Digipass Plug-In for IAS Product Guide - Vasco

More documents

Recommendations

Info

Digipass Plug-In for IAS Product Guide Active Directory Integration 6 Active Directory Integration 6.1 What is Stored in Active Directory? The following information is stored in Active Directory: Digipass User accounts Digipass and Digipass Application records Digipass configuration records (Policies, Components) 6.2 Schema Extensions User attributes – vasco-UserExt class Extra VASCO attributes are added to an Active Directory User record via an 'auxiliary class' vasco-UserExt on the User class. Digipass and Digipass Application records The vasco-DPToken class is used to store Digipass attributes. It is also a container, in which vasco-DPApplication records for that Digipass are stored. Upon assignment to a User, the Digipass record is stored in the same location as the User. Policies and Components Policy and Component records are stored in vasco-Policy and vasco-Component objects. They are located in a single “Digipass-Configuration” container in a single Domain. As the data model is shared with other Digipass Plug-In and Digipass Pack products, the schema will also include the vasco-BackEndServer class. However, this is not used in Digipass Plug-In for IAS. 6.3 Permissions Needed by the IAS Plug-In The installation process will ensure that the IAS Plug-In has sufficient permissions. This is achieved by assigning permissions in the domain to the in-built “RAS and IAS Servers” group. It is necessary to make sure that the IAS server is added to that group. 6.4 Sensitive Data Encryption Sensitive data is encrypted by the IAS Plug-In using an embedded key. If needed, this encryption may be strengthened by including a custom encryption key. See the Administrator Reference for more information. © 2005 VASCO Data Security Inc. 62
Digipass Plug-In for IAS Product Guide Active Directory Integration 6.5 Administrative Permissions Administrative permissions for the IAS Plug-In administrators are controlled using Active Directory security properties. See the Permissions Needed by Administrators topic in the Administrator Reference for more information. Domain Administrators may view and edit all Digipass and Digipass User information in their domain, plus Digipass Configuration information if the Digipass Configuration Container is located in their domain. No permissions setup is required for them. Delegated Administrators may view and edit all Digipass and Digipass User information within their administrative scope of control. It is necessary to grant them full control, create and delete permissions over the Digipass and Digipass Application objects within their scope. Reduced Rights Administrators may perform a subset of the administration tasks. 'Property sets' are defined with the directory which can be used to enable or limit them in various Digipass administration tasks (eg. Access to the Digipass blob). 6.6 Active Directory Command Line Utility This utility has to perform several tasks that are needed at various times during installation and upgrade if Active Directory is selected, or afterwards for maintenance. Some of the commands are run automatically by the installation program, while others are run manually. The commands that are run automatically can be run manually also, for example to troubleshoot why the installation is not succeeding. Command Description addschema Extend the Active Directory schema. checkschema Check that the schema extensions are all present. setupdomain Sets up the Digipass Configuration Container in the specified domain. setupaccess Assign permissions to a Windows group including: Table 8: DPADadmin tasks Full read access to everything in the domain Full control over vasco-DPToken objects Full control over vasco-DPApplication objects Ability to create and delete vasco-DPToken objects Full write access to extension attributes on user objects This command can optionally be used to also add a machine to the group. © 2005 VASCO Data Security Inc. 63
Page 1 and 2:
Digipass Plug-In for IAS IAS Plug-I
Page 3 and 4:
Digipass Plug-In for IAS Product Gu
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12: Digipass Plug-In for IAS Product Gu
Page 61: Digipass Plug-In for IAS Product Gu
Page 73: Digipass Plug-In for IAS Product Gu
show all

Digipass Plug-In for IAS Product Guide - Vasco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?