Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

SafeNet Agent for Windows Logon

System Requirements

search

System Requirements

System Requirements

Software Prerequisites

> Microsoft .NET 4.8 and above
Communication Protocols

> HTTPS

TLS 1.2 and above
Network Port

> TCP Port 443
Azure Support

> Azure AD*

> Hybrid Azure AD
Operating Systems

> Windows 10

> Windows 11

> Windows Server 2016

> Windows Server 2019

> Windows Server 2022
Supported Authentication Methods

All tokens and authentication methods currently supported by STA.
Supported Tokens in Offline Authentication Mode

> Emergency Password

> Static Password

> Event-based tokens, for example, MobilePASS (in Quick Log mode)

NOTE   Only last used event-based token is supported.

When using MobilePASS+, the Push OTP feature does not work, but standard One Time Password (OTP) authentication works.

The agent is compatible with the Microsoft native FDE tool, BitLocker.

* Limitations for Azure AD joined machines

  • The Exempt Local/Domain Administrator strong authentication does not work with pure Azure AD joined machines for domain admins. However, this feature works as expected for the local admins.

  • The Group Filter feature does not work with pure Azure AD joined machines for domain groups. However, this feature works as expected for the local groups.

  • Third-party federation services with Azure AD joined machines are not supported.

Supported Use Cases
Windows Logon Functions Description Supported by WLA?
Interactive The security principal is logging on interactively. Yes
Unlock The logon is an attempt to unlock a workstation. Yes
RemoteInteractive A terminal server session that is both remote and interactive. Yes
CachedInteractive Attempt to use the cached credentials without going out across the network. Yes
Network The security principal is logging using a network. No
Batch The logon is for a batch process. No
NetworkCleartext The logon is a network logon with plaintext credentials. No
NewCredentials Allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identity but uses different credentials for other network connections. No
Service The logon is for a service account. No