrator.

When you sign in to the Defender Management Portal as a portal administrator, you can configure all of the Defender Self-Service Portal settings. For example, you can set up a list of users who are allowed to request software tokens and register hardware tokens via the Defender Self-Service Portal, choose the tokens that users can request or register, select a method for verifying users who request or register tokens, select a method for delivering token activation information to the users, and more.

To configure self-service

  1. Sign in to the Defender Management Portal as a portal administrator.

    For more information, see Opening the portal.

  2. Click the Administer Defender option.
  3. In the left pane, click the Self-Service Settings tab.
  4. In the right pane, use the following tabs to configure the self-service settings:
    • General tab  Allows you to set up a list of Active Directory groups whose members are allowed to request software tokens and register hardware tokens via the Defender Self-Service Portal. You can also use this tab to configure settings for storing token objects in Active Directory and view the URLs at which users can self-register their hardware tokens.
    • Software Tokens tab  Allows you to configure settings for verifying the identity of users who request software tokens via the Defender Self-Service Portal. Only users who successfully confirm their identity can receive the requested token. Also you can configure settings for e-mailing software token activation information to the users.
    • Hardware Tokens tab  Allows you to configure settings related to hardware tokens users register on the Defender Self-Service Portal.
    • E-mail Settings tab  Allows you to configure settings for sending e-mail messages to the Defender Self-Service Portal users.
    • PIN Settings tab  Allows you to configure PIN settings for the tokens requested or registered via the Defender Self-Service Portal.

General tab

Use the Permissions area to set up a list of Active Directory groups whose members are allowed to request software tokens and register hardware tokens on the Defender Self-Service Portal. For each group added to the list, you can select the security tokens the members of that group can request or register.

In the Permissions area, you can use the following elements:

  • Add Group  Allows you to add an Active Directory group to the list.
  • Remove Group  Removes the Active Directory groups selected in the list. After a group is removed from the list, its members can no longer request or register any security tokens on the Defender Self-Service Portal.
  • Edit permissions  Allows you to select the security tokens that the members of the corresponding Active Directory group can request or register via the Defender Self-Service Portal. This link is only available for the groups added to the list.

Use the Token storage in Active Directory area to configure settings for storing token objects in Active Directory.

In the Token storage in Active Directory area, you can use the following elements:

  • Create token objects in  Specify the Active Directory container in which you want the Defender Self-Service Portal to create token objects for the security tokens requested or registered by users.
  • The default Active Directory container for storing token objects is Tokens. If you specify a different container, make sure the Defender Management Portal service account has sufficient rights on that container.
  • Requested token overwrites existing token  Causes the security token requested or registered via self-service to overwrite the security token of the same type already assigned to the user.

Use the URLs for users area to view the self-service URLs at which users can request software tokens and register hardware tokens. You can provide the URLs listed on this page to the users as necessary.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级