Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> <strong>Digipass</strong> User Accounts<br />
3 <strong>Digipass</strong> User Accounts<br />
3.1 User Account Identification<br />
The <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> requires a User ID (SAM-Account-Name) and domain (Fully Qualified Domain<br />
Name) <strong>for</strong> each User logging in through it. These are collected in various ways, depending on<br />
the in<strong>for</strong>mation entered by the User.<br />
If the User enters:<br />
Format Example Method Used to Identify User Account<br />
UPN user@domain.com The Global Catalog is utilized to translate this into User ID and<br />
domain. *<br />
Windows NT <strong>for</strong>mat DOMAIN\user The Global Catalog is utilized to translate this into User ID and<br />
domain. *<br />
User ID User <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will use the default domain set in the applicable Policy<br />
if defined, otherwise it will use the Configuration Domain set in<br />
the configuration file <strong>for</strong> the <strong>Plug</strong>-<strong>In</strong>.<br />
Table 6: User Account Identification Methods<br />
* Access to a Global Catalog is there<strong>for</strong>e required by the <strong>Plug</strong>-<strong>In</strong>.<br />
3.2 <strong>Digipass</strong> User Account Creation<br />
A <strong>Digipass</strong> User account can be created in a number of ways:<br />
3.2.1 Manual Creation<br />
A <strong>Digipass</strong> User Account can be created manually <strong>for</strong> a User account in Active Directory.<br />
3.2.2 User Self-Management Web Site<br />
Enabling Dynamic User Registration on a system which includes the User Self-Management<br />
Web Site will allow Users to create their own <strong>Digipass</strong> User Account via the web site.<br />
3.2.3 Dynamic User Registration<br />
When the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> receives an authentication request <strong>for</strong> a User without a <strong>Digipass</strong> User<br />
account, it can check the credentials with Windows. If the authentication is successful with<br />
Windows, the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> can create a <strong>Digipass</strong> User account automatically <strong>for</strong> the User. This<br />
process is called Dynamic User Registration (DUR) and can be enabled via the Administration<br />
MMC <strong>In</strong>terface.<br />
This feature is commonly used in conjunction with Auto-Assignment, so that the new account<br />
is immediately assigned a <strong>Digipass</strong>.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 42