Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

System setup

Setup

search

Setup

Please Note:

Setup

The following tasks can be performed:

  • Licenses: Install and activate licenses.
  • Site: Set site import and export information.
  • Permit LDAP: Permit child accounts to configure LDAP settings.
  • Software Token Push OTP Setting: Enable Push OTP communication with MobilePASS+.
  • Permit ODBC Migrations: Configure ODBC migrations of SafeNet authentication servers.
  • Agent Communication with JWT token: Enable additional agent communication through the use of a JWT token.
  • System Configuration Details: Generate snapshots of system configuration details.
  • Provisioning Delay Time: Set Provisioning Delay Time.
  • HSM Database Encryption: Enable and configure token encryption key storage using a hardware security module.

Licenses

The license determines the number of authentication methods that can be assigned or active, and the types of tokens available.

alt_text

To install the license:

  1. Locate the license file (.blc extension) using the Choose File button displayed against the Add File field. If this product is being provided for evaluation, use the 30-day evaluation license located in the software/license folder.
  2. Paste the license key in the Activation Key field. If this product is being used for evaluation, use this Activation Key with the 30-day evaluation license installed in the previous step.
  3. Click Import to complete license installation.

Site

The option allows to import a site, in addition to allowing you to save the site export information.

alt_text

Current Site(s)

The option lists the imported sites , and allows to remove a site, if required. To remove, select the site, and click Remove.

Site Export

  • To save the File Key as a TXT file, click Save next to the File Key text field and save the file to a secure location.
  • To save the BTC file for SAS Site Configuration, click Save next to the Site File field and save the file to a secure location.

  • To export a SAS site, copy the file key and site file to the replica SAS site.

    If you have configured SAS to use a database or LDAP server using localhost or a loopback IP, your site export will not work. You must reconfigure your system to use either hostnames or IP addresses for the connections.

Site Import

To import a SAS site:

On the replica SAS server, log on using a local administrator account.

  • Locate the site configuration file using the Choose File button displayed against the Configuration File field.
  • Open the FileKey.txt file, copy the key within the file and paste it in the File Key field.

  • Click Import Site.

    To connect MySQL database, you will require MySQL Connector. If it is already not installed on your system, a screen is displayed, with a download link and steps to guide you during the installation. During installation, ensure that you choose either Typical or Complete installation.

    If any version of the MySQL Connector is already installed, you have to manually remove it before installing MySQL Connector 6.10.7. On installing the MySQL Connector, the Administrator will be logged out of the application, and will have to login again to complete the rest of the configurations.

    To add additional SAS sites, repeat the above steps: Step 1 (Perform Site Export) and then Step 2 (Perform Site Import). For additional information, refer to adding additional SAS sites section.

For more details on importing and exporting SAS sites, refer to configuring SafeNet Authentication Service for high availability section.

Permit LDAP

To configure LDAP settings for the child accounts, select Allow radio button, and click Apply.

alt_text

Software Token Push OTP Setting

The option enables users to manage push login requests without unlocking their mobile device. This setting also controls the Push setting on the Virtual Server(s). To enable, select the Enable Push OTP communication with MobilePass+ checkbox, and click Apply.

alt_text

For details, refer to the Enable Push Functionality section.

Permit ODBC Migrations

To permit ODBC migrations of SafeNet authentication servers, select Allow radio button, and click Apply.

alt_text

Agent Communication with JWT token (formerly known as FreeRADIUS Synchronization)

Agent communication with JSON Web Token (JWT), formerly known as FreeRADIUS Synchronization, enables the transmission of extended information needed by the agent. This additional agent communication mechanism is only used in conjunction with specific SafeNet agents, such as the SAS Agent for FreeRADIUS.

To enable, select the Enable radio button and click Apply.

Click Generate to generate the JWT. You will need to copy the token for use in the agent’s configuration.

alt_text

System Configuration Details

Clicking the link generates a snapshots of the system configuration details. A sample snapshot is added below:

alt_text

alt_text

Provisioning Delay Time

Enter the Provisioning Delay Time, in minutes (between 5 - 99), and click Apply

Default value: 5 Minutes

alt_text

HSM Database Encryption

The option allows you to enable and configure token encryption key storage and database encryption.

  • For the Enable token encryption key storage in an HSM field, select Enable radio option.

  • For the Enable database encryption using an HSM field, select Enable radio option, provide HSM PIN of Slot 0 and click Apply. On clicking Apply, a key will be generated automatically. If a key is already present in the HSM (or in the case of a PIN update), an appropriate message(s) will be displayed.

    Enabling HSM (with the SAS solution) is a one-way, irreversible operation that cannot be undone.

alt_text