Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference Field Listings Field Name in Administration Interfaces Search Upwards in Org. Unit hierarchy Description Digipass Serial Number during a Self-Assignment login. It allows the SBR Plug-In to easily recognise that a Self-Assignment attempt is being made and extract the Serial Number from the credentials. This controls the search scope for an available Digipass for Auto-Assignment or for a specific Digipass for Self-Assignment. This setting does not affect manual assignment by an administrator. Options: Default Use the setting of the parent Policy. No The search scope is only the Organizational Unit in which the User account belongs. If the User does not belong to an Organizational Unit (ODBC Database only), the search will look for Digipass that also do not belong to an Organizational Unit. Yes The search will start in the User account's Organizational Unit, but if necessary it will then move upwards through the Organizational Unit hierarchy until it reaches the top. At the top, in the case of Active Directory, the Digipass-Pool container will be searched instead of the Domain Root. See the Location of Digipass Records topic in the Product Guide for more information. Application Names The Policy can specify a restriction on which Digipass Applications may be used when it is effective. If the list is empty, there is no restriction. If there are one or more entries, they will indicate the Application Names that are permitted. Application Type The Policy can restrict which Digipass Application Type (eg. Response Only, Challenge/Response) may be used when it is effective. Options: Default Use the setting of the parent Policy. No Restriction Digipass Application Type is not restricted. Response Only Only Digipass Applications of Type RO (Response Only) may be used. Challenge/Response Only Digipass Applications of Type CR (Challenge/Response) may be used. Digipass Types The Policy can specify a restriction on which Digipass Types may be used when it is effective. If the list is empty, there is no restriction. If there are one or more entries, they will indicate the Digipass Types that are permitted. Allow PIN change Specifies whether Digipass Users will be allowed to change their Server PIN during logins to which the current Policy applies. Normally this setting is enabled, but it can be used to prevent PIN changes if required. 1-Step Challenge/Response – Permitted 1-Step Challenge/Response – Challenge Length Controls whether 1-step Challenge/Response logins will be enabled for the current Policy and, if so, where the challenge should originate. Note that 1-step Challenge/Response is not applicable in a RADIUS environment. Options: Default No 1-step Challenge/Response may not be used. Yes – Server Challenge 1-step Challenge/Response may be used provided that the authentication server that verifies the response generated the challenge. Yes – Any Challenge 1-step Challenge/Response may be used with any random challenge. Specifies the length of the challenge (excluding a check digit) which should be generated for 1-step Challenge/Response logins. 1-Step A check digit may be added to the generated challenge. This allows the Digipass to more © 2006 VASCO Data Security Inc. 90
Digipass Plug-In for SBR Administrator Reference Field Listings Field Name in Administration Interfaces Challenge/Response – Add Check Digit 2-Step Challenge/Response – Request Method 2-Step Challenge/Response – Request Keyword Primary Virtual Digipass – Request Method Primary Virtual Digipass – Request Keyword Backup Virtual Digipass – Enable Backup VDP quickly identify invalid Challenges. Description The method by which a User has to request a 2-step Challenge/Response login. This is the only mode of Challenge/Response available in a RADIUS environment. The 'request' is made in the password field during login. The request will be ignored if the User does not have a Challenge/Response-capable Digipass assigned. Options: Default Use the setting of the parent Policy. None Do not use 2-step Challenge/Response. Keyword Use the Request Keyword. For Challenge/Response, this is permitted to be blank. Password Use the static password. KeywordPassword Use the Request Keyword followed by the static password. No separator characters or whitespace should be between them. PasswordKeyword Use the static password followed by the Request Keyword. No separator characters or whitespace should be between them. Defines the Keyword that a User must enter to request a 2-step Challenge/Response login, if a method using a Keyword is selected in the Request Method. For Challenge/Response, this is permitted to be blank. The method by which a User has to request a Primary Virtual Digipass login. The 'request' is made in the password field during login. The request will be ignored if the User does not have a Primary Virtual Digipass assigned. Options: Default Use the setting of the parent Policy. None Do not use Primary Virtual Digipass. Keyword Use the Request Keyword. For Primary Virtual Digipass, this is not permitted to be blank. Password Use the static password. KeywordPassword Use the Request Keyword followed by the static password. No separator characters or whitespace should be between them. PasswordKeyword Use the static password followed by the Request Keyword. No separator characters or whitespace should be between them. Defines the Keyword that a User must enter to request a Primary Virtual Digipass login, if a method using a Keyword is selected in the Request Method. For Primary Virtual Digipass, this is not permitted to be blank. Specifies whether and how the Backup Virtual Digipass feature can be used when this Policy is effective. Note that in order for the Backup Virtual Digipass feature to function, it must also be activated in the DPX file for the Digipass. Options: Default Use the setting of the parent Policy. No Backup Virtual Digipass is not permitted. Yes - Permitted Backup Virtual Digipass is permitted, but not mandatory. The Time Limit is not applicable when using this option, but the Max. Uses/User limit is. Yes – Time Limited Backup Virtual Digipass is permitted, but not mandatory. Both the Time Limit and the Max. Uses/User limit will be in effect. Yes - Required Backup Virtual Digipass is mandatory. The Time Limit is not applicable when using this option, but the © 2006 VASCO Data Security Inc. 91
Page 1 and 2:
Modify these field values (right-cl
Page 3 and 4:
Digipass Plug-In for SBR Administra
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40: Digipass Plug-In for SBR Administra
Page 89: Digipass Plug-In for SBR Administra
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185:
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?