Chapter 8: Advanced Administration Tasks
Configuring the Authentication Policy
196
Configuring the
Authentication
Policy
You can designate special groups of users (as opposed to all users) who will
be required to authenticate using a SafeWord token. To require a specific
Windows group to log in using tokens, use the native Windows user and group
management tools to create a global group called SAFEWORD_USERS.
By default, built-in AD accounts (such as the Administrator account) do not
have an assigned User Principal Name (UPN). To protect AD accounts with
the SafeWord Domain Login Agent, a UPN must be assigned to each.Once
users are placed in this special group, you must tell the agent what the group
is, and how to treat users in it.
Important: You must create global groups before you can apply authentication
policies to specific users.
Launch the Group Policy window (all agents)
Note:
This configuration only affects groups associated with SafeWord Agents.
Figure 122:
Launching
the Group Policy window
from an agent
configuration screen
1
To require all users authenticate using SafeWord strong authentication,
select
All users authenticate using SafeWord
, or
2
Specify users by Group:
a
Select the
Group
from the drop-down list
b
Verify the listed, or enter a new domain in the
from domain
field
IAS Agent
click
Groups
CAG Agent
click
Groups
OWA Agent
click
Configure