Digipass Plug-In for IAS Product Guide - Vasco

More documents

Recommendations

Info

Digipass Plug-In for IAS Product Guide Policies 4 Policies 4.1 What are Policies? Policies allow you comprehensive control over the authentication process. At least one Policy is required to determine whether various features are enabled, and how logins should be handled by the IAS Plug-In. A number of example Policies are included when the Digipass Plug-In for IAS is installed. 4.2 How Do They Work? The principle of Policies is that a single Policy is applied to an authentication request. The choice of Policy is made by the Component (eg. IAS Plug-In or RADIUS Client). All login requests for a particular Component are handled according to the settings of its chosen Policy. In the case of the Digipass Plug-In for IAS, a Component must be present for the IAS Plug-In. This Component will identify the Policy to be used as a default for any requests that it handles. However, if you wish to apply a different Policy according to the RADIUS Client (eg. NAS, VPN appliance), you are allowed to create additional Component records that will specify the preferred Policies for those cases. User attempts to log into RADIUS Client RADIUS Client sends authentication request to IAS IAS Plug-In checks if there is a Component record for the RADIUS Client If there is no RADIUS Client Component record, the IAS Plug-In looks up its own Component record IAS Plug-In selects the Policy set for the Component IAS Plug-In handles authentication request according to Policy settings Image 22: Policy Selection © 2005 VASCO Data Security Inc. 52
Digipass Plug-In for IAS Product Guide Policies 4.3 Policy Settings Settings controlled by Policies include the following groupings. Note The IAS service must be restarted before Policy setting changes will become effective. Local and/or Back-end Authentication Whether the IAS Plug-In should authenticate logins, and whether logins authenticated with information held by the IAS Plug-In should be checked with another system (eg. Windows). See these topics for more information: 3.5.2 Local Authentication 3.5.3 Back-End Authentication User Accounts Determines how the IAS Plug-In will handle Digipass User account creation, logins and passwords. See these topics for more information: 3.2.3 Dynamic User Registration 3.5.4 User Account Locking 3.2.4.1 Password Autolearn Windows Group Check Windows Group checks allow regulation of the local and back-end authentication for Users belonging to specified Windows Groups. See 3.5.5 Windows Group Check for more information. Digipass Assignment The method for assignment of Digipass to Users, and settings relevant to Digipass assignment. See these topics for more information: 2.5.1 Digipass Assignment Options Digipass Settings Specifies the Digipass Applications, Types and actions allowed. See these topics for more information: 2.1 Types of Digipass 2.2.1 Digipass Applications 1-Step Challenge/Response Whether 1-Step Challenge/Response is enabled, and settings relevant to it. © 2005 VASCO Data Security Inc. 53
Page 1 and 2: Digipass Plug-In for IAS IAS Plug-I
Page 3 and 4: Digipass Plug-In for IAS Product Gu
Page 51: Digipass Plug-In for IAS Product Gu
Page 73: Digipass Plug-In for IAS Product Gu

Digipass Plug-In for IAS Product Guide - Vasco

Create successful ePaper yourself

Delete template?

Save as template?