Management

Use the SafeNet Logon Configuration to configure various options available within the agent. To configure settings, the following tabs are available:

• Settings
• Offline
• Logs

Settings

This tab deals with the connection options for the SafeNet server.

Choose Authentication Options

Authentication options are used in the process of authenticating information received from authentication sources.

• Turn on agent: This option is used to enable or disable the agent.

  Default: Disabled

• Bypass strong authentication for domain administrators: This option allows the following user groups to be exempt from SafeNet authentication during login.

  – Domain Admins

  – Administrators

  – Enterprise Admins

  – Schema Admins

  – DNS Admins

  Note

  • Nested groups are not supported.
  • Local Admins cannot be exempted from OTP.

  Default: Enabled

• Allow use of emergency passwords: This feature allows to authenticate using an emergency password in offline mode.

  Default: Enabled

• Automatically trigger MobilePASS+ Push, GrIDsure or SMS/Email authentication: Select this option to trigger the automatic challenge. If this option is not selected, the user must submit an empty passcode manually for using MobilePASS+ Push , GrIDsure or SMS/Email authentication.

  Default: Enabled

Submit the username in the following format

Select any of the following format, based on the user synchronization between AD and STA:

• username: Selecting this option validates the username that is synced in STA.

  Default: Enabled

• domain\username(NetBIOS format): Select if the username exists in STA with the prefix domain\.

  Default: Disabled

• username@domain.com (UPN format): Select if the username exists in STA with the suffix @domain.

  Default: Disabled

  Note

  After upgrade, the latest version of the MLA agent will reset the username format to default (username).

Load your Configuration File

• STA configuration: [Default] This option enables the configuration of macOS Logon agent using STA. It requires a unique agent configuration file.
  • Configuration file: Use this setting to select the agent configuration file, which you have previously downloaded in the pre-installation. section in STA. Click Browse to specify the location of the agent’s configuration file.
• SAS PCE configuration: This is a setting to configure the agent for SAS PCE. This is not applicable for the STA customers.

Check Connectivity

Under this section, click Test to run a communication test to verify the connection to STA.

Test Authentication

This allows administrators to test authentication between the agent and STA.

Apply Agent Settings

Click Apply/Ok for saving the agent settings. If it is the first time testing the authentication, a confirmation dialog will be displayed. If the authentication is not tested previously, the below pop-up is displayed:

If you click Apply anyway, a dialog box prompting administrator password will be displayed.

Offline

The Offline tab deals with the end-user offline authentication settings. It displays the current amount of offline authentication attempts, allows for the customization of the minimum warning notification threshold, and the ability to replenish manually the offline OTP store.

Offline Authentication Settings

The SafeNet Agent for macOS Logon allows users to log in to their workstations when STA is not available. It deals with the following end-user offline authentication settings:

• Remaining offline authentication: The number of SafeNet authentication available before the user must authenticate against STA or perform a manual replenish. The offline authentication value is a global configuration setting configured within the Policy Admin, Authentication Policy section of the STA Manager.

  Default: 100

• Minimum offline threshold: The user will see a warning to authenticate against STA or perform a manual replenish if this value is reached.

  The value may range between 5 and 99.

  Default: 10

Manually Replenish

The offline store is automatically replenished when a user returns and logs in to the corporate network. If the offline store expires while the user is still at a remote location, the Manually Replenish option allows a user to refill their offline authentication store remotely.

To replenish an offline authentication store manually, perform the following steps:

1. Establish a VPN connection to the corporate network.

2. Open the SafeNet Agent for macOS Logon Configuration tool as an administrator.

3. Enter your SafeNet credentials in the Username and Passcode field, and click Authenticate.

4. The SafeNet Agent for macOS Logon contacts STA to verify the logon credentials. If the credentials are valid, the offline authentication is restored, otherwise, the user will receive a warning message to retry the authentication attempt.

Logs

This tab depicts the logging level and specifies the log file location.

Log Level

This setting is used to adjust the logging level. Each log message has an associated LogLevel, which depicts the importance and urgency of the message. The logs are maintained according to the set LogLevel. For log levels 1, 2, and 3, only the initial connection between the agent and the server, and any failed connection attempts are logged.

Drag the pointer on the Logging level adjustment scale to the required level:

• 1 – Critical: [Only critical] Very severe error events that might cause the application to terminate.

• 2 – Error: [Critical and errors] Error events that prevent normal program execution, but might still allow the application to continue running.

• 3 – Warning: [Critical, errors, and warnings] Potentially harmful error events.

• 4 – Info: [Critical, errors, warnings, and information messages] Informational error events that highlight the progress of the application. (Default)

• 5 – Debug: [All available information] Detailed tracing error events that are useful to debug an application. (Recommended)

Log File Location

It specifies the location where the log files are saved. The Log files are stored at a fixed location (/usr/local/thales/MLA/log).