Your suggested change has been received. Thank you.

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All
CipherTrust Manager
CipherTrust Application Data Protection (CADP)
CipherTrust Application Key Management (CAKM)
CipherTrust Batch Data Transformation (BDT)
CipherTrust Cloud Key Management (CCKM)
CipherTrust Data Discovery and Classification (DDC)
CipherTrust Data Protection Gateway (DPG)
CipherTrust Database Protection (CDP)
CipherTrust Intelligent Protection (CIP)
CipherTrust Integrations
CipherTrust Migrations
CipherTrust RESTful Data Protection (CRDP)
CipherTrust Transparent Encryption (CTE)
CipherTrust Transparent Encryption Userspace (CTE-U)
CipherTrust Secrets Management (CSM)
CipherTrust Vaulted Tokenization (CT-V)
CipherTrust Vaultless Tokenization (CT-VL)
CTE-Linux
CTE-Windows
CTE-AIX
CTE-K8s
CTE-U
Crypto Command Center
Data Protection on Demand
Luna Cloud HSM
Luna Network HSM
Luna PCIe HSM
Luna USB HSM
OneWelcome Identity Platform
ProtectApp LUKS
ProtectServer 2 HSM
ProtectServer 3 HSM
SafeNet Trusted Access (STA)
SafeNet MobilePASS+
SafeNet MobilePASS+ for Android
SafeNet MobilePASS+ for Chrome
SafeNet MobilePASS+ for macOS
SafeNet MobilePASS+ for iOS
SafeNet MobilePASS+ for WatchOS
SafeNet MobilePASS+ for Windows
SafeNet Synchronization Agent
SafeNet Logging Agent
SafeNet Agent for FreeRADIUS
SafeNet Agent for NPS
SafeNet Agent for Windows Logon
SafeNet Authentication Service Private Cloud Edition (SAS PCE)
SafeNet Remote Logging Agent
SafeNet Keycloak Agent
SafeNet IDPrime Virtual (IDPV)
SafeNet FIDO Key Manager
SafeNet FIDO Key Manager for Android
SafeNet FIDO Key Manager for iOS
SafeNet FIDO Key Manager for Windows

SafeNet Synchronization Agent

Install SafeNet Synchronization Agent

SafeNet Agents
SafeNet Synchronization Agent
- Install SafeNet Synchronization Agent
- LDAP synchronization server
- SafeNet Synchronization Agent for LDAP
- Configure for SQL
- Synchronization groups
- AD password synchronization
- Grant synchronization permission
- Transaction and synchronization details
- View the LDAP schema
- Aliases 3 and 4
- Configuration options
- Event notifications
- Browse the user source
- Start and stop SafeNet Synchronization Agent
- Backup or restore configurations
- SafeNet Synchronization Agent log files
- Synchronize users from Microsoft Entra ID
- SafeNet Synchronization Agent - Frequently Asked Questions
SafeNet Logging Agent
- Log event types
SafeNet Agent for FreeRADIUS
- Setting up FreeRADIUS API for SAS PCE/SPE
- Download BSID and JWT Keys
- Install FreeRADIUS
- Upgrade FreeRADIUS
- Startup Script
- Manual Client Updater
- Troubleshoot SafeNet Agent for FreeRADIUS
- About Protected Extensible Authentication Protocol
SafeNet Agent for NPS
- Compatibility and Components
- NPS for RADIUS Clients
- SafeNet agent for NPS
- Install SafeNet Agent for NPS
- Uninstall SafeNet Agent for NPS
- Upgrade SafeNet Agent for NPS
- RADIUS return attributes
- Proxy server
- NPS settings
- NPS communication settings
- Authentication test
- NPS logging
- NPS localization
- PUSH notifications and NPS
- SafeNet Agent for NPS
SafeNet Agent for Windows Logon
- Installation and Configuration Overview
- System Requirements
- Windows Logon Agent - Authentication Methods
- Pre-installation
- Installing the agent
- Upgrading the agent
- Uninstalling the agent
- Deploying the agent via Group Policy Object
- Deploying the agent via Intune
- Deploying the agent via Microsoft Endpoint Configuration Manager
- Registry Settings
- Management
- Troubleshooting and Advanced Configurations
- Running the Solution
- Passwordless Windows Logon
- Passwordless Setup
- Customizing SafeNet Desktop Logon Application
- Annexure
SafeNet Agent for macOS Logon
- Pre-installation
- Installing, Configuring, Upgrading, and Uninstalling the agent
- Management
- Testing the Solution
SafeNet App Gateway
- System Requirements
- Security Recommendations
- Single Sign-On (SSO) Support for SafeNet App Gateway
- Pre-installation
- Generic Template for SafeNet App Gateway
- Oracle PeopleSoft
- Jenkins Application Configuration in SafeNet Trusted Access
- Deployment options
- Installing the Agent
- Configuring the Agent
- Upgrading and Uninstalling the Agent
- Plugin Model
- Troubleshooting
- Testing the Solution

STA documentation
SafeNet Agents
SafeNet Synchronization Agent
Install SafeNet Synchronization Agent

Install SafeNet Synchronization Agent

The SafeNet Synchronization Agent installation package can be found from the STA Token Management or SAS PCE console at Snapshot > References.

alt_text

After you install and configure the agent, you must also grant synchronization permission in STA or SAS PCE.

When you finish configuring the agent, you can monitor the log files, view transaction and synchronization details, and set up event notifications.

Install SafeNet Synchronization Agent

From an administrator account on the client organization's computer, download and run the SafeNet Synchronization Agent installation package.

Note
Install SafeNet Synchronization Agent on a server within the client organization's secure network that is separate from their LDAP or SQL Active Directory server.

When the process completes, the InstallShield Wizard Completed window displays.
Select Finish to exit the installation wizard.

Upgrade SafeNet Synchronization Agent

To upgrade, launch the SafeNet Synchronization Agent installer file. It is not necessary to stop the service.

If the installer file detects a MySQL configuration without a .NET Connector, a warning is displayed:

alt_text

Upgrade multiple redundant agents

You can synchronize a SafeNet LDAP sync server through multiple Synchronization Agents that are configured with the same groups and attribute mappings.

To upgrade multiple agents:

Stop all but one SafeNet Synchronization Agent.
Upgrade this one agent (which can still be running) and then start it.
Upgrade another agent and then start it, until all agents have been upgraded.

Synchronize UPN for use as a SAML return attribute

The User Principal Name (UPN) attribute, shown in the accompanying figure, can be synchronized from the AD with SafeNet Synchronization Agent version 3.5.1 (or later). This attribute can then be used as a return attribute for SAML authentication in STA or SAS PCE v3.5.1 (or later).

alt_text

After SafeNet Synchronization Agent is upgraded to version 3.6.0 (or later) and the default AD schema is used, the UPN automatically synchronizes for all users on the first sync after the upgrade. The amount of time for this first synchronization to complete can be noticeable, depending on the number of users.

If you are using a custom AD schema and you want to synchronize the UPN attribute from the AD, you need to manually add this attribute in SafeNet Synchronization Agent. (The custom schema configuration should match UPN mapping in the default AD schema.)

On this page

Install SafeNet Synchronization Agent
Upgrade SafeNet Synchronization Agent
- Upgrade multiple redundant agents
- Synchronize UPN for use as a SAML return attribute

SafeNet Trusted Access

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Print

Suggest An Edit

Download this Page

Download Project

Copy Link

Copy Link

Copy Link

Copy Link