SafeNet MobilePASS+ for iOS
Product Description
SafeNet MobilePASS+ for iOS is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for iOS is a cost-effective way for businesses to leverage the security of One Time Passwords (OTP) using mobile phones. Associated with SafeNet Trusted Access, the SafeNet MobilePASS+ for iOS application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.
For a list of existing issues as of the latest release, refer to Known Issues.
Release Description
04/27/2023
SafeNet MobilePASS+ for iOS v2.4.0 introduces the following features:
-
Third-party authenticator support with MobilePASS+: Allows users to enroll third-party authenticators for different web applications to protect their personal and professional accounts. See the documentation for details.
-
Improved logging: Enhanced logging and error codes in MobilePASS+ for better troubleshooting and investigation.
01/31/2023
SafeNet MobilePASS+ for iOS v2.3.1 fixes the following issue:
| Issue | Synopsis |
|---|---|
| SASMOB-5114 | MobilePASS+ for iOS enrollment works correctly now. |
06/28/2022
SafeNet MobilePASS+ for iOS v2.3.0 introduces the following features:
-
Standards-based accessibility support: Enhanced accessibility support provides full functionality of SafeNet MobilePASS+ via voiceover, narrator, or keyboard navigation based on WCAG standards.
-
Italian language support
04/21/2022
SafeNet MobilePASS+ for iOS v2.2.1 resolves the following issue:
| Issue | Synopsis |
|---|---|
| SASMOB-4761 | MobilePASS+ token enrollments proceed correctly on the latest iPad OS versions. |
04/18/2022
SafeNet MobilePASS+ for iOS v2.2.0 introduces the following feature:
- Support for Apple Watch – MobilePASS+ for iOS now supports Apple Watch to run as a companion app, allowing users to respond to push authentication requests and generate OTPs on the watch. Apple Watch wrist detection capability is used as a second biometric authentication factor.
10/12/2021
SafeNet MobilePASS+ for iOS v2.1 introduces the following feature and resolves the issue listed below:
- Dutch language support
Resolved Issue
| Issue | Synopsis |
|---|---|
| SASMOB-4206 | Voice-over functions correctly. |
08/30/2021
SafeNet MobilePASS+ for iOS v2.0 introduces the following features:
-
Enhanced user experience - Next generation mobile authenticator offering the best-in-class user-experience and native user interface for each platform.
-
Language support for German, Chinese, and simplified Chinese - SafeNet MobilePASS+ for iOS now supports German and Chinese in addition to the existing supported languages.
-
Risk Detection – Monitors and displays risk parameters associated with SafeNet MobilePASS+ for iOS devices in the customer’s environment. These parameters include OS jailbreak and root status, OS versions in use, possible application tampering, and malware intrusion in order to detect potential risk to the authenticator's integrity.
-
Push Authentication History - Users can now access their push authentication history on SafeNet MobilePASS+ for iOS under the authenticator settings.
-
Support for Dark Mode - SafeNet MobilePASS+ for iOS now supports dark mode when it is enabled on the user’s mobile device.
-
Unlimited Authenticators - SafeNet MobilePASS+ for iOS no longer limits the number of authenticators that can be enrolled.
Any user-PIN/biometric-PIN enabled tokens enrolled before SafeNet MobilePASS+ for iOS 1.7.0 must be unlocked between v1.7.0 and v1.9.1 at least once before upgrading to SafeNet MobilePASS+ for iOS 2.0 to ensure the successful migration of existing tokens.
Advisory Notes
Apple Watch to be Supported in an Upcoming Release
SafeNet MobilePASS+ for iOS does not support Apple Watch. Users who have experimented with this functionality currently find that they can see the notification on their watch but cannot complete the approval flow. Thales is working to enable full functionality in an upcoming release.
Work with SafeNet MobilePASS and SafeNet MobilePASS+
SafeNet MobilePASS for iOS and SafeNet MobilePASS+ for iOS can be used on the same device and with the same virtual server. Token enrollments are for either SafeNet MobilePASS for iOS or SafeNet MobilePASS+ for iOS. This is controlled in SafeNet Trusted Access at the virtual server level.
Push OTP
Approve a Push OTP Login Request
SafeNet MobilePASS+ for iOS tokens that are not PIN protected or are configured to work with a server-side PIN can be configured to use the Enhanced Approval Workflow.
The Enhanced Approval Workflow is not available for user-selected PIN protected tokens or for tokens that are not configured to support the workflow.
When the Login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ for iOS application.
| Token Configuration | Notification Location | Action to Approve the Push OTP Login Request |
|---|---|---|
| Approving a Push OTP Login Request with standard approval workflow | iOS Locked Screen | Do one of the following:
|
| iOS Unlocked Screen or within another Application |
|
|
| Approving a Push OTP Login Request with Enhanced Approval Workflow | iOS Locked Screen |
|
| iOS Unlocked Screen or within another Application |
|
|
| SafeNet MobilePASS+ for iOS Application | In the Login Request Form window, tap Approve. |
Configure STA for Enhanced Approval Workflow
To maintain compatibility with SafeNet MobilePASS+ Android and iOS versions earlier than 1.4, do not select Enhanced Approval Workflow.
To enable Enhanced Approval Workflow:
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Software Token & Push OTP Settings.
-
Select Enhanced approval workflow and click Apply.
Conditions that will trigger Enhanced Approval Workflow on a mobile device:
-
Enhanced Approval Workflow must be enabled on the server
-
The mobile device must be running iOS 10 or later
-
The mobile device must be provisioned with one token only on the server-side
-
The token must not have a user-PIN
Push OTP Troubleshooting
If an expected push OTP request does not arrive on your mobile device, check that a network connection is present. Heavy traffic and/or service outages from the public push service provider (Apple) may result in delivery delays or disruptions. In such circumstances, use manual OTP generation to complete the authentication.
Configure STA for QR Code Enrollment
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Automation Policies > Self-Enrollment Policy.
-
Select Enable Multi-Device Instructions.
-
Select Display QR Code.
-
Click Apply.
The enrollment email sent to the user will include a link to the page on the STA Self Service Module where the QR code is displayed.
The QR code will display only if a supported device is selected in the device selection drop down menu.
Biometric PIN
Biometric PIN Prerequisites
-
iOS 13 or later
-
Token configured in STA for biometric PIN
Activate Biometric PIN in Existing Tokens
Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.
Configure STA for Biometric PIN (Touch ID and Face ID)
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates.
-
Select the SafeNet MobilePASS+ for iOS token type and click Edit.
-
In the Edit Token Template window, under PIN Policy, select User-selected PIN and then select Allow Biometric PIN.
The SafeNet MobilePASS+ for iOS token can now, following enrollment, be activated to use Touch ID.
Known Issues
This table provides a list of the known issues as of the latest release.
| Issue | Synopsis |
|---|---|
| SAS-21916 | Summary: OCRA tokens prevent non-OCRA tokens from performing authentication. |
| SASMOB-4884 | Fraudulent request dialog doesn't dismiss after push expires if you have multiple login request. |
| SASMOB-4883 | Not enough horizontal padding for "Use Face/Touch ID" button when text scaled to maximum and language set to be Dutch. |
| SASMOB-4882 | QR view is not entirely scrollable when text scaling is on. |
| SASMOB-4878 | Approve button on German Language is truncated on iPhone SE 1st Gen iOS 15. |
| SASMOB-4856 | Voice over reads pending login request message after approving push. |
| SASMOB-4846 | When iPad is in landscape mode, the heading of welcome screen is unable to show if large text is on. |
| SASMOB-4844 | Push bottom sheet text scaling on iOS 13 truncates when text is too long. |
| SASMOB-4841 | Touch ID authentication dialog sometimes repeatedly pops up when unlock a token. |
| SASMOB-4840 | Error message in PIN validation is not obvious when scaled large enough especially in small devices. |
| SASMOB-4838 | Expiration dialog doesn’t show up if push sheet is in minimized state. |
| SASMOB-4837 | Authentication dialog comes on top of QR view after the app is brought from background. |
| SASMOB-4832 | Authenticator Card on iPhone SE 1st Gen goes edge to edge instead of having horizontal padding during text scaling. |
| SASMOB-4193 | Responding to push authentication on a deleted authenticator does not display a toast message as described. |
| SASMOB-4159 | Summary: The app crashes when placed in the background during enrollment of a server PIN token. |
| SASMOB-4127 | Summary: Push sheet dismisses quickly when the Passcode option is selected for no PIN token notification after the first attempt of approval sent fails. |
Compatibility Information
Operating System
- iOS 13 and later
BETA releases of the operating system are not supported.
Supported Authentication Servers
- SafeNet Trusted Access
- SafeNet Trusted Access PCE/SPE 3.12 or later