aXsGUARD Identifier 3.0.2.0 Product Guide v1.5
DIGIPASS
Challenge/Response authentication can be:
Time-based, in which case the OTP is based on a Challenge and the current time. The common time step used
is 9 hours ('slow challenge'). This means that if exactly the same Challenge is given to a DIGIPASS device
within a 9 hour period, the DIGIPASS application generates the same OTP. However, Challenges are very rarely
repeated within such a time period.
Non-time-based: a non-time-based Challenge/Response application generates an OTP based only on the
Challenge.
Note:
Challenge/Response login requires modifications to client application login pages for both 1- and
2-step logins (see section 3.5.3.4). For example, with 1-step login for Outlook Web Access, a
random Challenge needs to be displayed on the login page; with 2-step login, after the first login
page, the IIS Module redirects the User to a 'Challenge' page. More information on modifying the
login pages is available in the appropriate IIS client module documentation. Template login pages
are included in the approppriate IIS module software packages.
17.3
DIGIPASS Management
17.3.1
Importing DIGIPASS
DIGIPASS records may be imported into the aXsGUARD Identifier via the aXsGUARD Identifier Administration Web
interface. Records can either be imported one at a time or many can be imported at one time.
The DIGIPASS records to be imported must be downloaded to a file in the .dpx format. The
DIGIPASS Import
Wizard
guides you through the steps for importing DIGIPASS records from the .dpx file. You can specify the
applications available with the imported DIGIPASS, and whether the imported DIGIPASS are set as Active or
Inactive on import. You can also specify whether existing DIGIPASS records are updated with the data from the
.dpx import file.
17.3.2
Assigning DIGIPASS
DIGIPASS records can be assigned to User Accounts, unassigned, moved or deleted via the Administration Web
Interface. There are three assignment processes possible for DIGIPASS:
Self-Assignment
Auto-Assignment
Manual assignment
©
2009 VASCO Data Security
103