Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

SafeNet Access Exchange

Please Note:

SafeNet Access Exchange
Install SafeNet Access Exchange
- Podman
- Docker
System Requirements
Configuration
- Realm creation and authentication flow
- User Federation Setup
- Customization
- Integrations using SafeNet Access Exchange
- Logging in SafeNet Access Exchange
- Additional Configuration
  - Managing OpenID Connect and SAML Clients
  - Assigning permissions using roles and groups
  - Managing Users
  - Managing user sessions
  - Configuring auditing to track events
  - Configuring realms
  - Configuring Authentication
  - Integrating identity providers
  - Using external storage
- StepUp Authentication using SafeNet Access Exchange
- Access and Risk Management
  - Configuring an access policy to secure an application
Testing the End User Login Flow
Integrations
- SAS PCE for Salesforce
  - Prerequisites
  - Identity Provider (SafeNet Access Exchange) Setup
  - Salesforce Configuration
  - Verify Authentication
- SAS PCE for Kintone Application (SAML)
  - Prerequisites
  - Kintone Setup
  - Identity Provider (SafeNet Access Exchange) setup
  - Verify Authentication
- SAS PCE for Non-SAML/OIDC Web Application
  - Prerequisites
  - Configure SafeNet App Gateway with SAS PCE
  - Test the Solution
- SAS PCE for Office365 Application (SAML)
  - Prerequisites
  - Identity Provider (SafeNet Access Exchange) Setup
  - Office 365 Setup
  - Verify Authentication
  - Appendix: Office 365 Access Continuity for SafeNet Trusted Access
- OAuth 2.0 Support with SafeNet Access Exchange
- SAS PCE as an External Authentication Method (EAM) in Microsoft Entra ID
  - Prerequisites
  - Identity Provider (SafeNet Access Exchange) Setup
  - Microsoft Entra ID Setup
  - Verify Authentication
  - Use Cases
  - Appendix - CBA for SAS PCE as Entra ID External Authentication Method (EAM)
- SAS PCE for Silverfort Application
  - Prerequisites
  - Identity Provider (SafeNet Access Exchange) Setup
  - Silverfort Setup
  - Verify Authentication
- SAS PCE for PingFederate
  - Integrate SafeNet Access Exchange (SAE) with PingFederate - OIDC
  - Integrate SafeNet Access Exchange (SAE) with PingFederate - SAML
Troubleshooting

SAS PCE documentation
SafeNet Access Exchange

SafeNet Access Exchange

SafeNet Access Exchange (SAE) is an on-premises IDP, which complements secure authentication of SAS PCE. With this integration, SAS PCE provides multi-factor authentication in the context of authentication requests received from SAML or OIDC integrated applications. SafeNet Access Exchange is also a key component of SAS PCE Enterprise and STA Hybrid Access Management Add-On based deployment.

SafeNet Access Exchange also supports Single Sign-On (SSO) for applications integrated with it. When SSO is enabled, users can access multiple applications with only one login request during each computer session. This alleviates the need for users to log on to each application separately.

SafeNet Access Exchange package interacts with:

SAS PCE Enterprise Edition for a complete SAS PCE SSO workflow.
STA and SAS PCE for a complete STA Hybrid Access Management workflow. This is a key component of STA Access Continuum.

alt_txt

Software requirements

Docker or Podman for running containers
SAS PCE

Prerequisites

SafeNet Authentication Service (SAS) PCE v3.20 or above.

Terminology

SafeNet Access Exchange Directory: SAE server installation directory.
Authentication Flow: A container for all authentications, screens, and actions that are mandatory during login, registration, and other SafeNet Access Exchange workflows.

Package contents

SafeNet Access Exchange is a compressed zip|tar.gz file. The SafeNetAccessExchange Package contains:

SafeNetAccessExchange.tar.gz
SafeNet OTP Realm json file
Realm configuration and authentication flows defined for SAS OTP validation.

To unpack this file, run the unzip, gunzip, or tar utilities.

alt_txt

SafeNet Access Exchange SAS providers (SPI)

The package contains the following modules, which are pre-installed with the SafeNet Access Exchange server.

SafeNet OTP Authentication Flow – Customized authentication flow for OTP validation with SAS Token Validator service.
SafeNet Theme – Customized theme to define SafeNet HTML templates and stylesheets.

Set up SAS API for SAS PCE

SAS API requests data from SAS PCE to dynamically update the SafeNet Access Exchange.

Caution

This setup is mandatory when SAS is configured with MySQL database.

Note

SAS API encounters an issue with the MySQL database (MySQL EF6 DLL in GAC missing). It is a limitation of MySQL Connector 9.2.0.

When SafeNet Access Exchange is configured with SAS using MySQL database, perform the following steps:

Click here to download the mysql.data.entityframework.9.2.0 nuget package. This library is freely available from Oracle’s MySQL website and must be used in compliance with the GPL-2.0 license. Ensure to understand the GPL-2.0 obligations before using this library.
Change the extension of the downloaded package from .nupkg to .zip by renaming the package.
Extract the package mysql.data.entityframework.9.2.0.zip.
Open the extracted folder, navigate to lib > net462 > MySql.Data.EntityFramework.dll, and copy the complete path of this DLL file. It will be required in the next step.
Copy the following text in a text file and save the file in the .ps1 file format. Also check and update the DLL path as per the above step:

# Note that you should be running PowerShell as an Administrator
[System.Reflection.Assembly]::Load("System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a")
$publish = New-Object System.EnterpriseServices.Internal.Publish
$publish.GacInstall("C:\Downloads\mysql.data.entityframework.9.2.0\lib\net462\MySql.Data.EntityFramework.dll")
# If installing into the GAC on a server hosting web applications in IIS, restart IIS for changes to take effect
iisreset
Run the .ps1 file as an administrator in the PowerShell.
To validate whether your script runs successfully, go to C:\Windows\Microsoft.NET\assembly\GAC_MSI and verify that MySql.Data.EntityFramework folder is created after execution of the above script.

Points to remember

Default location:
System Directory:\Downloads\mysql.data.entityframework.9.2.0\lib\net462 (Assuming it will be the path of your directory where the nuget package is downloaded)
Open the PowerShell script and change the path to where your DLL resides.

Configuration overview

Installation and Realm Configuration and Authentication Flow are mandatory.
User Federation Setup (Either LDAP or SAS User Federation is mandatory).
Customization, Logging in SafeNet Access Exchange and Testing the End User Login flow are optional.

Note

Set up of SAS PCE is required for end-to-end setup and validation for a STA Hybrid environment.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com