Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> <strong>Digipass</strong> User Accounts<br />
3.5 Authenticating Users<br />
Authentication settings may be applied to an individual User account, although typically these<br />
will be set by the Policy.<br />
3.5.1 Authentication Settings<br />
<strong>Digipass</strong> User account and Policy settings control the authentication process as follows:<br />
The authentication settings <strong>for</strong> a <strong>Digipass</strong> User account override a Policy setting.<br />
The relevant Policy is referred to if the authentication setting <strong>for</strong> a <strong>Digipass</strong> User account<br />
is “Default” or if a <strong>Digipass</strong> User account does not exist <strong>for</strong> the login.<br />
3.5.2 Local Authentication<br />
'Local' authentication is a term used to describe the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> authenticating a login based<br />
on in<strong>for</strong>mation in its data store and the One Time Password entered during the login.<br />
The Local Authentication setting specifies whether the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will authenticate a login<br />
based on an OTP or stored static password. Back-end authentication may also be utilized – in<br />
the latter two options, an authentication request will only be checked with the back-end<br />
authenticator if it passes authentication by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>.<br />
None<br />
The <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will not authenticate the User's credentials – the request will typically be<br />
checked with the back-end authenticator.<br />
<strong>Digipass</strong>/Password<br />
The <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will always process authentication requests. If a User has had a <strong>Digipass</strong><br />
assigned, they must use an OTP during login, unless a Grace Period is still active <strong>for</strong> the<br />
<strong>Digipass</strong>. If a User does not have a <strong>Digipass</strong> assigned, they can use their static password to<br />
log in. The static password entered will be checked against the stored static password or if<br />
Back-End Authentication is used, the Windows static password.<br />
<strong>Digipass</strong> Only<br />
The <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will always process authentication requests. Users must login using an OTP.<br />
Users without <strong>Digipass</strong> will not be able to log in.<br />
3.5.3 Back-End Authentication<br />
'Back-end' authentication applies to the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> checking login details (User ID and static<br />
password) with another system – Windows. This is used by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> mostly <strong>for</strong> the<br />
Dynamic User Registration and Self-Assignment processes.<br />
Back-end authentication settings specify whether the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will pass on an<br />
authentication request to Windows. The User's static password is required <strong>for</strong> this step, and is<br />
retrieved from either the login, or the stored static password in the <strong>Digipass</strong> User Account.<br />
None<br />
The <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> will not utilize back-end authentication.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 48