Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> Active Directory <strong>In</strong>tegration<br />
6.5 Administrative Permissions<br />
Administrative permissions <strong>for</strong> the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> administrators are controlled using Active<br />
Directory security properties. See the Permissions Needed by Administrators topic in the<br />
Administrator Reference <strong>for</strong> more in<strong>for</strong>mation.<br />
Domain Administrators may view and edit all <strong>Digipass</strong> and <strong>Digipass</strong> User in<strong>for</strong>mation in their<br />
domain, plus <strong>Digipass</strong> Configuration in<strong>for</strong>mation if the <strong>Digipass</strong> Configuration Container is<br />
located in their domain. No permissions setup is required <strong>for</strong> them.<br />
Delegated Administrators may view and edit all <strong>Digipass</strong> and <strong>Digipass</strong> User in<strong>for</strong>mation<br />
within their administrative scope of control. It is necessary to grant them full control, create<br />
and delete permissions over the <strong>Digipass</strong> and <strong>Digipass</strong> Application objects within their scope.<br />
Reduced Rights Administrators may per<strong>for</strong>m a subset of the administration tasks. 'Property<br />
sets' are defined with the directory which can be used to enable or limit them in various<br />
<strong>Digipass</strong> administration tasks (eg. Access to the <strong>Digipass</strong> blob).<br />
6.6 Active Directory Command Line Utility<br />
This utility has to per<strong>for</strong>m several tasks that are needed at various times during installation<br />
and upgrade if Active Directory is selected, or afterwards <strong>for</strong> maintenance. Some of the<br />
commands are run automatically by the installation program, while others are run manually.<br />
The commands that are run automatically can be run manually also, <strong>for</strong> example to<br />
troubleshoot why the installation is not succeeding.<br />
Command Description<br />
addschema Extend the Active Directory schema.<br />
checkschema Check that the schema extensions are all present.<br />
setupdomain Sets up the <strong>Digipass</strong> Configuration Container in the specified domain.<br />
setupaccess Assign permissions to a Windows group including:<br />
Table 8: DPADadmin tasks<br />
Full read access to everything in the domain<br />
Full control over vasco-DPToken objects<br />
Full control over vasco-DPApplication objects<br />
Ability to create and delete vasco-DPToken objects<br />
Full write access to extension attributes on user objects<br />
This command can optionally be used to also add a machine to the group.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 63