Digipass Plug-In for IAS Product Guide - Vasco

Digipass Plug-In for IAS Product Guide Digipass User Accounts
3 Digipass User Accounts
3.1 User Account Identification
The IAS Plug-In requires a User ID (SAM-Account-Name) and domain (Fully Qualified Domain
Name) for each User logging in through it. These are collected in various ways, depending on
the information entered by the User.
If the User enters:
Format Example Method Used to Identify User Account
UPN user@domain.com The Global Catalog is utilized to translate this into User ID and
domain. *
Windows NT format DOMAIN\user The Global Catalog is utilized to translate this into User ID and
domain. *
User ID User IAS Plug-In will use the default domain set in the applicable Policy
if defined, otherwise it will use the Configuration Domain set in
the configuration file for the Plug-In.
Table 6: User Account Identification Methods
* Access to a Global Catalog is therefore required by the Plug-In.
3.2 Digipass User Account Creation
A Digipass User account can be created in a number of ways:
3.2.1 Manual Creation
A Digipass User Account can be created manually for a User account in Active Directory.
3.2.2 User Self-Management Web Site
Enabling Dynamic User Registration on a system which includes the User Self-Management
Web Site will allow Users to create their own Digipass User Account via the web site.
3.2.3 Dynamic User Registration
When the IAS Plug-In receives an authentication request for a User without a Digipass User
account, it can check the credentials with Windows. If the authentication is successful with
Windows, the IAS Plug-In can create a Digipass User account automatically for the User. This
process is called Dynamic User Registration (DUR) and can be enabled via the Administration
MMC Interface.
This feature is commonly used in conjunction with Auto-Assignment, so that the new account
is immediately assigned a Digipass.
© 2005 VASCO Data Security Inc. 42