Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SAS PCE documentation
- Explore Thales Docs

SAS PCE
Agents
MobilePASS+
SafeNet Access Exchange
BSIDCA API
- BSIDCA endpoints
- BSIDCA custom attributes
Integrations
Account management
Release Notes

All

All

Users and groups

User Policies

Please Note:

SAS PCE
Get started
- System Requirements
- Installation
  - Install SafeNet Authentication Service
  - Prepare database
  - Configure SafeNet Authentication Service
  - Configure SafeNet Authentication Service for High Availability
  - Configure for MobilePASS and MobilePASS+ Enrollment
  - Onboarding for MobilePASS+ enrollment
  - Security and Compliance
- Upgrade
  - SafeNet Authentication Service pre-upgrade checklist
  - SafeNet Authentication Service upgrade - primary data center
  - SafeNet Authentication Service upgrade - secondary data center
  - SafeNet Authentication Service post-upgrade checklist
  - Additional Considerations
- System setup
  - Setup
  - Communications
  - Logging
Dashboard
- On-Boarding
- Virtual Servers
- Administration
Users and groups
- Configure individual users
- Manage tokens for a user
- Groups
- Containers
- Restrict access based on the time, day, or date
- User Policies
User synchronization
- LDAP sync server settings
- LDAP integration
- LDAP settings
Operators and roles
- Operators
- External Operators
- Provision roles automatically
- Alerts
Tokens
- Token types
  - Hardware tokens
    - OTP hardware token
    - KT-4 tokens
    - RB-1 tokens
  - Software tokens
    - GrIDsure
    - SMS OTP token
  - Third Party tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary Password Policy
- Token Passcode Processing Policy
- Configure server-side PINs
- Token synchronization
- Import SafeNet tokens
- Token inventory
- Deallocate inventory
- MobilePASS target and Push OTP settings
- SMS credits
- SMS/Email/Voice OTP Delivery Methods
- Quicklog authentication
- Initialize hardware tokens
Provisioning tokens to users
- Provision tokens
- Automate token provisioning
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for Push OTP
- Enable Push OTP and MobilePASS+
- Push OTP Rejection Policy
- Customize Push notifications and alerts
- Configure applications for Push OTP
- Token management and enrollment
- Push OTP authentications
RADIUS integration
- RADIUS third-party token support
- RADIUS attributes for users or groups
- Block RADIUS authentication
Server and agent settings
- Authentication Nodes
- Pre-authentication rules
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configure a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
- Display Device Information
- Download an encryption key for remote services
Self-service site
- Site appearance and default language
- Self-Service Modules
- Self-Enrollment pages
- Configure authorities, OOB enrollment, and policies
- Process requests and view reports
Branding the appearance
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Troubleshooting
- Authentication errors
- Error codes

SAS PCE documentation
SAS PCE
Users and groups
User Policies

User Policies

User Policies module contains policies that affect user accounts, including:

Account Lockout/Unlock Policy
Dormant Account Lockout Policy

alt_text

Configure the Account Lockout/Unlock Policy

This policy determines how SAS handles consecutive failed login attempts.

SAS locks a user’s account after an invalid OTP is used a specified number of times. If configured, SAS will also send a lockout alert to the user’s email address.

SAS unlocks a user’s account after the account lock duration has passed. If configured, SAS will also send an account unlock alert to the user’s email address after the user successfully authenticates.

alt_text

Apply: Save changes to the policy. The button is active until changes to the policy are saved or canceled.
Cancel: Clear unsaved changes to the policy and close the module.
Change Log: Display the last five changes to the policy including the date and time of each change, the Operator ID, and the changed values.
Account lock threshold: The maximum number of consecutive failed login attempts permitted for a user. If this value is exceeded, SAS locks the account. The default value is 3. To disable this function, set the value to 0.
Alert User on account lockout: If checked, SAS sends an alert to the user after the user’s account changes state from Unlocked to Locked.
Alert User on account unlock: If checked, SAS sends an alert to the user after the following two conditions are met: 1) the user’s account changes state from Locked to Unlocked and 2) the user successfully authenticates.

Although the account may be configured to unlock after 5 minutes (for example), SAS sends the account unlock alert only when the user successfully authenticates after the lockout period; which may be 15 minutes after the account is unlocked (for example). In other words, SAS validates the unlock policy only after the user successfully authenticates.
Account lock duration: The time in seconds, minutes, or hours that must elapse – after an account is locked – before the account automatically unlocks. The default value is 15 minutes. In the case where the value is 0 when the user authenticates their locked account, the account will automatically unlock.

Any change to the account lock duration value will apply only to lock events that occur after the change. For example, if a user’s account is locked while the value is 1 day – and the administrator reduces the value to 15 minutes – the user must still wait the remainder of the 1 day that applied when the account was locked, before their account is unlocked.

Configure the Dormant Account Lockout Policy

Some compliance regulations require that dormant user accounts be automatically locked and not be permitted to authenticate. A dormant account is one that has not logged on for a defined period of time.

The Virtual Server uses the Dormant Account Lockout Policy to determine how long after the last successful logon an account is considered to be dormant and becomes locked.

alt_text

Apply: Active when the policy is modified. Use to commit policy change.
Cancel: Clears any uncommitted change to the policy and closes the module.
Change Log: Displays a list of the last 5 changes to this policy, including the date and time of each change, changed by Operator ID, and the value that was specified.
Dormant Account Threshold: Allowed range in days is: 0 (default, threshold disabled) to 365. Input limited to integers in this range.

On this page

SafeNet Authentication Service Private Cloud Edition

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com