Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> <strong>Digipass</strong><br />
2.3 <strong>Digipass</strong> Records<br />
2.3.1 Location of <strong>Digipass</strong> Records<br />
When a <strong>Digipass</strong> is assigned to a User, it is moved to the same location as the <strong>Digipass</strong> User<br />
account it is assigned to. This makes it easier to set up the permissions necessary <strong>for</strong><br />
delegated administration.<br />
Note<br />
A <strong>Digipass</strong> record will not automatically be moved when the User account to<br />
which it is assigned is moved to another location. When moving User accounts<br />
within Active Directory, ensure that the records of any assigned <strong>Digipass</strong> are<br />
manually moved to the same location.<br />
Unassigned <strong>Digipass</strong> records may be stored in various places in the domain:<br />
<strong>Digipass</strong> Pool<br />
During installation, a container is created in the Domain called <strong>Digipass</strong>-Pool. This is intended<br />
as a general store <strong>for</strong> unassigned <strong>Digipass</strong>, regardless of which administrator is per<strong>for</strong>ming<br />
assignment.<br />
Organizational Units<br />
<strong>Digipass</strong> can be loaded or moved either into the exact Organizational Units where the User<br />
accounts to which they will be assigned are located, or into a few key Organizational Units in<br />
the hierarchy where they may be assigned to Users in lower level Organizational Units.<br />
Users Container<br />
<strong>Digipass</strong> can be loaded into the Users container, so they are available <strong>for</strong> Users in that<br />
container. However, it is not recommended to use the Users container <strong>for</strong> either User accounts<br />
or <strong>Digipass</strong>.<br />
Note<br />
The <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will always find or assign the closest available <strong>Digipass</strong> record<br />
to the selected User record(s).<br />
When looking <strong>for</strong> an available <strong>Digipass</strong> to assign to a User, the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will first look in the<br />
same location as the specific User account. The Search Upwards in Organizational Unit<br />
hierarchy option, when enabled, allows the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> to search in parent Organizational<br />
Units and the <strong>Digipass</strong> Pool container. This option may be set at the Policy level <strong>for</strong> system<br />
searches (eg. Auto-Assignment and Self-Assignment) or at the time of the search <strong>for</strong> manual<br />
assignment.<br />
If the assignment is manual (per<strong>for</strong>med by an administrator), it will only find and successfully<br />
assign <strong>Digipass</strong> from locations where the administrator has the correct permissions. The<br />
administrator must have read permission <strong>for</strong> <strong>Digipass</strong> objects in the location to find a <strong>Digipass</strong><br />
record, and if it needs to be moved to the User's location, they must have delete permission<br />
<strong>for</strong> <strong>Digipass</strong> objects to successfully assign the <strong>Digipass</strong>. If the administrator has sufficient<br />
© 2005 VASCO Data Security <strong>In</strong>c. 30