Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All

SafeNet App Gateway

Security Recommendations

SafeNet Agents
SafeNet Synchronization Agent
- Install SafeNet Synchronization Agent
- LDAP synchronization server
- SafeNet Synchronization Agent for LDAP
- Configure for SQL
- Synchronization groups
- AD password synchronization
- Grant synchronization permission
- Transaction and synchronization details
- View the LDAP schema
- Aliases 3 and 4
- Configuration options
- Event notifications
- Browse the user source
- Start and stop SafeNet Synchronization Agent
- Backup or restore configurations
- SafeNet Synchronization Agent log files
- Synchronize users from Microsoft Entra ID
- SafeNet Synchronization Agent - Frequently Asked Questions
SafeNet Logging Agent
- Log event types
SafeNet Agent for FreeRADIUS
- Install SafeNet Agent for FreeRADIUS
- Download BSID and JWT Keys
- Install FreeRADIUS
- Upgrade FreeRADIUS
- Startup script
- Manual client updater
- Troubleshoot SafeNet Agent for FreeRADIUS
- Protected Extensible Authentication Protocol
SafeNet Agent for NPS
- Compatibility and Components
- NPS for RADIUS Clients
- SafeNet agent for NPS
- Install SafeNet Agent for NPS
- Uninstall SafeNet Agent for NPS
- Upgrade SafeNet Agent for NPS
- RADIUS return attributes
- Proxy server
- NPS settings
- NPS communication settings
- Authentication test
- NPS logging
- NPS localization
- PUSH notifications and NPS
- SafeNet Agent for NPS
SafeNet Agent for Windows Logon
- Installation and Configuration Overview
- System Requirements
- Windows Logon Agent - Authentication Methods
- Pre-installation
- Installing the agent
- Upgrading the agent
- Uninstalling the agent
- Deploying the agent via Group Policy Object
- Deploying the agent via Intune
- Deploying the agent via Microsoft Endpoint Configuration Manager
- Registry Settings
- Management
- Troubleshooting and Advanced Configurations
- Running the Solution
- Passwordless Windows Logon
- Pre-installation
- Customizing SafeNet Desktop Logon Application
SafeNet Agent for macOS Logon
- Pre-installation
- Installing, Configuring, Upgrading, and Uninstalling the agent
- Management
- Testing the Solution
SafeNet App Gateway
- System Requirements
- Security Recommendations
- Single Sign-On (SSO) Support for SafeNet App Gateway
- Pre-installation
- Generic Template for SafeNet App Gateway
- Oracle PeopleSoft
- Jenkins Application Configuration in SafeNet Trusted Access
- Deployment options
- Installing the Agent
- Configuring the Agent
- Upgrading and Uninstalling the Agent
- Plugin Model
- Troubleshooting
- Testing the Solution

STA documentation
SafeNet Agents
SafeNet App Gateway
Security Recommendations

Security Recommendations

Securing the SafeNet App Gateway agent installation and deployment is critical to protect sensitive data and prevent unauthorized access. Following are some best practices to ensure security:

Secure Environment

Open the following ports on the perimeter firewall to facilitate HTTPS external communication to and from the application server:

Port 443: Use this port for secure communication over the internet using the HTTPS protocol.
Port 8443 / 7443: Use this port for administrative purposes. Allow only authorized networks to access this port.

Secure Installation

Deploy a physical or virtual modern 64-bit Linux server in your perimeter network (or DMZ).
Install Docker using these instructions.
Install Docker-Compose using these instructions.

Docker Security

Do not publicly expose the Docker API. If you choose to expose the Docker API, secure it with Transport Layer Security (TLS) certificates. For more information, refer to Protect the Docker daemon socket documentation.
Train users with the user credentials security guidelines. To secure containers,
- Do not execute processes as root user.
- Run AppArmor (Application Armor) or SELinux (Security-Enhanced Linux) to enhance security by enforcing access control policies.

TLS Deployment

When securing the SafeNet App Gateway environment with TLS, it is recommended to adhere to the following guidelines:

Use a valid SSL certificate for your SafeNet App Gateway server. Acquire an SSL/TLS certificate from a trusted Certificate Authority (CA) with the fully qualified DNS name of your server (for example, yourserver.example.com), or consider using a wildcard SSL certificate.
Ensure that the TLS certificate is kept secure and not exposed.
Avoid the use of any version of SSL. Disable outdated and insecure protocols (SSLv2, SSLv3).
The SafeNet App Gateway solution supports TLS 1.2 and above, so appropriately configure it on the client machines.
Extend support for the Signaling Cipher Suite Value extension, TLS_FALLBACK_SCSV. This measure helps prevent protocol downgrade attacks on TLS.

On this page

SafeNet Trusted Access

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com