Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Agents

SafeNet Agent for TokenValidator Proxy

search

Please Note:

SafeNet Agent for TokenValidator Proxy

SafeNet Agent for TokenValidator Proxy (TVP) relays proxy authentication requests from other agents to the SafeNet server.

When used with other agents, such as SafeNet Agent for Windows Logon, only the SafeNet Agent for TVP is required to register its IP address with the SafeNet server. Alternately, without SafeNet Agent for TVP, the IP address of each workstation must be registered with the SafeNet server.

When using the SafeNet server API with a cloud application (such as MS Azure), you cannot be sure of the IP address of the cloud server, nor are you entitled to claim the IP address as your own. To solve this problem, you can point your cloud applications at the SafeNet Agent for TVP and register the agent as their Auth Node.

System requirements

Requirement Details
Supported Platforms Windows Server 2025
Windows Server 2022
Windows Server 2019
Windows Server 2016
Supported Architecture 64-bit
Additional Software Components IIS 10
.NET Framework 4.8 or above

Configuring Additional Software Components

The following IIS components meet the minimum requirements to run the Web Adaptor. If additional IIS components are enabled, they do not need to be removed.

  • Web Server

    • Common HTTP Features

      • Default Document

      • Static Content

    • Security

      • Request Filtering

      • Basic Authentication

      • Windows Authentication

    • Application Development

      • .NET Extensibility 4.5

      • ASP.NET 4.5

      • ISAPI Extensions

      • ISAPI Filters

      • WebSocket Protocol

  • Management Tools

    • IIS Management Console

    • IIS 6 Management Compatibility

      • IIS 6 Metabase Compatibility

Architecture

If each client were to be connected directly to the SafeNet server, each would require its own IP address to be configured. By using SafeNet Agent for TVP, it needs to be configured just once with the IP address of the SafeNet server Auth Node. Multiple clients can then be connected to the SafeNet server through SafeNet Agent for TVP without further IP addresses being configured.

Agent architecture

Push Authentication

The SafeNet Agent for TVP v3.1.0 transfers push authentication requests from all the SafeNet agents that support push authentication. Push authentication is supported only with MobilePASS+ tokens.

No configuration is required for SafeNet Agent for TVP to transfer the push authentication request.

MobilePASS+ push number matching

In SAS PCE, you can configure MobilePASS+ authenticators to use the number matching feature instead of the Approve and Deny buttons. Number matching forces the user to match the number on the login screen with the number in their SafeNet MobilePASS+ authenticator push notification.

Number matching makes push notifications more secure. Adding number matching to push notifications can protect against push fatigue or push bombing attacks, where the user is spammed with multiple push notifications until they eventually approve a notification just to make them stop. Number matching also prevents users from approving push notifications by mistake.

The basic workflow with SafeNet Agent for TVP is as follows:

  • During login, the TVP-protected login interface displays a number.

  • The user receives a push notification in the MobilePASS+ application that includes multiple numbers.

  • To approve the authentication request, the user must select the matching number.

On this page