SafeNet Trusted Access Configuration

You need to create and manage a group and group membership to use it later for the STA setup.

Creating a Group in STA

Perform the following steps to create a group in STA:

1. On the STA Token Management console, select Groups > Group Maintenance, and click New to add a group.

   

2. Assign a group to the user.

   

For more information, refer to STA setup.

Configuring the STA Application

Perform the following steps to activate the SafeNet IDPrime Virtual application in SafeNet Trusted Access:

1. Login to the STA Access Management console, click the Applications tab in the left pane > Add Application > SafeNet IDPrimeVirtual template.

2. Enter the name by which the application is displayed in the Display Name. For more information, refer OIDC application in STA.

3. In the Applications pane, you will notice that the SafeNet IDPrime Virtual application you added earlier is in the inactive state by default. To configure and activate this application, click SafeNet IDPrime Virtual and proceed to the next step.

4. In the Configure tab, click SafeNet IDPrime Virtual Setup section, and verify the relevant fields.

   

   Field	Description
   Client ID	Unique STA Application Client ID. Used in both IDPV Client and Server configurations.
   Access Type	Select Confidential (automatically selected after adding an application).
   Client Secret	The IDP Secret or Client Secret. Used in both IDPV Client and Server configurations.
   Authorization End Point URL	Authorization endpoint as given in STA endpoints.
   Token End Point URL User Info End Point URL Logout End Point URL Well Known End Point URL	Dynamic URLs generated during runtime and based on the Authorization End Point URL field
   Well Known Configuration URL	All required configuration values for IDP including Issuer URL. The values are used in both IDPV Client and Server configurations.

5. Click STA Setup.
   SafeNet Trusted Access setup page is displayed. Enter the values as provided in the table below:

   

   Field	Value
   Allowed Flow Type	Select the Authorization Code check box, and Client defined from the drop-down.
   Service Login URL	Leave this field empty
   Valid Redirect URL	Enter a valid URL. URL structure: https://<server-host>/* For example: https://www.idpvserver.com/* Note: This URL is updated as per IDPV server host name.
   User Info Signature Algorithm	Select RSA-SHA256 from the drop-down.
   Request Signature Algorithm	Select RSA-SHA256 from the drop-down.

Configure the following User Identity Claims:

• Groups: Select the value Groups to map with the Groups claim. Users and Admins must exist within the User Group or Admin Group.

• Preferred_username: Select the value SAS User ID to map with the preferred_username claim. This should be a unique user ID, otherwise an email address must be used. Users must login using this unique ID.

These claims are passed through JWT to the IDPV Server for Authorization.

For mapping, you can select any of the five STA setup configuration (Refer to table above). This mapping is configurable in the IDPV Server Tenant Configuration. For more information, refer to Add your custom OIDC application.

4. Click Save Configuration.
The SafeNet Trusted Access is now configured for SafeNet IDPrime Virtual application.

Assign Access to the Application

Perform the following steps to assign access to users:

1. On the STA Access Management console, select the Applications tab, and then select SafeNet IDPrime Virtual in the left pane.

2. Click the Assign tab.

3. Under Assign to User, select either All Users or Users from any of these user groups.

   

4. Click Save Configuration.

   The SafeNet IDPrime Virtual application is now configured.