aXsGUARD Identifier 3.0.2.0 Product Guide v1.5
DIGIPASS User Accounts
during Challenge/Response authentication as Request Method (see section
during Virtual DIGIPASS use as Request Method (see section
password replacement and autolearn (see section
back-end authentication e.g. for retrieval of RADIUS attributes (see section
static password authentication during the Grace Period (see section
There are two different mechanisms to set and update static passwords:
by the Administrator in the Administration Web Interface, and
by the User using the password autolearn functionality (see section
16.6
Searching for User Accounts
The Administration Web Interface allows you to search for User Account records in a number of ways:
You can search directly by entering the User ID
You can search for the User who a DIGIPASS device belongs to by searching for the DIGIPASS and double
clicking on the User on the DIGIPASS details screen
You can enter the first few characters of the User ID, followed by a wild card (*). A list of results is presented,
from which you can select the User you require.
16.7
Administration Privileges
Only DIGIPASS User Accounts with administrative permissions can use the Administration Web Interface to
configure the aXsGUARD Identifier. Administrative privileges are assigned to DIGIPASS User Accounts and therefore
a DIGIPASS User Account is needed for each administrator. The default administrative accounts are listed in
section
Administrative permissions may be assigned based on:
Type of permission (e.g. Read, Create)
Type of object (e.g. DIGIPASS record, Policy)
The Domain and Organizational Unit in which the administrator account is located determines the range of
administration access:
If the account belongs to an Organizational Unit, the administrator can administrate User Accounts and
DIGIPASS records belonging to that Organizational Unit.
If the account does not belong to an Organizational Unit, the administrator can administrate all DIGIPASS
records and User Accounts in the Domain to which they belong.
If the account belongs to the Master Domain, the administrator may be able to administrate all DIGIPASS
records and User Accounts in the database. This depends on the 'Access Data in All Domains' Privilege, which
is only available to administrators in the Master Domain.
More information on the
Master Domain and Organizational Units
is available in section
©
2009 VASCO Data Security
99