Digipass Plug-In for IAS Product Guide - Vasco

More documents

Recommendations

Info

Digipass Plug-In for IAS Product Guide Digipass 2.3 Digipass Records 2.3.1 Location of Digipass Records When a Digipass is assigned to a User, it is moved to the same location as the Digipass User account it is assigned to. This makes it easier to set up the permissions necessary for delegated administration. Note A Digipass record will not automatically be moved when the User account to which it is assigned is moved to another location. When moving User accounts within Active Directory, ensure that the records of any assigned Digipass are manually moved to the same location. Unassigned Digipass records may be stored in various places in the domain: Digipass Pool During installation, a container is created in the Domain called Digipass-Pool. This is intended as a general store for unassigned Digipass, regardless of which administrator is performing assignment. Organizational Units Digipass can be loaded or moved either into the exact Organizational Units where the User accounts to which they will be assigned are located, or into a few key Organizational Units in the hierarchy where they may be assigned to Users in lower level Organizational Units. Users Container Digipass can be loaded into the Users container, so they are available for Users in that container. However, it is not recommended to use the Users container for either User accounts or Digipass. Note The IAS Plug-In will always find or assign the closest available Digipass record to the selected User record(s). When looking for an available Digipass to assign to a User, the IAS Plug-In will first look in the same location as the specific User account. The Search Upwards in Organizational Unit hierarchy option, when enabled, allows the IAS Plug-In to search in parent Organizational Units and the Digipass Pool container. This option may be set at the Policy level for system searches (eg. Auto-Assignment and Self-Assignment) or at the time of the search for manual assignment. If the assignment is manual (performed by an administrator), it will only find and successfully assign Digipass from locations where the administrator has the correct permissions. The administrator must have read permission for Digipass objects in the location to find a Digipass record, and if it needs to be moved to the User's location, they must have delete permission for Digipass objects to successfully assign the Digipass. If the administrator has sufficient © 2005 VASCO Data Security Inc. 30
Digipass Plug-In for IAS Product Guide Digipass permissions to view a Digipass record but not to assign it, the assignment will fail. Record Location Digipass Pool Only administrators with access to the Digipass Pool may view or modify records for unassigned Digipass. This also means that only those administrators may manually assign Digipass. Organizational Unit Users Container Pros Cons Digipass may be portioned out to various Organizational Units. This is particularly useful where a company is contracted to provide authentication services to multiple companies, or where various departments have different Digipass quota. Digipass can be assigned to any User in the Users container. Table 3: Summary of Digipass Record Location Options An extra permission must be assigned all administrators who should be able to assign Digipass (if they are not Domain Admins). It is not possible to strictly subdivide the unassigned Digipass among the Organizational Units according to quotas. If an Organizational Unit runs out of Digipass to assign its Users, more Digipass records must be manually moved to the right location. Digipass in the Users container are only available to User accounts stored there. © 2005 VASCO Data Security Inc. 31
Page 1 and 2: Digipass Plug-In for IAS IAS Plug-I
Page 3 and 4: Digipass Plug-In for IAS Product Gu
Page 29: Digipass Plug-In for IAS Product Gu
Page 73: Digipass Plug-In for IAS Product Gu

Digipass Plug-In for IAS Product Guide - Vasco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?