Versions Compared

Old Version 3

changes.mady.by.user Paul Ruvin

Saved on

compared with

New Version 4

changes.mady.by.user Paul Ruvin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This third option is a requirement whereby the users will be required to activate their own tokens, however for security reasons the company policy does not allow an activation code to sent out via email or SMS

This option is particularly useful if you are planning to use Computer FingerPrint to protect logon to the Self-Service Console as a grace period will need to be set up in order for you still to be allowed access in order to activate the DevicePass Token.


 Device Activation Options

Image Added

Remove the option to allow users to request the activation code and change the contact info message to something more appropriate if you do not wish the administrator to be contacted


Self-Service onboarding is particularly useful if you are using device fingerprinting to protect OWA, as the end-user will still need to gain access to their email in order to activate the token, therefore we can give the end user a limited time period, to access their email where they will receive an activation link.

To facilitate this, the DualShield Deployment Service Console (DDS) will need to be set up.  A DDS link will therefore be sent to the user so they will be able to activate the device token.

Please refer to the following wiki page to set up the DualShield Deployment Service

https://wiki.deepnetsecurity.com/display/DualShield6/DualShield+Deployment+Service+-+DDS

Sending out activation link

Activation codes are usually sent by email or SMS to the end-users, therefore the message gateway needs to be set up

Please refer to the following wiki page to set up message gateways

 https://wiki.deepnetsecurity.com/display/DualShield6/Message+Gateways

DevicePass Policy

The DevicePass Policy can be set up exactly the same as outline in Policy for Device Onboarding by Admin Approval - DevicePass

The only difference is in the following sections

 Device Activation Options

Image Removed

Set Device activation method to 'Send Activation Code to the user when created or asssigned'

...

Sending a Grace Period Notification is also Optional but useful.  Depending on what message gateways have been set up you can apply different delivery channels.

(Please refer to the following wiki page to set up message gateways

 https://wiki.deepnetsecurity.com/display/DualShield6/Message+Gateways )