Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> Overview<br />
1.4.2 Policies<br />
Policies specify various login settings which can affect how a User must log in. The Policy used<br />
<strong>for</strong> a specific authentication request is decided based on the RADIUS Client that transmitted<br />
the request or based on the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> component that handles the request.<br />
Some policy settings include:<br />
Whether Local and/or Back-End Authentication should be used<br />
Whether various automatic management features should be used<br />
The <strong>Digipass</strong> Application types required <strong>for</strong> login<br />
Backup Virtual <strong>Digipass</strong> settings<br />
1.4.3 <strong>Digipass</strong> User Account<br />
A <strong>Digipass</strong> User account is attached to an Active Directory User account, by including<br />
additional attributes. These attributes are stored in an auxiliary class attached to the User<br />
object class. The account is created to hold authentication settings <strong>for</strong> the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>. It<br />
includes settings such as <strong>Digipass</strong> assignment and authentication overrides.<br />
The <strong>Digipass</strong> User account contains some login settings that affect how a User must log in.<br />
These settings can be used to override equivalent settings in the relevant Policy.<br />
A <strong>Digipass</strong> User account is created as required <strong>for</strong> a User record in Active Directory – <strong>for</strong><br />
example when a <strong>Digipass</strong> must be assigned or <strong>Digipass</strong> User account settings modified. When<br />
Auto-Assignment is enabled (see later), creation of the account via Dynamic User Registration<br />
is the trigger <strong>for</strong> a <strong>Digipass</strong> to be automatically assigned to the User.<br />
1.4.3.1 <strong>Digipass</strong> User Account Settings<br />
Stored Static Password<br />
This may be used when local authentication is enabled and back-end authentication disabled,<br />
to avoid using the Windows static password <strong>for</strong> remote network access. It can be used <strong>for</strong><br />
authenticating a User when a <strong>Digipass</strong> has not been assigned, or the assigned <strong>Digipass</strong> is still<br />
in the grace period. It can also be used <strong>for</strong> the Virtual <strong>Digipass</strong> feature, which requires a static<br />
password to be used in addition to the transmitted OTP.<br />
Local Authentication<br />
See 1.4.1 Local and Back-End Authentication.<br />
The <strong>Digipass</strong> User account setting overrides<br />
the Policy setting of the same name.<br />
Back-End Authentication<br />
See 1.4.1 Local and Back-End Authentication.<br />
The <strong>Digipass</strong> User account setting overrides<br />
the Policy setting of the same name.<br />
Disabled<br />
Specifies whether the Active Directory User account has been disabled. If so, the User will be<br />
rejected by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>.<br />
Locked<br />
If a <strong>Digipass</strong> User account is locked, the User will be unable to log in until it is unlocked by an<br />
administrator.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 15