Digipass Plug-In for IAS Product Guide - Vasco

More documents

Recommendations

Info

Digipass Plug-In for IAS Product Guide Digipass User Accounts 3.5 Authenticating Users Authentication settings may be applied to an individual User account, although typically these will be set by the Policy. 3.5.1 Authentication Settings Digipass User account and Policy settings control the authentication process as follows: The authentication settings for a Digipass User account override a Policy setting. The relevant Policy is referred to if the authentication setting for a Digipass User account is “Default” or if a Digipass User account does not exist for the login. 3.5.2 Local Authentication 'Local' authentication is a term used to describe the IAS Plug-In authenticating a login based on information in its data store and the One Time Password entered during the login. The Local Authentication setting specifies whether the IAS Plug-In will authenticate a login based on an OTP or stored static password. Back-end authentication may also be utilized – in the latter two options, an authentication request will only be checked with the back-end authenticator if it passes authentication by the IAS Plug-In. None The IAS Plug-In will not authenticate the User's credentials – the request will typically be checked with the back-end authenticator. Digipass/Password The IAS Plug-In will always process authentication requests. If a User has had a Digipass assigned, they must use an OTP during login, unless a Grace Period is still active for the Digipass. If a User does not have a Digipass assigned, they can use their static password to log in. The static password entered will be checked against the stored static password or if Back-End Authentication is used, the Windows static password. Digipass Only The IAS Plug-In will always process authentication requests. Users must login using an OTP. Users without Digipass will not be able to log in. 3.5.3 Back-End Authentication 'Back-end' authentication applies to the IAS Plug-In checking login details (User ID and static password) with another system – Windows. This is used by the IAS Plug-In mostly for the Dynamic User Registration and Self-Assignment processes. Back-end authentication settings specify whether the IAS Plug-In will pass on an authentication request to Windows. The User's static password is required for this step, and is retrieved from either the login, or the stored static password in the Digipass User Account. None The IAS Plug-In will not utilize back-end authentication. © 2005 VASCO Data Security Inc. 48
Digipass Plug-In for IAS Product Guide Digipass User Accounts Always The IAS Plug-In will send an authentication request to a back-end authenticator, using the protocol set for the Policy (Windows only at this stage). If Needed Back-end authentication will be used in situations where local authentication is not sufficient: Protocol Dynamic User Registration Self-Assignment Password Autolearn Requesting a challenge or Virtual Digipass OTP, when the Request Method includes a static password Static password authentication, when verifying a Virtual Digipass static password-OTP combination or during the Grace Period The IAS Plug-In needs to know the protocol to use in requesting authentication of a User's information. Windows is currently the only option. 3.5.4 User Account Locking A Digipass User account may be locked if the User has attempted, and failed, to log in a particular number of times. This number can be set in the Policy. Once the account is locked, an administrator must manually unlock it. Until it is unlocked, the User will be unable to log in. 3.5.5 Windows Group Check Specific Windows Groups can be selected for authentication by the IAS Plug-In. This feature might be used when: Deploying Digipass in stages, using Dynamic User Registration and Auto-Assignment. Two-factor authentication is needed only for access to sensitive data, which has been granted to certain Users (for example, administrators). Only this group of people will require Digipass, and will be authenticated by the IAS Plug-In. Other Users will be authenticated only by IAS using another authentication method. Most Users will have Digipass and be permitted to log in to the system, but some Users should not be authenticated under any circumstances. The Group Check can work in one of two ways: Authenticate listed groups, pass others through Only process authentication requests for users in a group in the Group List; let requests for other users pass through unmodified to IAS for authentication. Authenticate listed groups, reject others Only permit access for users belonging to a group in the Group List; reject access for other users. © 2005 VASCO Data Security Inc. 49
Page 1 and 2: Digipass Plug-In for IAS IAS Plug-I
Page 3 and 4: Digipass Plug-In for IAS Product Gu
Page 47: Digipass Plug-In for IAS Product Gu
Page 73: Digipass Plug-In for IAS Product Gu

Digipass Plug-In for IAS Product Guide - Vasco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?