Defender Configuring for Use with GrIDsure Tokens



Similar documents
Defender EAP Agent Installation and Configuration Guide

Create, Link, or Edit a GPO with Active Directory Users and Computers

Defender Token Deployment System Quick Start Guide

Defender Group Policy Templates Installation and Configuration Guide

StarWind iscsi SAN & NAS: Configuring HA File Server on Windows Server 2012 for SMB NAS January 2013

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

StarWind iscsi SAN & NAS: Configuring HA Shared Storage for Scale- Out File Servers in Windows Server 2012 January 2013

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Video Administration Backup and Restore Procedures

Cloud Services ADM. Agent Deployment Guide

How to setup a VPN on Windows XP in Safari.

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

FTP, IIS, and Firewall Reference and Troubleshooting

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Configuring Network Load Balancing with Cerberus FTP Server

Group Management Server User Guide

Active Directory Management. Agent Deployment Guide

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Immotec Systems, Inc. SQL Server 2005 Installation Document

Juniper SSL VPN Authentication QUICKStart Guide

Strong Authentication for Juniper Networks SSL VPN

etoken Enterprise For: SSL SSL with etoken

ThinManager and Active Directory

USING STUFFIT DELUXE THE STUFFIT START PAGE CREATING ARCHIVES (COMPRESSED FILES)

Quick Troubleshooting Guide: Authentication Issues

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

IIS, FTP Server and Windows

Windows Clients and GoPrint Print Queues

QUANTIFY INSTALLATION GUIDE

Active Directory integration with CloudByte ElastiStor

Pcounter Web Administrator User Guide - v Pcounter Web Administrator User Guide Version 1.0

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Integrating LANGuardian with Active Directory

SafeWord Domain Login Agent Step-by-Step Guide

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

How to add your Weebly website to a TotalCloud hosted Server

Multi-factor Authentication using Radius

Setting up Citrix XenServer for 2X VirtualDesktopServer Manual

How to integrate Verax NMS & APM with Verax Service Desk

Instructions for Configuring a SAS Metadata Server for Use with JMP Clinical

Defender 5.7. Remote Access User Guide

Configuring Global Protect SSL VPN with a user-defined port

StarWind iscsi SAN Software: Installing StarWind on Windows Server 2008 R2 Server Core

How to integrate RSA ACE Server SecurID Authentication with Juniper Networks Secure Access SSL VPN (SA) with Single Node or Cluster (A/A or A/P)

Global VPN Client Getting Started Guide

ECA IIS Instructions. January 2005

Interact for Microsoft Office

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Defender 5.7. Installation Guide

FTP Server Configuration

Crystal Reports Installation Guide

Moving the TRITON Reporting Databases

BusinessObjects Enterprise XI Release 2

WatchDox Administrator's Guide. Application Version 3.7.5

Professional Mailbox Software Setup Guide

DriveLock Quick Start Guide

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

MadCap Software. Upgrading Guide. Pulse

StarWind iscsi SAN Software: Configuring High Availability Storage for VMware vsphere and ESX Server

Quest Soft Token for Windows Mobile User Guide

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

How to install and use the File Sharing Outlook Plugin

Creating a New Database and a Table Owner in SQL Server 2005 for exchange@pam

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

This document describes the installation of the Web Server for Bosch Recording Station 8.10.

CLEO NED Active Directory Integration. Version 1.2.0

Converting Prospects to Purchasers.

Two-Factor Authentication

Chapter 2 Editor s Note:

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Agent Configuration Guide

Basic Exchange Setup Guide

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Integrating with IBM Tivoli TSOM

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Installation Instruction STATISTICA Enterprise Server

StarWind iscsi SAN Software: Using StarWind with MS Cluster on Windows Server 2008

LAB 1: Installing Active Directory Federation Services

BSDI Advanced Fitness & Wellness Software

DESlock+ Basic Setup Guide ENTERPRISE SERVER ESSENTIAL/STANDARD/PRO

Active Directory Integration for Greentree

How to set up Outlook Anywhere on your home system

Sophos Anti-Virus for NetApp Storage Systems startup guide

RSA Security Analytics

SyAM Software Management Utilities. Performing a Power Audit

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Network Load Balancing

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Connecting and Setting Up Your Laptop Computer

Transcription:

Defender Configuring for Use with GrIDsure Tokens Introduction The GrIDsure token can be used to protect any website hosted on Internet Information Server (IIS). This guide provides information for the administrator on how to configure Defender and IIS, using the Defender ISAPI Agent, for use with the GrIDsure token. The instructions in this guide assume that a working Defender system is in place with the required Defender components installed and configured, refer to System Requirements. For further information on Defender installation and configuration, refer to the Defender Installation Guide and the Defender Configuration Guide. System Requirements Before configuring Defender to use GrIDsure tokens, ensure that the following components are installed and configured in your Defender system: Defender Administration Console version 5.5.0.xxx or higher Defender Security Server version 5.5.0.xxx or higher Defender ISAPI Agent version 5.5.0.xxx or higher. Configuring Defender for use with GrIDsure Tokens 1

Installing the GrIDsure Token License To enable GrIDsure tokens within Defender, you must first install a GrIDsure Token License. 1. To do this, from Active Directory Users & Computers select the Install Desktop Token License option from the Defender menu. the Defender menu is available when the Defender OU is selected. 2. The Defender License Import Wizard starts. 3. Click Next to display the Defender Import Wizard (License Files) dialog. 4. Click Add File to add your license file to the Licenses to install list. 5. Click on the required file, then click Open. The selected file is added to the Licenses to install list. 6. Click Next twice to complete the procedure. How to Program a GrIDsure Token GrIDsure tokens can be programmed: for a user by the Defender Administrator, or created and registered by the users themselves through Auto-Enrollment. Programming a GrIDsure Token via the Administration Console 1. In Active Directory Users and Computers (ADUC), display the user properties page for the required user, then select the Defender tab. 2. Click Program to start the Defender Token Programming Wizard. Configuring Defender for use with GrIDsure Tokens 2

3. Click Next. The Token Types dialog is displayed: 4. Select Defender Desktop Token, then click Next. The Defender Desktop Token Types dialog is displayed: 5. Select GrIDsure, then click Next. Configuring Defender for use with GrIDsure Tokens 3

Note: A user can have only one GrIDsure token assigned to them at any one time. If the user already has a GrIDsure token, the following dialog is displayed: You can choose to overwrite the user s existing GrIDsure token or to leave the existing token. If you choose to overwrite the existing token, the user must register the new token before it can be used to authenticate. 6. The Checking User License dialog is displayed: Configuring Defender for use with GrIDsure Tokens 4

7. Click Next. The Defender Token Programming Complete dialog is displayed: 8. Click Finish. The GrIDsure token is displayed in the Token Management field on the username Properties, Defender tab. 9. If GrIDsure authentication is enabled in the token policy assigned to this user (refer to Creating/Editing a Policy for GrIDsure Tokens), the user will be required to configure his PIP the first time the token is used for authentication through a GrIDsure aware client, i.e. the ISAPI Agent. Configuring Defender for use with GrIDsure Tokens 5

Creating/Editing a Policy for GrIDsure Tokens You now need to configure a Defender Policy to use GrIDsure tokens. You can either modify an existing policy or create a new policy. For information on how to create a new policy, please refer to the Defender Configuration Guide. To configure the policy for use with GrIDsure tokens where the tokens will be programmed by the Defender Administrator, perform the following steps: 1. Select the Defender OU from the Active Directory tree. 2. Select Policies. 3. Right-click on the required policy. 4. Select Properties from the menu. 5. The policyname -Properties Policy dialog box is displayed: 6. On the Policy tab, in the Authentication methods, Use field, select Token. Configuring Defender for use with GrIDsure Tokens 6

7. Select the GrIDsure tab: 8. Select Enable GrIDsure Tokens and set the pattern length as required. 9. Select OK. The policy is now configured for GrIDsure tokens. 10. Assign the policy to the relevant access node, Defender Security Server, user or user group as required. For information on how to assign a security policy, please refer to the Defender Configuration Guide. Configuring Defender for use with GrIDsure Tokens 7

GrIDsure Token Auto-Enrollment Mode To enable Auto-Enrollment, set the Authentication Method, Use field to Token (GrIDsure Auto-Enrollment Mode). The first time that the user attempts to authenticate using a GrIDsure enabled policy, the GrIDsure token will be created and configured. Enabling User Auto-Enrollment for GrIDsure Tokens To configure the policy that will enable GrIDsure tokens to be created and configured when the user first attempts to authenticate, perform the following steps: 1. Select the Defender OU from the Active Directory tree. 2. Select Policies. 3. Right-click on the required policy. 4. Select Properties from the menu.the policyname -Properties Policy dialog box is displayed: 5. On the Policy tab, in the Authentication methods, Use field, select Token (GrIDsure Auto-Enrollment Mode). Configuring Defender for use with GrIDsure Tokens 8

6. Select the GrIDsure tab: 7. Check the Enable GrIDsure Tokens checkbox, then click OK to finish. For information on how to authenticate in GrIDsure Auto-Enrollment Mode, refer to Accessing the Protected Website. Configuring Defender for use with GrIDsure Tokens 9

Additional Configuration Options During configuration, the following options can be set on the GrIDsure tab if required: Block consecutive patterns (horizontal, vertical and diagonal) Check this box to enforce additional complexity rules for the PIP. Use this option to prevent the use of horizontal, vertical and diagonal patterns. Enable Pattern Expiry Check this box to force the user to provide a new pattern (PIP) after a set number of days. This option is similar to setting a password expiry limit for AD passwords. Use letters in grid instead of numbers The default configuration is to use numbers within the grid. Alternatively, you can specify that the grid should display letters, as shown in the following example: Configuring Defender for use with GrIDsure Tokens 10

Grid Style Displays the GrIDsure Style dialog enabling you to change the size and style of the grid as required. Configuring Defender for use with GrIDsure Tokens 11

Installing the Defender ISAPI Agent The Defender ISAPI Agent can be used as an ISAPI filter to provide Defender authentication for the website. To install the Defender ISAPI Agent on the server hosting IIS, perform the following steps: 1. Run the installation file Defender ISAPI Agent x64 Installer.exe (for x64 platforms), or Defender ISAPI Agent Installer.exe (for x86 platforms). 2. Select Next. 3. Accept the License Agreement. Configuring Defender for use with GrIDsure Tokens 12

4. Select Next. 5. Select Next to accept the default installation location, alternatively select Browse to choose a different location. 6. Select Next. Configuring Defender for use with GrIDsure Tokens 13

7. The Defender ISAPI Agent installation starts and the Installation Progress dialog is displayed: 8. On completion of the installation, the Installation Complete dialog is displayed: 9. Select Finish. Configuring Defender for use with GrIDsure Tokens 14

Configuring the ISAPI Agent On completion of the ISAPI Agent installation, select Configure Defender ISAPI Agent Now. The Defender ISAPI Agent Configuration dialog is displayed: To configure the ISAPI Agent: 1. On the DSS Parameters tab, select Add. 2. Enter the name of the Defender Security Server where user authentication will be performed 3. Enter the IP address of the Defender Security Server. 4. Enter the port number and shared secret configured on the access node that this connection will use. 5. Select the Protected Sites tab. 6. Select the site that you want to protect with Defender, then click OK to save the selection. Configuring Defender for use with GrIDsure Tokens 15

Accessing the Protected Website This section describes how to access the protected website using Defender authentication and a GrIDsure token. 1. From Internet Explorer, access the protected website. The Login page is displayed: 2. Enter your username and then click Login. 3. If you are using the GrIDsure Auto-Enrollment Mode and have no other token types assigned you will be prompted for your Active Directory Windows password to start the registration process for your GrIDsure token. 4. Enter your Windows password, then click Login. Configuring Defender for use with GrIDsure Tokens 16

Note: if you have more than one token type assigned, you can choose which token to use for authentication. In the example, the user can enter either the synchronous response from a Go-x token, or if the user has a registered GrIDsure token, or the administrator has programmed a GrIDsure token, the user can click Use GrIDsure to authenticate with a GrIDsure token. On first use, you are required to configure your GrIDsure pattern or PIP. The GrIDsure grid (as defined on the Defender security policy) is displayed. Configuring Defender for use with GrIDsure Tokens 17

5. Select a pattern using the letters within the grid and then enter these letters, without spaces, in the Configure your GrIDsure PIP: box. For example, the policy configured in Creating/Editing a Policy for GrIDsure Tokens, requires a pattern of between 4 and 8. Therefore a pattern, or PIP, such as AJBBBGAN would create a pattern using the top left square and then the first 3 squares from row 2. Configuring Defender for use with GrIDsure Tokens 18

If the PIP does not meet the complexity rules configured on the policy, the following dialog is displayed: Enter a PIP that meets the complexity requirements. Configuring Defender for use with GrIDsure Tokens 19

6. Select Login to save the PIP. 7. You are then prompted to authenticate using the PIP that was created for your token. 8. Enter the PIP in the Use your GrIDsure PIP: box and select Login, e.g. 3305 9. You will now be authenticated and allowed access to the protected website. 10. A GrIDsure token is now created for you. This can be viewed in the username Properties Defender tab in Active Directory Users and Computers. The next time you access the website, you will be prompted for your user name only and the PIP corresponding to your pattern. Quest, Quest Software, the Quest Software logo and Defender are trademarks and registered trademarks of Quest Software, Inc. in the United States of America and other countries. Gridsure is a trademark of Gridsure Limited. All other trademarks are property of their respective owners. Configuring Defender for use with GrIDsure Tokens 20