Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Installation

Configure SafeNet Authentication Service

search

Please Note:

Configure SafeNet Authentication Service

This section covers only the mandatory SAS configuration items.

  • Open a web browser and then browse to http://127.0.0.1/console or http://ip_address_of_server/console.
  • When prompted for credentials, use a Windows local or domain administrator account. For a domain administrator account, the proper username syntax is 'REALM\username'.

It automatically redirectes you to the SYSTEM tab where all system configuration options can be configured.

SAS configuration requires the following steps:

Step 1: Configure database

This step connects SAS to a database server and creates the database and tables it needs to use.

To configure a database:

  1. On the System tab, click Database > SQL Database.

  2. Select the required database from the list and click Next.

  3. Enter the host name, database name (default - Blackshield), user Name, and password to be used by SAS to connect to the database, and click Next.

  4. [Optional] If configuring a failover database server, enter similar connection information as in step 3, and click Next.

    Note

  5. On the Connection Confirmation window, click Next to continue, or correct any connection failure issues. Database creation may take up to a minute.

  6. Copy the two Cipher files (Cipher.bak and CipherKey.txt) to a secure location and delete them from the server.

    The database cannot be copied or restored to a different server or to this server in the event of significant hardware changes without the Cipher.bak and CipherKey.txt files.

  7. Click Done to complete database installation.

    Note

    After configuring SAS with a database, if an Administrator plans to configure the SAS again with a different database, these steps must be followed:
    1. Configure SAS with the required database.
    2. Once the configuration is complete, perform an IISRESET operation.
    3. Login to SAS, and provide the license again.

Step 2: Install license

The license determines the number of authentication methods that can be assigned or active, and the types of tokens available.

To install the license:

  1. On the System tab, click Setup > Licenses.

  2. Use the Browse button to locate the license file (.blc extension).
    If this product is being provided for evaluation, use the 30-day evaluation license (30-0001457.001.blc) located in the software/license folder.

  3. Paste the activation key into the Activation Key field. If this product is being used for evaluation, use the activation key (ActivationKey.txt) that comes with the 45-day evaluation license selected in the previous step.

  4. Click Import to complete license installation.

Step 3: Configure email settings

SAS uses email to send administrator validation, enrollment, and other messages.

To configure email settings:

  1. On the System tab, click Communications > E-mail Settings.

  2. Enter the fields as follows:

    Field Description
    From Address Enter an account name and email address Default: SafeNet Authentication Service Mailer (admin@localdomain.mail)
    SMTP Server Enter the location of the SMTP server
    Port Enter the Port Number of the SMTP server Default: 25
    SMTP User Enter an SMTP user name (if required)
    SMTP Password Enter an SMTP password (if required)
    Use SSL If your SMTP server supports SMTP over STARTTLS and you wish to send messages between SAS and the SMTP server over an encrypted channel, select this option.

  3. Click Apply to commit the configuration.

  4. To test the configuration, enter a valid email address in the Test To Address field and click Test.

Step 4: Configure Self-Enrollment Policy settings

Self-enrollment is necessary for the provisioning and auto-provisioning of tokens to users. It is through this service that users can install software tokens or activate hardware tokens. This configuration determines the base URL included in enrollment messages sent to users.

To configure Self-Enrollment Policy settings:

  1. On the System tab, click Communications > Self-Enrollment Policy.

  2. Verify or modify the default hyperlink to reflect the location of the self-enrollment website. The default location is http:///selfEnrollment. To require SSL for all self-enrollment processes, change the default http://URL to https://URL.

This requires the configuration of a certificate on IIS.
For details, see Configuring for MobilePASS and MobilePASS+ Enrollment.

Step 5: Configure Operator email validation URL settings

Login to the SAS management interface requires a validated email address as the UserID. This configuration determines the base URL to be sent to Operators through which they can validate their email and gain access to the management interface.

To configure the operator email validation URL:

  1. On the Systems tab, click Communications Module > Operator E-mail Validation URL.

  2. Verify or modify the default hyperlink to reflect the location of the Operator validation website. The default location is http:///console/Default.aspx. To require SSL for all self-enrollment processes, change the default http://URL to https://URL.

    This requires the configuration of a certificate on IIS.
    For details, see Configuring for MobilePASS and MobilePASS+ Enrollment.

Step 6: Create Service Provider account

The Service Provider account is the organization and authentication server hosting the authentication service, and includes basic information such as company name and address. Depending on licensing, the Service Provider may be permitted to create additional accounts, all of which can be managed through SAS, but each of which appears and behaves as a unique, stand-alone enterprise authentication server. This functionality can be used to support multiple LDAPs for subsidiary organizations. Contact your supplier for additional information.

To create the Service Provider account:

  1. On the On-Boarding tab, click Create account.

  2. In the Account field, enter a unique company name.

  3. Optionally, enter address information in the corresponding fields.

  4. Click Save.

Step 7: Create Operator

The next step in the configuration is to create an Operator account to manage the server. The localhost administrator or root account can not be used after this point other than to reconfigure the database or install additional licenses. Apart from these functions, the Operator account has access to all functionality in the management interface.

To create an Operator:

  1. On the On-Boarding tab, click Create Operator and click Add.

  2. Enter the Operator information in the fields and click Next.
    The minimum requirement is First Name, Last Name, UserID, and E-Mail address. The UserID and E-Mail address must be unique.
    When through, click Next.

    While static passwords are allowed, it is strongly recommended that all operators use two-factor authentication for logging to the management interface. The authentication methods available for provisioning to the Operator are presented in the list, along with the quantity in inventory as determined by licensing.

  3. Click Done.
    An enrollment message is delivered to the email address entered previously.

  4. The Operator should do the following:

    • Click the hyperlink in the self-enrollment email and then follow the instructions to self-enroll.

    • Immediately following completion of self-enrollment, the Operator receives a second message containing the Operator email validation link.

    • Click the Operator email validation link, enter the UserID (email address), and a password or one-time password, depending on the authentication method enrolled.

    • If validation and authentication are successful, the Operator is logged in to the management interface.

Step 8: Define Auth Nodes

An Auth Node must be created for any SAS Agent to allow authentication requests to SAS.

To define Auth Nodes:

On the Virtual Servers tab, select Comms > Auth Nodes, and click Add.

Enter the fields as follows:

defining Auth Node
Field Description
Agent Description Enter a description for the agent.
Hostname Enter the hostname of the server
Low IP Address In Range

Enter the lowest IP address in the range

NOTE   If you are specifying a single IP address, enter the IP address in the Low IP Address. The High IP Address can be left empty.
High IP Address In Range Enter the highest IP address in the range.

If more than one IP address is required in the Auth Node section, expand the Services module and then modify the value in Auth Nodes: Max. Auth Nodes field.

This completes the basic configuration settings. All other configuration must be performed by the Operator account created above.

On this page