Compatibility and Components
System Requirements
Prerequisites
Microsoft .NET Framework 4.5.2 (or above) must be installed on the same computer as the SafeNet Agent for NPS.
Operating Systems
-
Windows Server 2008 R2 (64-bit)
NPS does not support TLS v1.2 on Windows Server 2008 R2 environments. To use TLS v1.2, the administrator must upgrade to Windows 2008 R2 SP1 and install the following patch: KB3140245.
-
Windows Server 2012 R2 (64-bit)
-
Windows Server 2016 (64-bit)
-
Windows Server 2022 (64-bit)
Authentication Management Platforms
-
STA
-
SAS PCE 3.9.1 and later
Authentication Protocols
The SafeNet Agent for NPS supports the following authentication protocols:
-
PAP
-
CHAP
-
MS-CHAP v2
The following restrictions apply when working in Challenge/ Response mode:
-
Tokens in Challenge/ Response mode are supported only for PAP.
-
GrIDSure tokens are supported only for PAP and MS CHAP v2. MS-CHAPv2 requires SAS PCE 3.5.1 or later.
To use GrIDSure with the SafeNet Agent for NPS, the user must utilize an external GrIDSure service (for example Self-Service Portal).
Push OTP
When logging in to a website supporting the Push OTP function, the user enters the Username, leaves the password field empty, and clicks the login button. The user will then receive a prompt on their MobilePASS+ app, to accept or reject the logon request. On accepting the logon request, the user is logged in to the website.
The SafeNet Agent for NPS will support the Push OTP function with MobilePASS+ when working with the STA as well as the SAS PCE 3.9.1 and later versions.
-
High Push OTP utilization can lower the authentication throughput in the NPS.
-
To use PUSH OTP, ensure that the agent's server can connect with the PUSH Service. If you are using a proxy with the agent's server, add IP address of the PUSH Service in the proxy.
When using Push OTP, we recommend the following settings in the RADIUS Client:
Multiple NPS servers |
Timeout: 60 seconds Retries: 1 |
Single NPS server | Timeout: 20 seconds Retries: 3 |