Digipass Plug-In for SBR Administrator Reference - Vasco

More documents

Recommendations

Info

Digipass Plug-In for SBR Administrator Reference Field Listings Field Name in Administration Interfaces Backup Virtual Digipass – Time Limit Backup Virtual Digipass – Max. Uses/User Backup Virtual Digipass – Request Method Backup Virtual Digipass – Request Keyword Identification Time Window Description Max. Uses/User limit is. When the Enable Backup VDP setting is Yes – Time Limited, the Time Limit setting indicates the number of days for which the Backup Virtual Digipass feature may be used by a User, once they start using it. The Backup Virtual Digipass Enabled Until setting on the Digipass record will be set automatically the first time that the User requests a Backup Virtual Digipass OTP, using the Time Limit defined in the Policy. Once this date has expired, it requires administrator intervention either to extend it or to reset it to blank for the next time that the User needs to use Backup Virtual Digipass. Note that if a User has more than one Digipass capable of Backup Virtual Digipass, they will have a separate limit for each one. The maximum number of uses of the Backup Virtual Digipass feature permitted for each User, if they do not have a specific limit set for them. If the Backup Virtual Digipass Uses Remaining on the Digipass record is blank and there is a Max. Uses/User limit defined in the Policy, the Uses Remaining will be set automatically the first time that the User requests a Backup Virtual Digipass OTP. Once the Uses Remaining has reached zero, Backup Virtual Digipass can no longer be used with this Digipass, unless the administrator increases it or resets it to blank. Note that if a User has more than one Digipass capable of Backup Virtual Digipass, they will have a separate limit for each one. The method by which a User has to request a Backup Virtual Digipass login. The 'request' is made in the password field during login. The request will be ignored if the User does not have a Digipass assigned that is activated for the Backup Virtual Digipass feature, or if other Policy or Digipass settings do not permit Backup Virtual Digipass use. Options: Default Use the setting of the parent Policy. None Do not use Backup Virtual Digipass. Keyword Use the Request Keyword. For Backup Virtual Digipass, this is not permitted to be blank. Password Use the static password. KeywordPassword Use the Request Keyword followed by the static password. No separator characters or whitespace should be between them. PasswordKeyword Use the static password followed by the Request Keyword. No separator characters or whitespace should be between them. Defines the Keyword that a User must enter to request a Backup Virtual Digipass login, if a method using a Keyword is selected in the Request Method. For Backup Virtual Digipass, this is not permitted to be blank. Controls the maximum number of time steps' variation allowable between a Digipass and the authentication server during login. This only applies to time-based Response Only and Challenge/Response Applications. The Dynamic Time Window option may be used to allow more variation according to the length of time since the last successful login. If this setting is not specified at all, there is an inbuilt default value of 20. Signature Time Window Controls the maximum number of time steps' variation allowable between a Digipass and the authentication server during Digital Signature verification. This only applies to timebased Signature Applications. If this setting is not specified at all, there is an inbuilt default value of 24. Signature Applications are not currently used in RADIUS environments. Initial Time Window Controls the maximum allowed time variation allowable between a Digipass and the authentication server, the first time that the Digipass is used. The time is specified in hours. This Initial Time Window is also used directly after a Reset Application operation, which can be used if it appears that the internal clock in the Digipass has drifted too much since © 2006 VASCO Data Security Inc. 92
Digipass Plug-In for SBR Administrator Reference Field Listings Field Name in Administration Interfaces Description the last successful login. This only applies to time-based Applications. In either case, after the first successful login, the Initial Time Window is no longer active. If this setting is not specified at all, there is an inbuilt default value of 6. Event Window Controls the maximum number of events' variation allowable between a Digipass and the authentication server during login that uses an event-based Application. If this setting is not specified at all, there is an inbuilt default value of 20. Identification Threshold Specifies the number of consecutive failed authentication attempts allowed before the Digipass Application is locked from future authentication attempts. This locking mechanism is separate from the User Lock Threshold and is normally not necessary. It only applies when a single Digipass Application can be used for a login, either because the User only has one Digipass with one Application, or because the Policy restrictions narrow the list down to one Digipass Application. If Policy restrictions are used in this way, the Identification Threshold can be used to lock a User out of one kind of login (eg. a VPN) while still permitting them to use another kind (eg. Wireless). If this setting is not specified at all, this feature is not used. Signature Threshold Specifies the number of consecutive failed Digital Signature authentication attempts allowed before the Digipass Application is set to be locked from future authentication attempts. If this setting is not specified at all, this feature is not used. Signature Applications are not currently used in RADIUS environments. Max. Days Since Last Use This setting specifies the maximum number of days for which a Digipass Application can go unused for authentication. After this limit, authentication will be rejected until an admnistrator performs a Reset Application operation. If this setting is not specified at all, this feature is not used. Challenge Check Mode This setting is for advanced control over time-based Challenge/Response authentication. The value 1 should be used for standard RADIUS challenge/response. This is the inbuilt default value if the setting is not specified at all. 0 No check is made. This is necessary for 1-step Challenge/Response. 1 The challenge presented for verification must be the last one that was generated specifically for that Digipass. This is the normal mode of operation in 2-step Challenge/Response. 2 The challenge presented for verification is ignored; the last one that was generated specifically for that Digipass is used. This is rarely applicable. 3 Only one verification is permitted per time step. This option only applies to time-based Challenge/Response. This is a method of avoiding a potential replay of a captured response if the same challenge comes up again in the same time step. 4 If the same challenge and response are presented for verification twice in a row during the same time step, they are rejected. This is an advanced method of avoiding a potential replay of a capture challenge/response. Online Signature Level This setting is for advanced control of Digital Signature authentication, and is not applicable currently. Signature Applications are not currently used in RADIUS environments. © 2006 VASCO Data Security Inc. 93
Page 1 and 2:
Modify these field values (right-cl
Page 3 and 4:
Digipass Plug-In for SBR Administra
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42: Digipass Plug-In for SBR Administra
Page 91: Digipass Plug-In for SBR Administra
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185:
show all

Digipass Plug-In for SBR Administrator Reference - Vasco

Create successful ePaper yourself

Delete template?

Save as template?