SafeNet MobilePASS+ for macOS
SafeNet Trusted Access (STA),SafeNet MobilePASS+,SafeNet MobilePASS+ for macOS,SafeNet Authentication Service Private Cloud Edition (SAS PCE)
Product Description
SafeNet MobilePASS+ for macOS is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for macOS is a cost-effective way for businesses to leverage the security of One Time Passwords (OTP) using mobile phones. Associated with SafeNet Trusted Access, the SafeNet MobilePASS+ for macOS application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.
For a list of existing issues as of the latest release, refer to Known Issues.
Release Description
11/27/2023
This service pack release of STA introduces the following feature:
-
Visual location display in MobilePASS+ push notifications: This feature displays a live map within push notifications to help the user identify any fraudulent push requests. Push notifications show the location from where the authentication attempt was made. Support for displaying maps is available in MobilePASS+ v2.4 and later.
09/25/2023
SafeNet MobilePASS+ for macOS v2.1.0 includes a fix for a potential issue with MobilePASS+ access on macOS 14 (Sonoma).
Users are advised to first update to MobilePASS+ for macOS v2.1.0, launch the application or perform a push authentication, and only after that update to macOS 14 (Sonoma).
07/26/2023
SafeNet MobilePASS+ for macOS v2.0 introduces the following feature:
- MobilePASS+ push with number matching: Number matching in MobilePASS+ secures push authentications to protect against MFA fatigue or push bombing attacks. Number matching gives control to the user for every login request, because they must select the number that appears during authentication. Refer to the documentation for details about how to enable this feature.
This feature is available only for MobilePASS+ v2.0 onwards.
11/09/2022
This is the first release of MobilePASS+ for macOS (v1.0.0). This release introduces the following feature:
- Support on macOS Big Sur and later
Advisory Notes
Working with SafeNet MobilePASS and SafeNet MobilePASS+
SafeNet MobilePASS for macOS and SafeNet MobilePASS+ for macOS can be used on the same device and with the same virtual server. Token enrollments are for either SafeNet MobilePASS for macOS or SafeNet MobilePASS+ for macOS. This is controlled in SafeNet Trusted Access at the virtual server level.
Push OTP
Approving a Push OTP Login Request
SafeNet MobilePASS+ for macOS tokens that are not PIN-protected can be configured to use the Enhanced Approval Workflow.
The Enhanced Approval Workflow is not available for user-selected PIN-protected tokens, server-side PIN tokens, or tokens that are not configured to support the workflow.
When the Login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ for macOS application.
Configuring STA for Enhanced Approval Workflow
To enable Enhanced Approval Workflow:
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Software Token & Push OTP Settings.
-
Select Enhanced approval workflow and click Apply.
Conditions that will trigger Enhanced Approval Workflow on a mobile device:
-
The machine must be running macOS Big Sur (11) or later
-
Enhanced Approval Workflow must be enabled on the server
-
The mobile device must be provisioned with one token only on the server-side
-
The token must not have a user-PIN or server-PIN
Push OTP Troubleshooting
If an expected push OTP request does not arrive on your mobile device, check that a network connection is present. Heavy traffic and/or service outages from the public push service provider (Apple) may result in delivery delays or disruptions. In such circumstances, use manual OTP generation to complete the authentication.
Biometric PIN
Biometric PIN Prerequisites
-
Mac or Magic Keyboard with Touch ID configured
-
Token configured in STA for biometric PIN
Activating Biometric PIN in Existing Tokens
Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.
Configuring STA for Biometric PIN (Touch ID)
-
In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates.
-
Select the SafeNet MobilePASS+ for macOS token type and click Edit.
-
In the Edit Token Template window, under PIN Policy, select User-selected PIN and then select Allow Biometric PIN.
The SafeNet MobilePASS+ for macOS token can now, following enrollment, be activated to use Touch ID.
Known Issues
This table provides a list of the known issues as of the latest release.
| Issue | Synopsis |
|---|---|
| SASMOB-5799 | Inconsistent height of token cards when masked and unmasked. |
| SASMOB-5801 | App doesn't respond to banner notification action when notification expanded and app goes from background to foreground. |
| SASMOB-5103 | Summary: For Big Sur 11.6 and other versions up to 11.6.8, push notification does not display if the user launches SafeNet MobilePASS+ from the system push notification. Workaround: Launch SafeNet MobilePASS+ from the app icon and continue the push authentication flow. |
| SASMOB-5107 | "Expired" notification and entry display after push approval is triggered in the notification center. |
| SASMOB-5129 | Selecting Continue on the push tutorial screen sometimes causes it to transition to the OTP tutorial screen. |
| SASMOB-5120 | The number of push notifications is incorrect when launching the app from the notification center if multiple push notifications are received when the app is in the minimized state. |
| SASMOB-5133 | Push approval doesn't start when the user clicks on Approval from the notification center if there are multiple push notifications for different users. |
| SASMOB-5135 | The Change PIN screen is not dismissed when a push notification arrives. |
| SASMOB-5157 | Selecting the keyboard Enter key repeatedly throughout the activation flow causes a duplicate incomplete token to display on the authenticator list. |
Compatibility Information
Operating System
- macOS Big Sur and later
BETA releases of the operating system are not supported.
Supported Authentication Servers
- SafeNet Trusted Access STA
- SafeNet Authentication Service Private Cloud Edition SAS PCE 3.17 and later