Digipass Plug-In for IAS Product Guide - Vasco

More documents

Recommendations

Info

Digipass Plug-In for IAS Product Guide Digipass 2.4 Digipass Record Functions A number of functions are available in the Digipass Extension for Active Directory Users and Computers to administer Digipass records. These are typically required for maintenance – eg. a User has forgotten their Server PIN, or a Digipass has been locked. 2.4.1 Reset Application A Digipass Application may need to be reset if the time difference between it and the server needs to be recalculated. This would typically be for time-based Response Only Digipass after a very long period of inactivity. The 'reset' widens the allowable time window for the next login, allowing the User to log in and the IAS Plug-In to calculate the current time shift. 2.4.2 Set Event Counter If the event count for an event-based application has become unsynchronised between the Digipass and the server, this function can be used to set the server event count to the event count on the Digipass. 2.4.3 Reset PIN If a User’s Server PIN needs to be changed – usually because the User has forgotten it – then it can be reset, and the User can create a new Server PIN when they next log in. This may be done when unassigning or re-assigning a Digipass. 2.4.4 Force PIN Change This function can be used when an administrator wants a User to change their Server PIN on their next login. This may be desirable as a security measure. 2.4.5 Set PIN A User’s Server PIN can be set to a specific value and communicated to the User. 2.4.6 Unlock Digipass If a User incorrectly enters their Digipass PIN into their Digipass a predetermined number of times, the Digipass will become locked. Once locked, the assistance of an administrator will be required to unlock it. This function allows an administrator to provide the User with an Unlock Code to enter into their Digipass. 2.4.7 Reset Application Lock If a User has attempted to log in with incorrect details too many times, the Digipass Application used may be locked, depending on Policy settings. This function can be used to set the record for the Digipass Application to the status of unlocked. This differs from User locking, as the User may still log in with a different Digipass. 2.4.8 Test a Digipass Application Use this function to check that a Digipass Application is working as expected. There is also a function to test the Backup Virtual Digipass functionality. © 2005 VASCO Data Security Inc. 36
Digipass Plug-In for IAS Product Guide Digipass 2.5 Assigning Digipass to Users Digipass may be assigned to Users in a number of ways, depending on the requirements of your company. For example, a company with only a few User accounts may use Manual Assignment. A larger company needing to distribute large numbers of Digipass may find it easier to simply distribute the Digipass and require each User to go through Self-Assignment. Note Digipass records must be imported into Active Directory before being assigned to Users. They may be imported into a general-purpose 'Digipass Pool' or into the specific Organizational Units where they are needed. They must be in the same domain as the User to whom they are being assigned. 2.5.1 Digipass Assignment Options The diagram below shows the basic assignment process used for the three main assignment methods which may be set in a Policy. Image 18: Assignment Method Processes © 2005 VASCO Data Security Inc. 37
Page 1 and 2: Digipass Plug-In for IAS IAS Plug-I
Page 3 and 4: Digipass Plug-In for IAS Product Gu
Page 35: Digipass Plug-In for IAS Product Gu
Page 73: Digipass Plug-In for IAS Product Gu

Digipass Plug-In for IAS Product Guide - Vasco

Create successful ePaper yourself

Delete template?

Save as template?