Digipass Plug-In for SBR Administrator Reference - Vasco
Digipass Plug-In for SBR Administrator Reference - Vasco
Digipass Plug-In for SBR Administrator Reference - Vasco
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>SBR</strong> <strong>Administrator</strong> <strong>Reference</strong> Field Listings<br />
Field Name in<br />
Administration<br />
<strong>In</strong>terfaces<br />
Search Upwards in Org.<br />
Unit hierarchy<br />
Description<br />
<strong>Digipass</strong> Serial Number during a Self-Assignment login. It allows the <strong>SBR</strong> <strong>Plug</strong>-<strong>In</strong> to easily<br />
recognise that a Self-Assignment attempt is being made and extract the Serial Number from<br />
the credentials.<br />
This controls the search scope <strong>for</strong> an available <strong>Digipass</strong> <strong>for</strong> Auto-Assignment or <strong>for</strong> a<br />
specific <strong>Digipass</strong> <strong>for</strong> Self-Assignment.<br />
This setting does not affect manual assignment by an administrator.<br />
Options:<br />
Default Use the setting of the parent Policy.<br />
No The search scope is only the Organizational Unit in which the User<br />
account belongs. If the User does not belong to an Organizational<br />
Unit (ODBC Database only), the search will look <strong>for</strong> <strong>Digipass</strong> that<br />
also do not belong to an Organizational Unit.<br />
Yes The search will start in the User account's Organizational Unit, but if<br />
necessary it will then move upwards through the Organizational Unit<br />
hierarchy until it reaches the top. At the top, in the case of Active<br />
Directory, the <strong>Digipass</strong>-Pool container will be searched instead of the<br />
Domain Root. See the Location of <strong>Digipass</strong> Records topic in the<br />
Product Guide <strong>for</strong> more in<strong>for</strong>mation.<br />
Application Names The Policy can specify a restriction on which <strong>Digipass</strong> Applications may be used when it is<br />
effective. If the list is empty, there is no restriction. If there are one or more entries, they<br />
will indicate the Application Names that are permitted.<br />
Application Type The Policy can restrict which <strong>Digipass</strong> Application Type (eg. Response Only,<br />
Challenge/Response) may be used when it is effective.<br />
Options:<br />
Default Use the setting of the parent Policy.<br />
No Restriction <strong>Digipass</strong> Application Type is not restricted.<br />
Response Only Only <strong>Digipass</strong> Applications of Type RO (Response Only) may be<br />
used.<br />
Challenge/Response Only <strong>Digipass</strong> Applications of Type CR (Challenge/Response) may be<br />
used.<br />
<strong>Digipass</strong> Types The Policy can specify a restriction on which <strong>Digipass</strong> Types may be used when it is<br />
effective. If the list is empty, there is no restriction. If there are one or more entries, they<br />
will indicate the <strong>Digipass</strong> Types that are permitted.<br />
Allow PIN change Specifies whether <strong>Digipass</strong> Users will be allowed to change their Server PIN during logins<br />
to which the current Policy applies. Normally this setting is enabled, but it can be used to<br />
prevent PIN changes if required.<br />
1-Step<br />
Challenge/Response –<br />
Permitted<br />
1-Step<br />
Challenge/Response –<br />
Challenge Length<br />
Controls whether 1-step Challenge/Response logins will be enabled <strong>for</strong> the current Policy<br />
and, if so, where the challenge should originate.<br />
Note that 1-step Challenge/Response is not applicable in a RADIUS environment.<br />
Options:<br />
Default<br />
No 1-step Challenge/Response may not be used.<br />
Yes – Server<br />
Challenge<br />
1-step Challenge/Response may be used provided that the<br />
authentication server that verifies the response generated the<br />
challenge.<br />
Yes – Any Challenge 1-step Challenge/Response may be used with any random challenge.<br />
Specifies the length of the challenge (excluding a check digit) which should be generated <strong>for</strong><br />
1-step Challenge/Response logins.<br />
1-Step A check digit may be added to the generated challenge. This allows the <strong>Digipass</strong> to more<br />
© 2006 VASCO Data Security <strong>In</strong>c. 90