Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

SAS PCE

Operators and roles

Please Note:

SAS PCE
Get started
- System Requirements
- Installation
  - Install SafeNet Authentication Service
  - Prepare database
  - Configure SafeNet Authentication Service
  - Configure SafeNet Authentication Service for High Availability
  - Configure for MobilePASS and MobilePASS+ Enrollment
  - Onboarding for MobilePASS+ enrollment
  - Security and Compliance
- Upgrade
  - SafeNet Authentication Service pre-upgrade checklist
  - SafeNet Authentication Service upgrade - primary data center
  - SafeNet Authentication Service upgrade - secondary data center
  - SafeNet Authentication Service post-upgrade checklist
  - Additional Considerations
- System setup
  - Setup
  - Communications
  - Logging
Dashboard
- On-Boarding
- Virtual Servers
- Administration
Users and groups
- Configure individual users
- Manage tokens for a user
- Groups
- Containers
- Restrict access based on the time, day, or date
- User Policies
User synchronization
- LDAP sync server settings
- LDAP integration
- LDAP settings
Operators and roles
- Operators
- External Operators
- Provision roles automatically
- Alerts
Tokens
- Token types
  - Hardware tokens
    - OTP hardware token
    - KT-4 tokens
    - RB-1 tokens
  - Software tokens
    - GrIDsure
    - SMS OTP token
  - Third Party tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary Password Policy
- Token Passcode Processing Policy
- Configure server-side PINs
- Token synchronization
- Import SafeNet tokens
- Token inventory
- Deallocate inventory
- MobilePASS target and Push OTP settings
- SMS credits
- SMS/Email/Voice OTP Delivery Methods
- Quicklog authentication
- Initialize hardware tokens
Provisioning tokens to users
- Provision tokens
- Automate token provisioning
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for Push OTP
- Enable Push OTP and MobilePASS+
- Push OTP Rejection Policy
- Customize Push notifications and alerts
- Configure applications for Push OTP
- Token management and enrollment
- Push OTP authentications
RADIUS integration
- RADIUS third-party token support
- RADIUS attributes for users or groups
- Block RADIUS authentication
Server and agent settings
- Authentication Nodes
- Pre-authentication rules
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configure a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
- Display Device Information
- Download an encryption key for remote services
Self-service site
- Site appearance and default language
- Self-Service Modules
- Self-Enrollment pages
- Configure authorities, OOB enrollment, and policies
- Process requests and view reports
Branding the appearance
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Troubleshooting
- Authentication errors
- Error codes

SAS PCE documentation
SAS PCE
Operators and roles

Operators and roles

A role defines what an Operator can do through the SAS console. It reflects the account's business objectives, security requirements, operational hierarchy, and workflow.

A role defines a set of access permissions for specific tabs, modules, and actions that are suitable for a particular position. Access to tabs and modules can be disabled. This level of detail allows you to personalize the security settings for each Virtual Server and role based on the operational requirement of the account.

The Operator role can be assigned to the user who is promoted to Operator on the Operators tab. If a different role is required, create the user on the Assignment tab, promote the user to Operator status from the Operators tab (optional), and select an appropriate role.

Roles are specific to the Virtual Server in which they are configured. The Operator role grants unrestricted rights to manage the Virtual Server.

Role permissions

All permissions are set at the account level. As a result, an Operator can have different permission levels for different accounts.

Some features may not be available in your service zone.

Where access to modules is allowed, you can restrict the actions within a module through permissions, for example:

To remove a role's ability to assign a token, deselect the Add check box in the Assignment section > Tokens row.
To remove a role's ability to provision a token, deselect the Access check box in the Assignment section > Provisioning row.
To remove a role's access to the Operator tab and all of its modules, deselect the Operators check box in the Operators section.

Add or edit a role

Existing roles are displayed in the roles list. All roles except the default Operator role can be edited or removed. The role access options include a check box for each tab, and for the modules and actions on the tabs. Clearing a check box removes the tab, module, or action from the role.

After you configure roles, you can assign them. You can also automate role provisioning.

On the SAS console, select Policy > Role Management and then click the Role Management task.
To add a role, click Add.

(Optionally) To edit an existing role, click the Edit hyperlink.

(Optionally) To add a role that is similar to an existing role, select the existing role name, click Duplicate, and then edit the copy as required.
Type the Role Name, and then click Next.

There is a check box for each tab, module, and action that you can set permissions for.

It is a best practice to limit a role with Remote Services access to a specific API user. A user whose role includes Remote Services has full access to the management API, regardless of any other limitations that are imposed on that user.
Select the role's access permissions for tabs, modules, and actions:
- Access—Enables the role to access the module. To limit the role to read-only access, select Access and deselect Edit.
- Edit—Enables the role to access edit functions, even if Access is not selected.
  
  If neither Access nor Edit are selected, the module does not display.
- Delete—Enables the role to access delete or remove functions.
- Add—Enables the role to access add functions.
- Import—Enables the role to access import functions.
- Export—Enables the role to access export functions.
- View Log—Enables the role to access the View Log function.
Click Save to commit the role configuration.

After you add a role, you can assign it to Operators or create provision roles automatically.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com