Applications
On the STA Access Management console, you can configure SafeNet Trusted Access (STA) as the identity provider (IdP) that provides authentication services for your applications. You set up and manage these application integrations on the Applications tab.
When an application is integrated with STA, the application directs all access traffic to STA for authentication and authorization. STA authenticates the user and then checks whether the user is assigned to the application. STA grants access only if the user meets the authentication requirements that are defined in the applicable STA policy and is assigned to the application in STA.
When a user accesses an application, they are in a single sign-on (SSO) session for applications. This SSO session is bound by the same SSO timeout rules as any other SSO sessions.
The types of applications that you can integrate and manage in STA include:
-
Custom SAML or OIDC applications that are integrated with the generic template, such as custom applications
-
User portal: By default, the user portal is already configured and assigned to all users. You can restrict access to the user portal.
STA includes a library of templates for integrating SAML and OIDC applications, and a generic template for integrating applications for which no specific template is available, such as custom SAML or OIDC applications. You can view the list of SAML and OIDC integration templates and find help for each template in the Thales Application Catalog.
After you configure applications, you can share the applications with other virtual servers that you manage.
How your users log in to applications
Your users can log in to an application either from the application login page or from the user portal. In the user portal, users see icons for only the applications that they are assigned.
After initiating access to an application, STA determines which policies and scenarios apply and authenticates the user accordingly. If a user is authenticated and is authorized to access an application, then the STA policies and scenarios apply.
When a user accesses an application, they see the STA user login screen, where they log in to the application using their STA credentials.
Users can select the language that is used on the STA login screens. STA supports a number of languages, including English, French, German, and more. By default, STA uses the language preferences that are set in the user's browser to determine which language to display on the login screen. STA uses the highest-ranking language for which it has a translation. If STA does not have a translation for any of the preferred languages, it uses English.
You can customize the appearance of the user login page and customize the text on the login screens for all languages.
Manage applications in STA
On the Applications tab, you can manage applications as follows:
Add an application in STA
You can add the following types of applications:
-
User portal: By default, the user portal is already included in the list of applications, but you must configure it for your users.
Assign groups of users to an application
You assign an application to users to grant those users with the authorization to access the application. If an application is not assigned to a user, then STA blocks access to the application.
You can assign an application to all users or to specific user groups. An individual user can access the applications that are assigned to all users, or to groups that they are a member of.
If a user is authorized to access an application, the STA authentication flow that is dictated by the applicable policy, scenario, and state of the Single Sign-On (SSO) session applies.
Ensure that users who need access to web applications can use single sign-on (SSO).
-
On the STA Access Management console, select the Applications tab.
-
In the Applications list, select the application.
-
In the application details panel, click the Assign tab.
-
Under Assign to Users, select one of the options:
-
No users (Default)
-
All users
-
-
Users from any of these user groups: Enter the group names in the text box.
-
Click Save Configuration.
An Application Assignment entry is added to the audit log each time an application assignment is saved.
View configured applications in STA
The Applications tab lists the applications for an account, and indicates whether they active or inactive.
-
On the STA Access Management console, select the Applications tab.
The applications that are listed may be either active or inactive:
-
An active application is ready for immediate use.
-
An inactive application has not yet been completely configured and is not available to users.
-
Display the group or user assignments for an application
-
On the STA Access Management console, select the Applications tab, and then select the application.
-
In the application details panel, select the Assign tab.
If a group that was assigned to the application no longer exists, then that group is no longer listed on the Assign tab.
Rename an application in STA
You can change the name of the application that is displayed in the following locations:
-
User portal: The application name is displayed to all users who are assigned the application.
-
Dashboard tab: The application name is displayed under Access Attempts: per Application.
-
Users tab: The application name is displayed in the list of assigned applications for users who are assigned to the application.
-
Applications tab: The application name is displayed in the list of configured applications.
-
Policies tab: The application name is displayed in the scope section of any policy that lists the application.
-
Events tab: The application name is displayed in the access and audit logs. The logs that precede a name change retain the former name.
-
Access Logs: The application name is displayed for access attempts that are directed at the application.
-
Audit Logs: The logs record the name change as an update to the application.
To rename an application:
-
On the STA Access Management console, select Applications tab, and in the list of applications, select the application that you want to rename.
The application details display.
-
Select anywhere in the application name field and make your changes.
-
Press Enter to save your changes.
Delete an application in STA
You can delete an application from the list of applications that are configured for the account.
-
On the STA Access Management console, select the Applications tab.
-
Select the menu icon on the application that you want to delete.
-
Select Delete and confirm the deletion.
Change an application icon in STA
Operators (with full edit and read permissions) can change the icon that represents an application on the User Portal and STA Access Management console.
This functionality is particularly useful if you want to deploy the STA user portal to your users and configure applications using the Generic Template. The application icon can be changed at the time of adding an application or at any time afterward. To replace the application icon with a custom icon, follow the steps:
-
Move the pointer over the application icon. The icon image will be highlighted with an edit indicator.
-
Click the icon image.
-
Drag or browse the new icon image in the Application Icon window. Here, you can also revert to the default icon of the template, if required.
-
Click Select in the Application Icon Preview window to update the new icon image.
The following lists the image file requirements for the custom icon:
-
Maximum size: 1 MB
-
Supported formats: JPEG, PNG or GIF
The default icon of the associated template will never change, and will appear as is the next time an application with the same template is added.