Your suggested change has been received. Thank you.


Suggest A Change….


Release notes

SafeNet MobilePASS+ for iOS


SafeNet MobilePASS+ for iOS

SafeNet MobilePASS+ for iOS


Product Description

SafeNet MobilePASS+ for iOS is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for iOS is a cost-effective way for businesses to leverage the security of One Time Passwords (OTP) using mobile phones. Associated with STA, the SafeNet MobilePASS+ for iOS application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.

For a list of existing issues as of the latest release, refer to Known Issues.

Release Description


This service pack release of STA introduces the following feature:

  • Visual location display in MobilePASS+ push notifications: This feature displays a live map within push notifications to help the user identify any fraudulent push requests. Push notifications show the location from where the authentication attempt was made. Support for displaying maps is available in MobilePASS+ v2.4 and later.

    Map in push notification map and details in push notification


SafeNet MobilePASS+ for iOS v2.5.3 resolves the issue listed below.

Users are advised to first update to MobilePASS+ for iOS v2.5.3, launch the application or perform a push authentication, and only after that update to iOS 17.

Issue Synopsis
SASMOB-5863 MobilePASS+ launches and generates OTPs as expected after the iOS 17 update.


SafeNet MobilePASS+ for iOS v2.5.2 resolves the following issue:

Issue Synopsis
SASMOB-5905 MobilePASS+ enrollment proceeds correctly in custom domains.


SafeNet MobilePASS+ for iOS v2.5.1 resolves the following issue:

Issue Synopsis
SASMOB-5901 MobilePASS+ push notifications correctly display the Approve and Deny buttons.


SafeNet MobilePASS+ for iOS v.2.5.0 introduces the following feature:

  • MobilePASS+ push with number matching: Number matching in MobilePASS+ secures push authentications to protect against MFA fatigue or push bombing attacks. Number matching gives control to the user for every login request, because they must select the number that appears during authentication. Refer to the documentation for details about how to enable this feature.

This feature is available only for MobilePASS+ v2.5.0 onwards.


SafeNet MobilePASS+ for iOS v2.4.0 introduces the following features:

  • Third-party authenticator support with MobilePASS+: Allows users to enroll third-party authenticators for different web applications to protect their personal and professional accounts. See the documentation for details.

  • Improved logging: Enhanced logging and error codes in MobilePASS+ for better troubleshooting and investigation.


SafeNet MobilePASS+ for iOS v2.3.1 resolves the following issue:

Issue Synopsis
SASMOB-5114 MobilePASS+ for iOS enrollment works correctly now.


SafeNet MobilePASS+ for iOS v2.3.0 introduces the following features:

  • Standards-based accessibility support: Enhanced accessibility support provides full functionality of SafeNet MobilePASS+ via voiceover, narrator, or keyboard navigation based on WCAG standards.

  • Italian language support


SafeNet MobilePASS+ for iOS v2.2.1 resolves the following issue:

Issue Synopsis
SASMOB-4761 MobilePASS+ token enrollments proceed correctly on the latest iPad OS versions.


SafeNet MobilePASS+ for iOS v2.2.0 introduces the following feature:

  • Support for Apple Watch – MobilePASS+ for iOS now supports Apple Watch to run as a companion app, allowing users to respond to push authentication requests and generate OTPs on the watch. Apple Watch wrist detection capability is used as a second biometric authentication factor.


SafeNet MobilePASS+ for iOS v2.1 introduces the following feature and resolves the issue listed below:

  • Dutch language support

Resolved Issue

Issue Synopsis
SASMOB-4206 Voice-over functions correctly.


SafeNet MobilePASS+ for iOS v2.0 introduces the following features:

  • Enhanced user experience - Next generation mobile authenticator offering the best-in-class user-experience and native user interface for each platform.

  • Language support for German, Chinese, and simplified Chinese - SafeNet MobilePASS+ for iOS now supports German and Chinese in addition to the existing supported languages.

  • Risk Detection – Monitors and displays risk parameters associated with SafeNet MobilePASS+ for iOS devices in the customer’s environment. These parameters include OS jailbreak and root status, OS versions in use, possible application tampering, and malware intrusion in order to detect potential risk to the authenticator's integrity. Refer to the documentation for further details.

  • Push Authentication History - Users can now access their push authentication history on SafeNet MobilePASS+ for iOS under the authenticator settings.

  • Support for Dark Mode - SafeNet MobilePASS+ for iOS now supports dark mode when it is enabled on the user’s mobile device.

  • Unlimited Authenticators - SafeNet MobilePASS+ for iOS no longer limits the number of authenticators that can be enrolled.

Any user-PIN/biometric-PIN enabled tokens enrolled before SafeNet MobilePASS+ for iOS 1.7.0 must be unlocked between v1.7.0 and v1.9.1 at least once before upgrading to SafeNet MobilePASS+ for iOS 2.0 to ensure the successful migration of existing tokens.

Advisory Notes

Apple Watch to be Supported in an Upcoming Release

SafeNet MobilePASS+ for iOS does not support Apple Watch. Users who have experimented with this functionality currently find that they can see the notification on their watch but cannot complete the approval flow. Thales is working to enable full functionality in an upcoming release.

Working with SafeNet MobilePASS and SafeNet MobilePASS+

SafeNet MobilePASS for iOS and SafeNet MobilePASS+ for iOS can be used on the same device and with the same virtual server. Token enrollments are for either SafeNet MobilePASS for iOS or SafeNet MobilePASS+ for iOS. This is controlled in STA at the virtual server level.

Push OTP

Approving a Push OTP Login Request

SafeNet MobilePASS+ for iOS tokens that are not PIN protected or are configured to work with a server-side PIN can be configured to use the Enhanced Approval Workflow.

The Enhanced Approval Workflow is not available for user-selected PIN protected tokens or for tokens that are not configured to support the workflow.

When the Login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ for iOS application.

Token Configuration Notification Location Action to Approve the Push OTP Login Request
Approving a Push OTP Login Request with standard approval workflow iOS Locked Screen

Do one of the following:

  • Swipe the notification from right to left to expand it and tap APPROVE.
  • Single tap on the notification to open the login request in SafeNet MobilePASS+ for iOS, review the login request information, and tap APPROVE.
iOS Unlocked Screen or within another Application
  1. Tap the Pending Notification bar.
  2. Tap APPROVE.
Approving a Push OTP Login Request with Enhanced Approval Workflow iOS Locked Screen
  1. Tap the Login request notification.
  2. Tap APPROVE.
  3. If your device is password protected, enter the passcode.
iOS Unlocked Screen or within another Application
  1. Tap on the notification to open the login request in SafeNet MobilePASS+ for iOS.
  2. Review the login request information.
  3. Tap APPROVE.
SafeNet MobilePASS+ for iOS Application In the Login Request Form window, tap Approve.

Configuring STA for Enhanced Approval Workflow

To maintain compatibility with SafeNet MobilePASS+ Android and iOS versions earlier than 1.4, do not select Enhanced Approval Workflow.

To enable Enhanced Approval Workflow:

  1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Software Token & Push OTP Settings.

  2. Select Enhanced approval workflow and click Apply.


Conditions that will trigger Enhanced Approval Workflow on a mobile device:

  • Enhanced Approval Workflow must be enabled on the server

  • The mobile device must be running iOS 10 or later

  • The mobile device must be provisioned with one token only on the server-side

  • The token must not have a user-PIN

Push OTP Troubleshooting

If an expected push OTP request does not arrive on your mobile device, check that a network connection is present. Heavy traffic and/or service outages from the public push service provider (Apple) may result in delivery delays or disruptions. In such circumstances, use manual OTP generation to complete the authentication.

Configuring STA for QR Code Enrollment

  1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Automation Policies > Self-Enrollment Policy.

  2. Select Enable Multi-Device Instructions.

  3. Select Display QR Code.

  4. Click Apply.

The enrollment email sent to the user will include a link to the page on the STA Self Service Module where the QR code is displayed.

The QR code will display only if a supported device is selected in the device selection drop down menu.

Biometric PIN

Biometric PIN Prerequisites

  • iOS 13 or later

  • Token configured in STA for biometric PIN

Activating Biometric PIN in Existing Tokens

Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.

Configuring STA for Biometric PIN (Touch ID and Face ID)

  1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates.

  2. Select the SafeNet MobilePASS+ for iOS token type and click Edit.

  3. In the Edit Token Template window, under PIN Policy, select User-selected PIN and then select Allow Biometric PIN.

The SafeNet MobilePASS+ for iOS token can now, following enrollment, be activated to use Touch ID.

Known Issues

This table provides a list of the known issues as of the latest release.

Issue Synopsis
SASMOB-5797 Clicking anywhere other than the OTP, gear, and refresh icons triggers the next OTP generation.
SASMOB-5794 The pending login request banner is not showing up on the change provider and account name screen, not pending login request banner.
SASMOB-5595 Auto unlock doesn't always happen when relaunching the app from the background.
SASMOB-5581 Unable to see the account name field on the key confirmed page in iPad landscape mode.
SASMOB-4884 Fraudulent request dialog doesn't dismiss after push expires if you have multiple login request.
SASMOB-4856 Voice over reads pending login request message after approving push.
SASMOB-4846 When iPad is in landscape mode, the heading of welcome screen is unable to show if large text is on.
SASMOB-4844 Push bottom sheet text scaling on iOS 13 truncates when text is too long.
SASMOB-4841 Touch ID authentication dialog sometimes repeatedly pops up when unlock a token.
SASMOB-4840 Error message in PIN validation is not obvious when scaled large enough especially in small devices.
SASMOB-4838 Expiration dialog doesn’t show up if push sheet is in minimized state.
SASMOB-4837 Authentication dialog comes on top of QR view after the app is brought from background.
SASMOB-4832 Authenticator Card on iPhone SE 1st Gen goes edge to edge instead of having horizontal padding during text scaling.
SASMOB-4193 Responding to push authentication on a deleted authenticator does not display a toast message as described.
SASMOB-4159 Summary: The app crashes when placed in the background during enrollment of a server PIN token.
SAS-21916 Summary: OCRA tokens prevent non-OCRA tokens from performing authentication.

Compatibility Information

Operating System

  • iOS 13 and later

BETA releases of the operating system are not supported.

Supported Authentication Servers

  • STA
  • SAS PCE 3.12 or later