Install SafeNet Synchronization Agent
The SafeNet Synchronization Agent installation package can be found from the STA Token Management or SAS PCE console at Snapshot > References.
After you install and configure the agent, you must also grant synchronization permission in STA or SAS PCE.
When you finish configuring the agent, you can monitor the log files, view transaction and synchronization details, and set up event notifications.
Install SafeNet Synchronization Agent
-
From an administrator account on the client organization's computer, download and run the SafeNet Synchronization Agent installation package.
Install SafeNet Synchronization Agent on a server within the client organization's secure network that is separate from their LDAP or SQL Active Directory server.
When the process completes, the InstallShield Wizard Completed window displays.
-
Select Finish to exit the installation wizard.
Upgrade SafeNet Synchronization Agent
To upgrade, launch the SafeNet Synchronization Agent installer file. It is not necessary to stop the service.
If the installer file detects a MySQL configuration without a .NET Connector, a warning is displayed:
Upgrade multiple redundant agents
You can synchronize a SafeNet LDAP sync server through multiple Synchronization Agents that are configured with the same groups and attribute mappings.
To upgrade multiple agents:
-
Stop all but one SafeNet Synchronization Agent.
-
Upgrade this one agent (which can still be running) and then start it.
-
Upgrade another agent and then start it, until all agents have been upgraded.
Synchronize UPN for use as a SAML return attribute
The User Principal Name (UPN) attribute, shown in the accompanying figure, can be synchronized from the AD with SafeNet Synchronization Agent version 3.5.1 (or later). This attribute can then be used as a return attribute for SAML authentication in STA or SAS PCE v3.5.1 (or later).
After SafeNet Synchronization Agent is upgraded to version 3.6.0 (or later) and the default AD schema is used, the UPN automatically synchronizes for all users on the first sync after the upgrade. The amount of time for this first synchronization to complete can be noticeable, depending on the number of users.
If you are using a custom AD schema and you want to synchronize the UPN attribute from the AD, you need to manually add this attribute in SafeNet Synchronization Agent. (The custom schema configuration should match UPN mapping in the default AD schema.)