Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> Active Directory <strong>In</strong>tegration<br />
6 Active Directory <strong>In</strong>tegration<br />
6.1 What is Stored in Active Directory?<br />
The following in<strong>for</strong>mation is stored in Active Directory:<br />
<strong>Digipass</strong> User accounts<br />
<strong>Digipass</strong> and <strong>Digipass</strong> Application records<br />
<strong>Digipass</strong> configuration records (Policies, Components)<br />
6.2 Schema Extensions<br />
User attributes – vasco-UserExt class<br />
Extra VASCO attributes are added to an Active Directory User record via an 'auxiliary class'<br />
vasco-UserExt on the User class.<br />
<strong>Digipass</strong> and <strong>Digipass</strong> Application records<br />
The vasco-DPToken class is used to store <strong>Digipass</strong> attributes. It is also a container, in which<br />
vasco-DPApplication records <strong>for</strong> that <strong>Digipass</strong> are stored.<br />
Upon assignment to a User, the <strong>Digipass</strong> record is stored in the same location as the User.<br />
Policies and Components<br />
Policy and Component records are stored in vasco-Policy and vasco-Component objects. They<br />
are located in a single “<strong>Digipass</strong>-Configuration” container in a single Domain.<br />
As the data model is shared with other <strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> and <strong>Digipass</strong> Pack products, the<br />
schema will also include the vasco-BackEndServer class. However, this is not used in <strong>Digipass</strong><br />
<strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong>.<br />
6.3 Permissions Needed by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong><br />
The installation process will ensure that the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> has sufficient permissions. This is<br />
achieved by assigning permissions in the domain to the in-built “RAS and <strong>IAS</strong> Servers” group.<br />
It is necessary to make sure that the <strong>IAS</strong> server is added to that group.<br />
6.4 Sensitive Data Encryption<br />
Sensitive data is encrypted by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> using an embedded key. If needed, this<br />
encryption may be strengthened by including a custom encryption key. See the Administrator<br />
Reference <strong>for</strong> more in<strong>for</strong>mation.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 62