Where Identikey Server uses an ODBC database – including the embedded PostgreSQL database – as its data store, all data administration can be carried out using the Administration Web Interface. Where Identikey Server uses Active Directory as its data store, Digipass User accounts and Digipass records are administered via the Active Directory Users and Computers Snap-In, rather than the Administration Web Interface.
Active Directory Users
and Computers Snap-In Administration Web Interface
ODBC Database - Digipass Users
Digipass
The Administration Web Interface is a web-based administration tool.
ODBC Database Active Directory
Note
Only Administrators have access to the Administration Web Interface. If you do not have Administrator access you will not be able to use the Administration Web Interface.
User Accounts
If Identikey Server uses an ODBC database – including the embedded PostgreSQL database – as its data store, the Administration Web Interface can be used for the following tasks:
Import Digipass User accounts singly or in bulk Create Digipass User accounts
Edit Digipass User accounts Disable Digipass User accounts Delete Digipass User accounts Search for User Accounts
The Administration Web Interface allows you to search for Digipass User account records in a number of ways:
Search directly by entering the User ID
Search for the User that a specific Digipass belongs to by searching for the Digipass and double clicking on the User on the Digipass details screen
You can enter the first few characters of the User ID followed by a wildcard (*). A results list will be provided from which you can select the User required.
Digipass Record Administration
If Identikey Server uses an ODBC database – including the embedded PostgreSQL database – as its data store, the Administration Web Interface can be used for the following tasks:
Import Digipass either individually or in bulk Create Digipass records
Reset Digipass
Reset PIN for a Digipass Assign Digipass Unassign Digipass
Activate and deactivate applications for Digipass Unlock a Digipass
Search for Digipass Records
The Administration Web interface allows you to search for Digipass in a number of ways:
You can search directly for the Digipass by entering the Digipass Serial Number
You can search for Digipass that belong to a User by searching on the User and then double clicking on the Digipass on the User Details Screen
You can enter the first few numbers of the Digipass Serial Number followed by a wildcard (*). This will provide you with a list from which you can select the Digipass you require.
You can search based on the description field of a Digipass record.
Policy
Policy records can be edited, created or deleted using the Administration Web Interface.
New Policy records can be created using a wizard.
Client Records
The Administration Web Interface allow you to create, manage, and delete Client Records.
Back End Server records
The Administration Web Interface can be used to edit, create or delete Back End Server Records, and configure general Back End authentication settings.
Domain and Organizational Unit Records
Use the Administration Web Interface to add, maintain, or delete a Domain or an Organizational Unit.
Reports
The Administration Web Interface allows you to run existing reports and to create new reports. See 11 Reporting for more details
System
The System tab allows you to administer the system. You can add or remove Identikey Servers, administer the licence, configure the Identikey Server and manage administrative sessions.
5.1.1.2 Starting the Administration Web Interface
Ensure that the web server service (Windows) or daemon (Linux) is running. Open a browser window and type in the IP address and port number used by the Administration Web Interface. You will need to log in with an Identikey Server administrator account.
5.1.2 Digipass Extension for Active Directory Users & Computers
The Digipass Extension for Active Directory Users and Computers allows administration of Digipass User accounts and Digipass records within the Active Directory Users and Computers interface.
Note
The Digipass Extension for Active Directory Users and Computers is only available where Active Directory is utilized as the data store.
The extension adds context menu options, User property sheet tabs and a property sheet for the Digipass records, as outlined below.
Connection
No logon screen is presented by the extension - an implicit logon to Active Directory will be carried out using your current Windows user context. It will connect to the same Domain Controller as the Active Directory Users and Computers connection.
The extension will make its own LDAP connection to Active Directory. Administration does not take place via the Identikey Server. Your administrative permissions will depend on the permissions that your Active Directory user account has within Active Directory.
When do new settings take effect?
When settings are changed with the extension, the new values may not always take effect immediately. See 2.4 Active Directory Replication Issues in the Administration Reference Guide for more information.
5.1.2.2 Context Menu Extensions
VASCO context menu options are available on the following containers in the tree pane:
The Users container All Organizational Units
The Digipass-Pool, Digipass-Reserve and Digipass-Configuration containers
Additional context menu options are available when right-clicking on one or more User records in the result pane:
5.1.2.3 User Property Sheet Extensions
Additional tabs are available when viewing the property sheet of a User record:
The Digipass User Account tab contains extra information about the Digipass User account required by Identikey Server. This includes settings such as authentication policy overrides, and the date and time that a
Digipass User account was created.
The Digipass Assignment tab contains information on all Digipass assigned to the Digipass User. These Digipass can be administered from this tab, including unassignment or enabling Backup Virtual Digipass.
Digipass may also be assigned to the Digipass User from this tab.
The Provisioning tab contains features related to the distribution and special administration of software Digipass and DP 110.
5.1.2.4 Digipass Record Administration
Digipass information may be viewed via the property sheet of its assigned User, or by turning on Advanced Features. This allows you – dependent on permissions - to see Digipass records wherever they are located in Active Directory (typically in the Digipass-Pool container if unassigned), view properties and use a number of context menu actions.
For more details on these actions, see 7 Digipass .
The context menu of the Digipass record contains options for bulk management.
The property sheet for the Digipass record shows full details of the Digipass and all its Applications and enables all administration tasks for the record.
Search for Digipass Records
The Digipass Extension for Active Directory Users and Computers allows you to search for specific Digipass records, or Digipass records meeting set criteria. This functionality can be useful when you have Digipass records in various places throughout Active Directory.
5.1.3 Digipass TCL Command-Line Administration
Digipass TCL Command-Line Administration allows interactive command-line and scripted administration of Digipass related data. It has a number of possible uses:
Interactive command-line administration Scripted administration
Complex bulk administration tasks Reporting on the data in the data store
It is an extension of the TCL 8.4 scripting language, and administrators will require a basic competence in TCL in order to use the command-line utility. See the Digipass TCL Command-Line Administration topic in the Administrator Reference for more information.