Please Note:

SafeNet Access Exchange
Overview
Installation
- Podman
- Docker
Configuration
- Realm Creation and Authentication Flow
- User Federation Setup
- Customization
- Integrations using SafeNet Access Exchange
- Logging in SafeNet Access Exchange
- Additional Configuration
  - Managing OpenID Connect and SAML Clients
  - Assigning permissions using roles and groups
  - Managing Users
  - Managing user sessions
  - Configuring auditing to track events
  - Configuring realms
  - Configuring Authentication
  - Integrating identity providers
  - Using external storage
Testing the End User Login Flow
Integrations
- SAS PCE for Salesforce
  - Prerequisites
  - Identity Provider (SafeNet Access Exchange) Setup
  - Salesforce Configuration
  - Verify Authentication
- SAS PCE for Kintone Application (SAML)
  - Prerequisites
  - Kintone Setup
  - Identity Provider (SafeNet Access Exchange) setup
  - Verify Authentication
- SAS PCE for Non-SAML/OIDC Web Application
  - Prerequisites
  - Configure SafeNet App Gateway with SAS PCE
  - Test the Solution
Troubleshooting

SAS PCE documentation
SafeNet Access Exchange
Configuration
Additional Configuration
Configuring realms

Configuring realms

Once you have an administrative account for the Admin Console, you can configure realms. A realm is a space where you manage objects, including users, applications, roles, and groups. A user belongs to and logs into a realm. One SafeNet Access Exchange deployment can define, store, and manage as many realms as there is space for in the database.

Using the Admin Console

You configure realms and perform most administrative tasks in the SafeNet Access Exchange Admin Console.

Prerequisites

You need an administrator account.

Procedure

Go to the URL for the Admin Console. For example, for localhost, use this URL: http://localhost:8080/admin/
Enter the username and password you created on the Welcome Page. This action displays the Admin Console.

alt_text

Note the menus and other options that you can use:
1. Click the menu labeled Master to pick a realm you want to manage or to create a new one.
2. Click the top right list to view your account or log out.
3. Hover/Click over a question mark ? icon to show a tooltip text that describes that field. The image above shows the tooltip in action.

The master realm

In the Admin Console, two types of realms exist:

Master realm- This realm was created for you when you first started SafeNet Access Exchange. It contains the administrator account you created at the first login. Use the master realm only to create and manage the realms in your system.
Other realms- These realms are created by the administrator in the master realm. In these realms, administrators manage the users in your organization and the applications they need. The applications are owned by the users.

Realms and applications

alt_text

Realms are isolated from one another and can only manage and authenticate the users that they control.

Creating a realm

You create a realm to provide a management space where you can create users and give them permissions to use applications. At first login, you are typically in the master realm, the top-level realm from which you create other realms.

Procedure

Point to the top of the left pane.
Click Create Realm.

alt_text

Enter a name for the realm.
Click Create.

alt_text

Configuring SSL for a realm

Each realm has an associated SSL Mode, which defines the SSL/HTTPS requirements for interacting with the realm. Browsers and applications that interact with the realm honor the SSL/HTTPS requirements defined by the SSL Mode or they cannot interact with the server.

Procedure

Click Realm settings in the menu.
Click the General tab.

alt_text

Set Require SSL to one of the following SSL modes:
- External requests Users can interact with SafeNet Access Exchange without SSL so long as they stick to private IP addresses such as localhost, 127.0.0.1, 10.x.x.x, 192.168.x.x, and 172.16.x.x. If you try to access SafeNet Access Exchange without SSL from a non-private IP address, you will get an error.
- None SafeNet Access Exchange does not require SSL. This choice applies only in development when you are experimenting and do not plan to support this deployment.
- All requests SafeNet Access Exchange requires SSL for all IP addresses.

Configuring email for a realm

SafeNet Access Exchange sends emails to users to verify their email addresses, when they forget their passwords, or when an administrator needs to receive notifications about a server event.

Procedure

Click Realm settings in the menu.
Click the Email tab.
Fill in the fields and toggle the switches as needed.

Template

From- It denotes the address used for the From SMTP-Header for the emails sent.
From display name- It allows to configure a user-friendly email address aliases (optional). If not set the plain From email address will be displayed in email clients.
Reply to- It denotes the address used for the Reply-To SMTP-Header for the mails sent (optional). If not set the plain From email address will be used.
Reply to display name- It allows to configure a user-friendly email address aliases (optional). If not set the plain Reply To email address will be displayed.
Envelope from- It denotes the Bounce address used for the Return-Path SMTP-Header for the mails sent (optional).

Connection & Authentication

Host- It denotes the SMTP server hostname used for sending emails.
Port- It denotes the SMTP server port.
Encryption - Tick one of these checkboxes to support sending emails for recovering usernames and passwords, especially if the SMTP server is on an external network. You will most likely need to change the Port to 465, the default port for SSL/TLS.
Authentication - Set this switch to ON if your SMTP server requires authentication. When prompted, supply the Username and Password.

Enabling internationalization

Every UI screen is internationalized in SafeNet Access Exchange. The default language is English, but you can choose which locales you want to support and what the default locale will be.

Procedure

Click Realm Settings in the menu.
Click the Localization tab.
Enable Internationalization.
Select the languages you will support.

alt_text

The next time a user logs in, that user can choose a language on the login page to use for the login screens, Account Console, and Admin Console.

Controlling login options

SafeNet Access Exchange includes several built-in login page features.

Enabling forgot password

If you enable Forgot password, users can reset their login credentials if they forget their passwords or lose their OTP generator.

Procedure

Click Realm settings in the menu.
Click the Login tab.

alt_text

Toggle Forgot password to ON. A Forgot Password? link displays in your login pages.

alt_text

Specify Host and From in the Email tab in order for SafeNet Access 5.Exchange to be able to send the reset email.
Click this link to bring users where they can enter their username or email address and receive an email with a link to reset their credentials.

alt_txt

Enabling Remember Me

A logged-in user closing their browser destroys their session, and that user must log in again. You can set SafeNet Access Exchange to keep the user’s login session open if that user clicks the Remember Me checkbox upon login. This action turns the login cookie from a session-only cookie to a persistence cookie.

Procedure

Click Realm settings in the menu.
Click the Login tab.
Toggle the Remember Me switch to On.

Login tab

When you save this setting, a remember me checkbox displays on the realm’s login page.

Remember Me

Suggest A Change

Configuring realms

Using the Admin Console

The master realm

Creating a realm

Configuring SSL for a realm

Configuring email for a realm

Template

Connection & Authentication

Enabling internationalization

Enabling forgot password

Enabling Remember Me

On this page