Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference Active Directory Schema Table 6: Custom Active Directory Search criteria - Users Field Name Usage Digipass Assignment Link Conditions: Present, Not Present. Values: N/A. If this attribute is present, a Digipass is assigned to the User; if not present, no Digipass is assigned. Digipass Back-End Authentication Conditions: Less than or equal to, Greater than or equal to, Is (Exactly), Is Not, Not Present. Values: 0 (Default), 1 (None), 2 (If Needed), 3 (Always). Note that Users with 'Default' for this setting may either have 0 for this attribute or may not have the attribute present. Digipass Local Authentication Conditions: Less than or equal to, Greater than or equal to, Is (Exactly), Is Not, Not Present. Values: 0 (Default), 1 (None), 2 (Digipass/Password), 3 (Digipass Only). Note that Users with 'Default' for this setting may either have 0 for this attribute or may not have the attribute present. Digipass User Account Create Time Conditions: Less than or equal to, Greater than or equal to, Is (Exactly), Is Not, Present, Not Present. Values: Number of seconds since 1 st Jan 1970 00:00:00 that the Digipass User account was created. If this attribute is present, the User has a Digipass User account; if not present, the User does not. Digipass User Account Disabled Conditions: Is (Exactly), Is Not, Not Present. Values: 0 (No), 1 (Yes). If this attribute is not present, the account is not disabled*. Digipass User Account Lock Count Conditions: Less than or equal to, Greater than or equal to, Is (Exactly), Is Not, Not Present. Values: current count of failed logins since last successful login. If this attribute is not present, it is treated as 0. Digipass User Account Locked Conditions: Is (Exactly), Is Not, Not Present. Values: 0 (No), 1 (Yes). If this attribute is not present, the account is not locked*. Digipass User Account Modify Time Conditions: Less than or equal to, Greater than or equal to, Is (Exactly), Is Not, Present, Not Present. Values: Number of seconds since 1 st Jan 1970 00:00:00 that the Digipass User account was last modified. Digipass User Account Password This field does not have practical value as a search field, but is listed by Active Directory anyway. Digipass User Attributes This field is not currently used. Digipass User to User Link Conditions: Present, Not Present. Values: N/A. If this attribute is present, The Digipass User account is linked to another Digipass User account; if not present, there is no link. * If you specify Is Not 1, the results will include Users who do not have the attribute set, in addition to those who have the attribute set to 0. Example A search for Digipass User accounts where the Local Authentication setting has a value other than Default would use the following criteria: Digipass Local Authentication Greater than or equal to 1 © 2006 VASCO Data Security Inc. 24
Digipass Plug-In for SBR Administrator Reference Active Directory Schema 2.4 Active Directory Replication Issues Active Directory replication is not instantaneous. Intra-site replication is usually quite fast, especially under Windows Server 2003, but changes on one Domain Controller may still take several minutes to be replicated to other Domain Controllers. Inter-site replication may be quite slow – an hour or more between replications is common. Replication occurs when more than one Domain Controller exists in a domain. 2.4.1 Old Data Used After Attribute Modified The time period between replications becomes a problem where information is changed on one Domain Controller (for example, a Digipass User's Server PIN is reset), but old information is used on another Domain Controller before the changed information has been replicated to it. There are a few scenarios where this may occur. These are listed below: 2.4.1.1 Single SBR Plug-In using more than one Domain Controller A single SBR Plug-In may make a change to a record, have to switch to another Domain Controller, and read the same record – where the change has not yet been applied. Example A User logs in with an OTP, and the SBR Plug-In connects to DC-01 to retrieve and update the Digipass data. The connection to the DC-01 fails soon after login, before replication has occurred. The User needs to log in again, and the SBR Plug-In connects to DC-02 this time. The User can log in using the same OTP as the last login – the login should fail (OTP replay) but instead succeeds, because DC-02 does not yet know that the OTP has been previously used. Time DC-01 DC-02 8:32 Replication occurs 8:34 User logs in with OTP 10457920. The SBR Plug-In records the use of the OTP in the Digipass record. 8:35 Connection to DC-01 is broken, and the SBR Plug-In switches to DC-02. 8:35 User retries login using same OTP 10457920. The login succeeds where it should have failed (OTP replay). The SBR Plug-In records the use of the OTP in the Digipass record. 8:37 Replication occurs Digipass record changes are replicated between DC-01 and DC-02. The example timeline above shows the sequence of events. © 2006 VASCO Data Security Inc. 25
Page 1 and 2: Modify these field values (right-cl
Page 3 and 4: Digipass Plug-In for SBR Administra
Page 23: Digipass Plug-In for SBR Administra
Page 75 and 76:
Digipass Plug-In for SBR Administra
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185:
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?