Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All

Authentication

STA Hybrid Access Management Add-On

SafeNet Trusted Access
Getting started
- Subscription plans
- Log in to the STA consoles
- STA consoles
- Provision tokens
- Enroll a token
- Access your first application
- Protect cloud applications
Users and groups
- Configure individual users
- Manage tokens for a user
- Users on the STA Access Management console
- Groups
- Containers
- Restrict access based on the time, day, or date
- Account lockout and unlock policies
User provisioning
- Microsoft Entra ID synchronization
- User Provisioning through Identity Management Framework
  - Bi-directional Synchronization
  - Identity Management Framework Deployment
  - Using CSV as Identity Source
  - Using Active Directory (AD) as Identity Source
  - Using Microsoft Entra ID as Identity Source
  - SafeNet Trusted Access IdM Connector
  - Identity Management Framework - Frequently Asked Questions
- Add immutable IDs to users in Microsoft Entra ID
- User Provisioning through miniOrange using SCIM
- User Provisioning through Okta using SCIM
- Multi-role accounts
Operators and roles
- Operators
- External operators
- Provision roles automatically
- Alerts
Tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary password policy
- Token passcode processing policy
- Configure server-side PINs
- Token synchronization
- Token authentication
- Import SafeNet tokens
- MobilePASS target and push OTP settings
- MobilePASS+ token self-provisioning
- SMS credits
- SMS, email, and voice OTP delivery
- GrIDsure
- Quicklog authentication
- Initialize hardware tokens
- Import YubiKey tokens
Provisioning tokens to users
- Automate token provisioning
- Self-provisioning rules for groups
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for push OTP
- Enable push OTP and MobilePASS+
- Push OTP rejection policy
- Customize push notifications and alerts
- Configure applications for push OTP
- Token management and enrollment
- Push OTP authentications
Access policies
- Global access policy
- Add a policy
- Scenarios and conditions
- Grant or deny access to groups of users
- Logon policies
- Pre-authentication rules
Applications
- User portal
- SAML applications
- Custom SAML applications
- OIDC applications
- Custom OIDC applications
- SafeNet agents
- Share your applications
- SafeNet Application Gateway for Amazon Elastic Beanstalk
- Windows Logon app sharing
- Legacy SAML configurations
Authentication
- Integrated Windows Authentication (Kerberos)
- Certificate-based authentication
- Delegated password validation
- FIDO authentication
- External FIDO management
- IDP orchestration
  - ADFS as an external identity provider
  - Microsoft Entra ID as an external identity provider
  - Okta as an external IDP
  - OneWelcome as an external IDP
- STA Hybrid Access Management Add-On
  - Balancing Security and Flexibility with Hybrid IAM
  - STA Access Continuum
- Flexible Passwordless Authentication Journeys
RADIUS integrations
- RADIUS attributes for users or groups
- RADIUS third-party token support
- Block RADIUS authentication
Server and agent settings
- Authentication nodes
- Single sign-on session timeout
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configuring a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Data collection
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
User self-service
- Self-service site
  - Site appearance and default language
  - Self-service modules
  - Self-enrollment pages
  - Configure authorities, OOB enrollment, and policies
  - Process requests and view reports
- Prefill the user name
Branding the appearance
- Customize user and operator login pages
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Language customization
- Languages on the user login pages
- Languages on self-provisioning pages
- Languages on the user portal
Dashboard
- Access logs
- Authentication activity
- Authentication metrics
- Access and authentication log fields
- Audit logs of operator activity
- Log Streaming
- SafeNet MobilePASS+ authenticators
- Usage report
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Identity governance and administration
- STA Identity Governance with SailPoint IdentityIQ
- Solution Overview
- Generate STA Authentication API key
- Create and Configure a Web Services Application in SailPoint IdentityIQ
- Running the Solution
- Certification
- Rules
Security integrations
- Security Orchestration with Cortex XSOAR
Compliance and standards
Community content
- Authentication with AD Federation Services
- Protecting Remote Desktop Services
Previews
- Access risk score
- API access management
- Mobile app for API access management
- Configure STA for API access management
- Policy enforcement using an API gateway
- Back-end API for the mobile app
- STA integration with Entra ID EAM

STA documentation
SafeNet Trusted Access
Authentication
STA Hybrid Access Management Add-On

STA Hybrid Access Management Add-On

SafeNet Trusted Access (STA) Hybrid is a comprehensive identity and access management solution that combines the benefits of both on-premises and cloud-based IAM. This hybrid approach allows organizations to seamlessly manage user identities and access rights across various IT environments, including on-premises applications, cloud-based services, and mobile applications.

STA Hybrid also meets compliance requirements by providing the flexibility and control to ensure secure access to critical resources. With its adaptive authentication and single sign-on capabilities, SafeNet Trusted Access Hybrid offers a seamless user experience without compromising security.

Balancing Security and Flexibility: Hybrid IAM

An organization might choose to use a hybrid IAM approach for several reasons. Firstly, it allows the organization to leverage existing on-premises infrastructure while also taking advantage of the scalability and flexibility offered by cloud-based IAM solutions. A hybrid IAM approach can offer a more gradual and controlled migration to the cloud, allowing the organization to maintain legacy systems while gradually transitioning to cloud-based solutions. This can benefit organizations with complex IT environments or specific regulatory requirements.

Secondly, hybrid IAM provides the ability to seamlessly manage user identities and access across both on-premises and cloud-based applications, ensuring a consistent user experience and security posture.

Overall, a hybrid IAM approach can provide the best of both worlds, offering the organization the flexibility, scalability, and security needed to meet the demands of modern IT environments.

Fortifying Critical Infrastructure

Critical infrastructure may choose to use hybrid IAM for several reasons. Firstly, many critical infrastructure organizations have complex and geographically dispersed IT environments, often consisting of legacy on-premises systems and modern cloud-based applications. A hybrid IAM approach allows these organizations to manage user identities and access rights across this diverse infrastructure, ensuring secure and compliant access to critical resources.

Secondly, hybrid IAM provides the flexibility and scalability to adapt to changing security and compliance requirements. Critical infrastructure organizations often need to adhere to stringent regulatory standards, and a hybrid IAM solution can help meet these requirements while enabling the organization to scale as needed.

Additionally, in the event of an internet failure, STA Hybrid IAM provides a built-in failover mechanism and offline access capabilities to ensure continued protection and access controls. This redundancy helps mitigate the impact of internet outages on the security and availability of identity and access management functions.

Furthermore, the adaptive nature of hybrid IAM allows critical infrastructure organizations to implement strong authentication and access controls, mitigating the risk of unauthorized access to sensitive systems and data. Overall, hybrid IAM enables critical infrastructure organizations to manage their diverse IT environments effectively, strengthen security measures, and ensure continuous compliance with regulatory standards.

Refer to the sub-sections for more details on both the deployment configurations.

Balancing Security and Flexibility with Hybrid IAM
STA Access Continuum

On this page

SafeNet Trusted Access

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com