Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

System setup

Setup

Please Note:

SAS PCE
Get started
- System Requirements
- Installation
  - Install SafeNet Authentication Service
  - Prepare database
  - Configure SafeNet Authentication Service
  - Configure SafeNet Authentication Service for High Availability
  - Configure for MobilePASS and MobilePASS+ Enrollment
  - Onboarding for MobilePASS+ enrollment
  - Security and Compliance
- Upgrade
  - SafeNet Authentication Service pre-upgrade checklist
  - SafeNet Authentication Service upgrade - primary data center
  - SafeNet Authentication Service upgrade - secondary data center
  - SafeNet Authentication Service post-upgrade checklist
  - Additional Considerations
- System setup
  - Setup
  - Communications
  - Logging
Dashboard
- On-Boarding
- Virtual Servers
- Administration
Users and groups
- Configure individual users
- Manage tokens for a user
- Groups
- Containers
- Restrict access based on the time, day, or date
- User Policies
User synchronization
- LDAP sync server settings
- LDAP integration
- LDAP settings
Operators and roles
- Operators
- External Operators
- Provision roles automatically
- Alerts
Tokens
- Token types
  - Hardware tokens
    - OTP hardware token
    - KT-4 tokens
    - RB-1 tokens
  - Software tokens
    - GrIDsure
    - SMS OTP token
  - Third Party tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary Password Policy
- Token Passcode Processing Policy
- Configure server-side PINs
- Token synchronization
- Import SafeNet tokens
- Token inventory
- Deallocate inventory
- MobilePASS target and Push OTP settings
- SMS credits
- SMS/Email/Voice OTP Delivery Methods
- Quicklog authentication
- Initialize hardware tokens
Provisioning tokens to users
- Provision tokens
- Automate token provisioning
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for Push OTP
- Enable Push OTP and MobilePASS+
- Push OTP Rejection Policy
- Customize Push notifications and alerts
- Configure applications for Push OTP
- Token management and enrollment
- Push OTP authentications
RADIUS integration
- RADIUS third-party token support
- RADIUS attributes for users or groups
- Block RADIUS authentication
Server and agent settings
- Authentication Nodes
- Pre-authentication rules
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configure a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
- Display Device Information
- Download an encryption key for remote services
Self-service site
- Site appearance and default language
- Self-Service Modules
- Self-Enrollment pages
- Configure authorities, OOB enrollment, and policies
- Process requests and view reports
Branding the appearance
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Troubleshooting
- Authentication errors
- Error codes

SAS PCE documentation
SAS PCE
Get started
System setup
Setup

Setup

The following tasks can be performed:

Licenses: Install and activate licenses.
Site: Set site import and export information.
Permit LDAP: Permit child accounts to configure LDAP settings.
Software Token Push OTP Setting: Enable Push OTP communication with MobilePASS+.
Permit ODBC Migrations: Configure ODBC migrations of SafeNet authentication servers.
Agent Communication with JWT token: Enable additional agent communication through the use of a JWT token.
System Configuration Details: Generate snapshots of system configuration details.
Provisioning Delay Time: Set Provisioning Delay Time.
HSM Database Encryption: Enable and configure token encryption key storage using a hardware security module.

Licenses

The license determines the number of authentication methods that can be assigned or active, and the types of tokens available.

alt_text

To install the license:

Locate the license file (.blc extension) using the Choose File button displayed against the Add File field. If this product is being provided for evaluation, use the 30-day evaluation license located in the software/license folder.
Paste the license key in the Activation Key field. If this product is being used for evaluation, use this Activation Key with the 30-day evaluation license installed in the previous step.
Click Import to complete license installation.

Site

The option allows to import a site, in addition to allowing you to save the site export information.

alt_text

Current Site(s)

The option lists the imported sites , and allows to remove a site, if required. To remove, select the site, and click Remove.

Site Export

To save the File Key as a TXT file, click Save next to the File Key text field and save the file to a secure location.
To save the BTC file for SAS Site Configuration, click Save next to the Site File field and save the file to a secure location.
To export a SAS site, copy the file key and site file to the replica SAS site.

If you have configured SAS to use a database or LDAP server using localhost or a loopback IP, your site export will not work. You must reconfigure your system to use either hostnames or IP addresses for the connections.

Site Import

To import a SAS site:

On the replica SAS server, log on using a local administrator account.

Locate the site configuration file using the Choose File button displayed against the Configuration File field.
Open the FileKey.txt file, copy the key within the file and paste it in the File Key field.
Click Import Site.

To connect MySQL database, you will require MySQL Connector. If it is already not installed on your system, a screen is displayed, with a download link and steps to guide you during the installation. During installation, ensure that you choose either Typical or Complete installation.

If any version of the MySQL Connector is already installed, you have to manually remove it before installing MySQL Connector 6.10.7. On installing the MySQL Connector, the Administrator will be logged out of the application, and will have to login again to complete the rest of the configurations.

To add additional SAS sites, repeat the above steps: Step 1 (Perform Site Export) and then Step 2 (Perform Site Import). For additional information, refer to adding additional SAS sites section.

For more details on importing and exporting SAS sites, refer to configuring SafeNet Authentication Service for high availability section.

Permit LDAP

To configure LDAP settings for the child accounts, select Allow radio button, and click Apply.

alt_text

Software Token Push OTP Setting

The option enables users to manage push login requests without unlocking their mobile device. This setting also controls the Push setting on the Virtual Server(s). To enable, select the Enable Push OTP communication with MobilePass+ checkbox, and click Apply.

alt_text

For details, refer to the Enable Push Functionality section.

Permit ODBC Migrations

To permit ODBC migrations of SafeNet authentication servers, select Allow radio button, and click Apply.

alt_text

Agent Communication with JWT token (formerly known as FreeRADIUS Synchronization)

Agent communication with JSON Web Token (JWT), formerly known as FreeRADIUS Synchronization, enables the transmission of extended information needed by the agent. This additional agent communication mechanism is only used in conjunction with specific SafeNet agents, such as the SAS Agent for FreeRADIUS.

To enable, select the Enable radio button and click Apply.

Click Generate to generate the JWT. You will need to copy the token for use in the agent’s configuration.

alt_text

System Configuration Details

Clicking the link generates a snapshots of the system configuration details. A sample snapshot is added below:

alt_text

alt_text

Provisioning Delay Time

Enter the Provisioning Delay Time, in minutes (between 5 - 99), and click Apply

Default value: 5 Minutes

alt_text

HSM Database Encryption

The option allows you to enable and configure token encryption key storage and database encryption.

For the Enable token encryption key storage in an HSM field, select Enable radio option.
For the Enable database encryption using an HSM field, select Enable radio option, provide HSM PIN of Slot 0 and click Apply. On clicking Apply, a key will be generated automatically. If a key is already present in the HSM (or in the case of a PIN update), an appropriate message(s) will be displayed.

Enabling HSM (with the SAS solution) is a one-way, irreversible operation that cannot be undone.

alt_text

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com