SafeNet MobilePASS+ for Android
Product Description
SafeNet MobilePASS+ for Android is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for Android is a cost-effective way for businesses to leverage the security of One-Time Passwords (OTP) using mobile phones. Associated with STA, the SafeNet MobilePASS+ for Android application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.
For a list of existing issues as of the latest release, refer to Known Issues.
Release Description
11/27/2023
This service pack release of STA introduces the following feature:
-
Visual location display in MobilePASS+ push notifications: This feature displays a live map within push notifications to help the user identify any fraudulent push requests. Push notifications show the location from where the authentication attempt was made. Support for displaying maps is available in MobilePASS+ v2.4 and later.
07/19/2023
SafeNet MobilePASS+ for Android v2.5.0 introduces the following feature:
- MobilePASS+ push with number matching: Number matching in MobilePASS+ secures push authentications to protect against MFA fatigue or push bombing attacks. Number matching gives control to the user for every login request, because they must select the number that appears during authentication. Refer to the documentation for details about how to enable this feature.
This feature is available only for MobilePASS+ v2.5.0 onwards.
01/23/2023
SafeNet MobilePASS+ for Android v2.4.0 introduces the following features:
Third-party authenticator support with MobilePASS+: Allows users to enroll third-party authenticators for different web applications to protect their personal and professional accounts. See the documentation for details.
Improved logging: Enhanced logging and error codes in MobilePASS+ for better troubleshooting and investigation.
07/20/2022
SafeNet MobilePASS+ for Android v2.3.1 resolves the issue listed below:
| Issue | Synopsis |
|---|---|
| SASMOB-4929 | SafeNet MobilePASS+ for Android resolves crash issues experienced by a limited set of users. |
07/03/2022
SafeNet MobilePASS+ for Android v2.3.0 introduces the following features and resolves the issue listed below:
-
Standards-based accessibility support: Enhanced accessibility support provides full functionality of SafeNet MobilePASS+ via voiceover, narrator, or keyboard navigation based on WCAG standards.
-
Italian language support
Resolved Issue
| Issue | Synopsis |
|---|---|
| SAS-53072 | Push notifications are correctly received. |
04/18/2022
SafeNet MobilePASS+ for Android v2.2 introduces the following feature:
- Support for Chrome OS self-provisioning – Allows users to enroll MobilePASS+ on Chrome OS as part of the authentication flow, when they need it for the first time. Requires Chrome OS devices capable of running Android apps.
12/08/2021
SafeNet MobilePASS+ for Android v2.2 introduces the following feature:
- Support for Chrome OS: Allows you to use SafeNet MobilePASS+ for Android on Chrome OS with user experience adaptations for the laptop form factor. This feature requires Chrome OS devices capable of running Android applications.
10/07/2021
SafeNet MobilePASS+ for Android v2.1 introduces the following feature and resolves the issue listed below:
- Dutch language support
Resolved Issue
| Issue | Synopsis |
|---|---|
| SASMOB-4229 | SafeNet MobilePASS+ for Android opens correctly on devices configured for the Arabic language. |
09/22/2021
SafeNet MobilePASS+ for Android v2.0.2 resolves the issue listed below:
| Issue | Synopsis |
|---|---|
| SASMOB-4214 | SafeNet MobilePASS+ for Android opens correctly. |
09/17/2021
SafeNet MobilePASS+ for Android v2.0.1 resolves the issue listed below:
| Issue | Synopsis |
|---|---|
| SASMOB-4213 | SafeNet MobilePASS+ for Android opens correctly after reinstallation. |
08/30/2021
SafeNet MobilePASS+ for Android v2.0 introduces the following features and resolves the issues listed below:
-
Enhanced user experience - Next generation mobile authenticator offering the best-in-class user-experience and native user interface for each platform.
-
Language support for German, Chinese, and simplified Chinese - now supports German and Chinese in addition to the existing supported languages.
-
Risk detection – Monitors and displays risk parameters associated with devices in the customer’s environment. These parameters include OS jailbreak and root status, OS versions in use, possible application tampering, and malware intrusion in order to detect potential risk to the authenticator's integrity. Refer to the documentation for further details.
-
Push authentication history - Users can now access their push authentication history on under the authenticator settings.
-
Support for dark mode - now supports dark mode when it is enabled on the user’s mobile device.
-
Face recognition support for Android - now fully supports Face recognition to be used as a biometric PIN for the enrolled authenticator.
-
Unlimited authenticators - no longer limits the number of authenticators that can be enrolled.
Resolved Issues
| Issue | Synopsis |
|---|---|
| ASCO-13569 | Tokens enroll successfully. |
| SASMOB-2708 | Push notifications are successfully approved from the notification bar. |
| SASMOB-263 | Auto-enrollment proceeds correctly whether or not special characters (ö, ä or ü) are included in virtual server names. |
Advisory Notes
Any user-PIN/biometric-PIN enabled tokens enrolled before SafeNet MobilePASS+ for Android 1.7.0 must be unlocked between v1.7.0 and v1.9.1 at least once before upgrading to SafeNet MobilePASS+ for Android 2.0 to ensure the successful migration of existing tokens.
Passcodes Displayed on the Main Token List
Time-based Passcode (TOTP)
OTP is automatically displayed and refreshed once the token is unlocked (if relevant).
Event-Based Passcode (HOTP)
OTP is generated only on demand, once the token is unlocked (if relevant). This prevents a loss of sync between client and server.
Challenge-Response
OTP is generated only when then challenge entered, once the token is unlocked (if relevant).
Device Limitation
On the Xiaomi MI Pad Tablet, the Push Notification might not be received if the MobilePASS+ application is not running.
Biometric PIN
Biometric PIN Prerequisites
-
Android 6 or later
-
Device with Nexus Imprint
-
Token configured in STA for Biometric PIN
Activating Biometric PIN in Existing Tokens
Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.
Configuring STA for Biometric PIN (Fingerprint)
-
From the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates.
-
Select MobilePASS from the drop-down list and click Edit.
-
Select Allow Biometric PIN and click Apply.
Working with SafeNet MobilePASS and SafeNet MobilePASS+
SafeNet MobilePASS for Android and SafeNet MobilePASS+ for Android can be used on the same device and with the same virtual server. New token enrollments are for either SafeNet MobilePASS for Android or SafeNet MobilePASS+ for Android. This is controlled in STA at the virtual server level.
Push OTP
Approving a Push OTP Login Request
SafeNet MobilePASS+ for Android tokens that are not PIN-protected or are configured to work with a server-side or user-selected PIN can be configured to use the Enhanced Approval Workflow.
The Enhanced Approval Workflow is not available for tokens that are not configured to support the workflow.
When the Login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ for Android application.
| Token Configuration | Notification Location | Action to Approve the Push OTP Login Request |
|---|---|---|
| Approving a Push OTP login request with standard approval workflow |
Android locked screen | Do one of the following:
|
| SafeNet MobilePASS+ for Android application |
Note: If there are multiple login requests pending, tapping the Pending Notification bar will prompt the user to approve or deny the most recent notification. Earlier notifications will remain in the bar. |
|
| Approving a Push OTP login request with enhanced approval workflow |
Android locked screen |
|
| SafeNet MobilePASS+ for Android application |
In the Login Request From window, tap Approve. |
Configuring STA for Enhanced Approval Workflow
To maintain compatibility with SafeNet MobilePASS+ Android and iOS versions earlier than 1.4, do not select Enhanced Approval Workflow.
To enable Enhanced Approval Workflow:
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Software Token & Push OTP Settings.
-
Select Enhanced approval workflow and click Apply.
Push OTP Troubleshooting
If an expected push OTP request does not arrive on your mobile device, we suggest the following steps:
-
Check that a network connection is present. Heavy traffic and/or service outages from the public push service provider (Google) may result in delivery delays or disruptions.
-
If the OTP request still fails to arrive, use manual OTP generation to complete the authentication.
QR Code Enrollment
Configuring STA for QR Code Enrollment
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Automation Policies > Self-Enrollment Policy.
-
Select Enable Multi-Device Instructions.
-
Select Display QR Code.
-
Click Apply.
The enrollment email sent to the user will include a link to the page on the STA Self Service Module where the QR code is displayed.
The QR code will display only if a supported device is selected in the device selection drop down menu.
Known Issues
This table provides a list of the known issues as of the latest release.
| Issue | Synopsis |
|---|---|
| SASMOB-4911 | When MobilePASS+ is not focused, the push notification won't dismiss after push expiration on Chromebook. |
| SASMOB-4910 | MobilePASS+ random crashes when download enrollment logs on Android 11 based Chromebook. |
| SASMOB-4908 | Push notification still shows when it expires if device screen is locked. |
| SASMOB-4874 | Screen resizing issue for Android 11 based Chromebooks. |
| SASMOB-4870 | Potential delay in approving the push for TOTP tokens if multiple pushes were triggered within the same time window. |
| SASMOB-4168 | When migration occurs, order of original enrollment is not preserved. |
| SASMOB-4124 | Unlimited pins aren't handled well by SDK. |
Compatibility Information
Operating System
- Android 8.0 and later
BETA releases of the operating system are not supported.
Supported Authentication Servers
- STA
- SAS PCE 3.12 or later