Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference Field Listings Field Name in Administration Interfaces Description Self-Assignment Password Autolearn Requesting a Challenge or Virtual Digipass OTP, when the Request Method includes a Password Static password authentication, when verifying a Virtual Digipass password-OTP combination or during the Grace Period Always The SBR Plug-In will utilize Back-End Authentication for every authentication request. Back-End Protocol Specifies the protocol to be used for Back-End Authentication. Options: Windows Authentication using the Windows operating system. RADIUS Authentication using a RADIUS server. This option is not available in Digipass Plug-In for SBR. Created On The date and time that the Policy was created. Read-only. Last Modified On The date and time that the Policy was last modified. Read-only. Dynamic User Registration Specifies whether the Dynamic User Registration (DUR) feature is enabled for the Policy. If this feature is used, when the SBR Plug-In receives an authentication request for a User for the first time and Back-End Authentication is successful, it will create a Digipass User account automatically. If DUR is used in conjunction with Auto-Assignment, a Digipass will be assigned to the new User account immediately. Password Autolearn Specifies whether the Password Autolearn feature is enabled for the Policy. This feature enables the SBR Plug-In to update the password stored in the Digipass User account when Back-End Authentication is successful. In Digipass Plug-In for SBR it is normally not necessary to store the password in the Digipass User account, so this feature is not typically used. Stored Password Proxy Specifies whether the Stored Password Proxy feature is enabled for the Policy. This feature can be used in conjunction with the Back-End Authentication Always setting and the Password Autolearn feature, so that even though a Back-End Authentication check is done every login, it is done using the password stored in the Digipass User account, so the User does not have to enter it during their login unless it has just changed. In Digipass Plug-In for SBR it is normally not necessary to perform a Back-End Authentication check at each login, so this feature is not typically used. Default Domain The default Domain in which the SBR Plug-In should look for and create Digipass User accounts, if a Domain is not specified by the login credentials. Active Directory only: If the User logs in with the User-Principal-Name format (eg. testuser@vasco.com) or the NT4 style format (eg. VASCO\testuser), the Default Domain is not used. However, if they log in with just a UserId (eg. testuser), the Default Domain will be used if specified. In the case that no Domain is implied by the login credentials and there is no Default Domain, the SBR Plug-In will search in its Configuration Domain. This must be the fully qualified domain name. ODBC Database only: Windows User Name Resolution can be used, in which case the User-Principal-Name and NT4 style formats will determine the Domain. If the Domain is not determined by that method, a simple UPN-like format (ie. testuser@vasco.com) will identify the Domain, when the Domain exists in the database. In either case, if no Domain has been identified, the Policy's Default Domain will be used if it is defined. Finally, if there is no Default Domain, the Master Domain will be used. User Lock Threshold This indicates the number of consecutive failed login attempts that will cause a Digipass User account to become Locked. For example, if the User Lock Threshold is 3, the account will become Locked on the third failed login attempt. Unlocking the account requires administrator action. Note that not all kinds of login failure will result in locking. For example, if the UserId is © 2006 VASCO Data Security Inc. 88
Digipass Plug-In for SBR Administrator Reference Field Listings Field Name in Administration Interfaces Windows Group Check (radio buttons) Description incorrect or the account is Disabled, the failure would not count towards the lock threshold. Locking is used mainly for incorrect OTPs and static passwords. Specifies whether and how the Windows Group Check feature is to be used. This feature is typically used for a staged deployment of Digipass when the Auto-Assignment method is used. It can also be used when only some Users are required to use Digipass or when only some Users will be permitted access and they have to use Digipass. Options: Default Use the setting of the parent Policy. No check Do not use the Windows Group Check feature. Pass requests for users not in listed groups back to host system Reject requests for users not in listed group Use only Back-End Authentication for users not in listed groups Use the Windows Group Check so that any Users who are not in one of the listed groups are ignored by the SBR Plug-In. Use the Windows Group Check so that any Users who are not in one of the listed groups are rejected by the SBR Plug-In. Use Back-End Authentication only for any Users who are not in one of the listed groups. Group List This lists the names of the Windows Groups to be checked according to the Windows Group Check radio button setting. There are some important limitations of this check: Certain built-in Active Directory groups such as Domain Users and Everyone will not be checked. The check is intended to be used with a new group created specifically for this purpose. Nested group membership will not be detected by the check. There is no Domain qualifier for a group. The named group must be created in each Domain where User accounts exist that need to be added to the group. In the case of an ODBC Database, a local machine group can be used also. Assignment Mode Specifies the method of automated Digipass Assignment that will be used for this Policy, if any. There are two methods, Auto-Assignment and Self-Assignment. Auto-Assignment is used in conjunction with Dynamic User Registration (DUR). When DUR occurs, the next available Digipass is assigned to the new Digipass User account. A Grace Period is set for the Digipass according to the Grace Period setting in the Policy. Self-Assignment is typically used with DUR also, but if the Digipass User accounts are created first by the administrator, DUR is not necessary. In the Self-Assignment mode, a User is able to assign themselves a Digipass by entering the Serial Number, a valid OTP from the Digipass and their static password. There is no Grace Period associated with Self- Assignment, because the User has to use the Digipass to perform Self-Assignment. In both cases, any Applicable Digipass restrictions for the Policy apply. For example, it will not be permitted to self-assign a DP300 if the Policy restricts Digipass Types to DPGO3 and DPGO1. In addition, if the User already has a Digipass assigned that meets the Policy restrictions, they will not be able to self-assign another Digipass. Options: Default Use the setting of the parent Policy. Auto-Assignment Use the Auto-Assignment method. Self-Assignment Use the Self-Assignment method. Neither Do not use either method of automated assignment. Grace Period Default time period (in days) to give Users between Auto-Assignment of a Digipass and the date they must start using their Digipass to login. Before that time they can still use a static password (unless the Local Authentication setting is Digipass Only). However, the first time that an OTP is used to log in, the Grace Period is ended at that point if it has not already ended. This setting does not affect manual assignment by an administrator. Serial No. Separator The character (or short sequence of characters) that will be included at the end of the © 2006 VASCO Data Security Inc. 89
Page 1 and 2:
Modify these field values (right-cl
Page 3 and 4:
Digipass Plug-In for SBR Administra
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38: Digipass Plug-In for SBR Administra
Page 87: Digipass Plug-In for SBR Administra
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185:
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?