Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> Policies<br />
4 Policies<br />
4.1 What are Policies?<br />
Policies allow you comprehensive control over the authentication process. At least one Policy<br />
is required to determine whether various features are enabled, and how logins should be<br />
handled by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>. A number of example Policies are included when the <strong>Digipass</strong><br />
<strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> is installed.<br />
4.2 How Do They Work?<br />
The principle of Policies is that a single Policy is applied to an authentication request. The<br />
choice of Policy is made by the Component (eg. <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> or RADIUS Client). All login<br />
requests <strong>for</strong> a particular Component are handled according to the settings of its chosen Policy.<br />
<strong>In</strong> the case of the <strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong>, a Component must be present <strong>for</strong> the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>.<br />
This Component will identify the Policy to be used as a default <strong>for</strong> any requests that it handles.<br />
However, if you wish to apply a different Policy according to the RADIUS Client (eg. NAS, VPN<br />
appliance), you are allowed to create additional Component records that will specify the<br />
preferred Policies <strong>for</strong> those cases.<br />
User attempts to log into RADIUS Client<br />
RADIUS Client sends authentication<br />
request to <strong>IAS</strong><br />
<strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> checks if there is a<br />
Component record <strong>for</strong> the RADIUS Client<br />
If there is no RADIUS Client Component<br />
record, the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> looks up its own<br />
Component record<br />
<strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> selects the Policy set <strong>for</strong><br />
the Component<br />
<strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> handles authentication<br />
request according to Policy settings<br />
Image 22: Policy Selection<br />
© 2005 VASCO Data Security <strong>In</strong>c. 52