Login
    Contenu x
    Typical Digipass Authentication for Windows Logon setup
    • 07 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Typical Digipass Authentication for Windows Logon setup

    • Mis à jour le 07 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Setting up Digipass Authentication for Windows Logon requires the following steps:

    • Configuring OneSpan Authentication Server Appliance. Authentication attempts from Digipass Authentication for Windows Logon clients are only allowed if a client component exists on OneSpan Authentication Server Appliance.
    • Installing and configuring the Digipass Authentication for Windows Logon software on the Windows clients.

    It is possible to optionally configure an _SRV record in the network's DNS server, thus providing automatic detection of the available instances of OneSpan Authentication Server Appliance and fail-over functionality to the Digipass Authentication for Windows Logon clients in the network (see  OneSpan Authentication Server discovery).

    If your organization is impacted by the General Data Protection Regulation (GDPR), note that for being GDPR-compliant, Digipass Authentication for Windows Logon requires the Verify server SSL certificate box to be checked in the Digipass Authentication for Windows Logon Configuration Center.

    For more information about GDPR, refer to the OneSpan Authentication Server Appliance General Data Protection Regulation Compliance Guide.

    For basic information about using Digipass Authentication for Windows Logon with OneSpan Authentication Server Appliance, refer to the OneSpan Authentication Server Appliance Product Guide. For more information about Digipass Authentication for Windows Logon, refer to the Digipass Authentication for Windows Logon documentation provided in the OneSpan Authentication Server Appliance delivery package.

    The OneSpan Authentication Server Appliance Authentication service must be enabled before a Digipass Authentication for Windows Logon setup is configured. For more information about enabling the authentication service, see  Manual settings in the Configuration Tool.

    Configuring OneSpan Authentication Server Appliance

    Configuring Microsoft Active Directory back-end authentication

    An LDAP Active Directory back-end authentication record is required by OneSpan Authentication Server Appliance for this setup. For more information, refer to the OneSpan Authentication Server Appliance Product Guide.

    For more information about activating Active Directory back-end authentication and creating back-end server records, see  Back-end authentication. Adjusting a policy and creating a client component are not required.

    To change the default client component record

    1. Log on to the OneSpan Authentication Server Administration Web Interface (see  Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
    2. Select CLIENTS > List.
    3. Select Digipass Authentication for Windows Logon and click CHANGE POLICY.
    4. From the Policy ID list menu, select either the Windows Logon Online Authentication - LDAP AD Back-End or Windows Logon Online and Offline Auth - LDAP AD Back-End policy, as required.
    5. Click OK.

    For more information about offline authentication, refer to the OneSpan Authentication Server Appliance Product Guide.

    Configuring password randomization

    Digipass Authentication for Windows Logon can be configured to use password randomization. Password randomization replaces the static password used to authenticate the Windows client to the Windows domain with a random password, thereby always forcing the users to use OTP authentication.

    After a successful authentication towards OneSpan Authentication Server Appliance, the static password is changed to a randomized password in the Microsoft Active Directory infrastructure. Randomized passwords have strict formatting rules, and only the length of the password can be set. For more information about password randomization, refer to the OneSpan Authentication Server Appliance Product Guide.

    To enable randomized passwords for Digipass Authentication for Windows Logon and setting the password length

    1. Log on to the OneSpan Authentication Server Administration Web Interface (see  Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
    2. Switch to the POLICIES page and select the relevant policy, e.g. Identikey Appliance Online Authentication - LDAP AD Back-end.
    3. Switch to the Password Randomization tab.
    4. Set Enabled to Yes.

    5. Type the value for the password length in the Back-End Password Length box.

      If password randomization is enabled in OneSpan Authentication Server, the effective policy used by OneSpan Authentication Server must not apply password proxying for the changeBackendPassword SOAP command. Otherwise, this will lead to a user with a randomized password being able to change the password.

    Exporting the server certificate (optional)

    If Digipass Authentication for Windows Logon is configured to verify the server certificate, the certificate must be registered in the certificate store on the client workstation. This requires the certificate to be exported using the OneSpan Authentication Server Appliance Configuration Tool and imported to the client workstations.

    For information about exporting server certificates using the OneSpan Authentication Server Appliance Configuration Tool, see Secure Sockets Layer (SSL).

    The server certificate can be imported to the client workstation in two ways:

    • Locally on each client workstation using the Microsoft Management Console (MMC). This is only feasible for small installations.
    • Using a group policy, which is recommended for larger installations.

    Installing and configuring the client software

    For information about installing and configuring the client software, refer to the following documents provided as part of the delivery package of OneSpan Authentication Server Appliance:

    • Digipass Authentication for Windows Logon Product Guide. Explains concepts related to Digipass Authentication for Windows Logon.
    • Digipass Authentication for Windows Logon Installation Guide. Provides instructions for installation.
    • Digipass Authentication for Windows Logon User Guide. Provides conceptual information and client configuration instructions.
    • Digipass Authentication for Windows Logon Getting Started Guide. Provides quick guidelines about configuring Digipass Authentication for Windows Logon.
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle