Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference Set Up Active Directory Permissions 5.4 Multiple Domains When using the SBR Plug-In with multiple domains, extra steps must be followed to ensure that both the SBR Plug-In and administrators have permissions sufficient to access required data. The main issues are: The Digipass Configuration Container is only in one Domain. All SBR Plug-Ins need read access to this container, even when they are in a different Domain. Cross-Domain access for administrators is a less likely requirement however. If a SBR Plug-In handles users and Digipass in more than one Domain, they need to be granted the necessary permissions in all the necessary Domains. In this manual, we will handle cross-Domain permissions using a combination of Domain Local and Domain Global groups. It is possible in a 'native' mode Domain to use Universal groups, but these are not recommended in Windows 2000 due to replication issues. The replication efficiency has been improved in Windows Server 2003, however Universal groups are still not used as commonly as Domain Local/Global groups. Three possible scenarios for multiple domain setup are outlined below: 5.4.1 Scenario 1 – Each SBR Plug-In Handles One Domain Each SBR Plug-In handles only the domain in which it is a member. Install the SBR Plug-In in each domain (the result will be at least as many SBR Plug-Ins as domains). Give each SBR Plug-In access to the Digipass Configuration Domain: Domain Global Group(s) For each domain (apart from the Digipass Configuration Domain) - 1. Create a Domain Global group 2. Add the SBR Plug-In(s) to the Domain Global group (check which machines are in the 'RAS and IAS Servers' group to ensure the correct additions) Domain Local group In the Digipass Configuration Domain - 3. Create or use an existing Domain Local group. 4. Give the Domain Local group full read access to the Digipass Configuration Container. 5. Add the Domain Global Group from each other domain to the Domain Local group. © 2006 VASCO Data Security Inc. 66
Digipass Plug-In for SBR Administrator Reference Set Up Active Directory Permissions 5.4.2 Scenario 2 – One SBR Plug-In Handles All Domains SBR Plug-Ins in one domain handle all domains. The Digipass Configuration Container should be located in the domain to which the SBR Plug-Ins belong. Give the necessary access to User and Digipass data: Domain Global group In the SBR server Domain - 1. Create a Domain Global group. 2. Add the SBR Plug-Ins to the Domain Global group (check which machines are in the 'RAS and IAS Servers' group to ensure the correct additions). Domain Local groups For each other Domain - 3. Create a Domain Local group. 4. Give the Domain Local group the required permissions (run the setupaccess command - See 2.5 DPADadmin Utility for more information). 5. Add the Domain Global group from the SBR Plug-In Domain to the Domain Local group. 5.4.3 Scenario 3 - Combination This scenario represents more complex setups, where a combination of steps from Scenarios 1 and 2 will be required. Use the steps given in the first two scenarios as a guide for what you will need to do for the combination scenario. © 2006 VASCO Data Security Inc. 67
Page 1 and 2:
Modify these field values (right-cl
Page 3 and 4:
Digipass Plug-In for SBR Administra
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16: Digipass Plug-In for SBR Administra
Page 65: Digipass Plug-In for SBR Administra
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185:
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?