SafeNet Trusted Access
Getting started
- Subscription plans
- Log in to the STA consoles
- STA consoles
- Provision tokens
- Enroll a token
- Access your first application
- Protect cloud applications
Users and groups
- Configure individual users
- Manage tokens for a user
- Users on the STA Access Management console
- Groups
- Containers
- Restrict access based on the time, day, or date
- Account lockout and unlock policies
User provisioning
- Microsoft Entra ID synchronization
- User Provisioning through Identity Management Framework
  - Bi-directional Synchronization
  - Identity Management Framework Deployment
  - Using CSV as Identity Source
  - Using Active Directory (AD) as Identity Source
  - Using Microsoft Entra ID as Identity Source
  - SafeNet Trusted Access IdM Connector
  - Identity Management Framework - Frequently Asked Questions
- Add immutable IDs to users in Microsoft Entra ID
- User Provisioning through miniOrange using SCIM
- User Provisioning through Okta using SCIM
- Multi-role accounts
Operators and roles
- Operators
- External operators
- Provision roles automatically
- Alerts
Tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary password policy
- Token passcode processing policy
- Configure server-side PINs
- Token synchronization
- Token authentication
- Import SafeNet tokens
- MobilePASS target and push OTP settings
- MobilePASS+ token self-provisioning
- SMS credits
- SMS, email, and voice OTP delivery
- GrIDsure
- Quicklog authentication
- Initialize hardware tokens
- Import YubiKey tokens
Provisioning tokens to users
- Automate token provisioning
- Self-provisioning rules for groups
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for push OTP
- Enable push OTP and MobilePASS+
- Push OTP rejection policy
- Customize push notifications and alerts
- Configure applications for push OTP
- Token management and enrollment
- Push OTP authentications
Access policies
- Global access policy
- Add a policy
- Scenarios and conditions
- Grant or deny access to groups of users
- Logon policies
- Pre-authentication rules
Applications
- User portal
- SAML applications
- Custom SAML applications
- OIDC applications
- Custom OIDC applications
- SafeNet agents
- Share your applications
- SafeNet Application Gateway for Amazon Elastic Beanstalk
- Windows Logon app sharing
- Legacy SAML configurations
Authentication
- Integrated Windows Authentication (Kerberos)
- Certificate-based authentication
- Delegated password validation
- FIDO authentication
- External FIDO management
- IDP orchestration
  - ADFS as an external identity provider
  - Microsoft Entra ID as an external identity provider
  - Okta as an external IDP
  - OneWelcome as an external IDP
- STA Hybrid Access Management Add-On
  - Balancing Security and Flexibility with Hybrid IAM
  - STA Access Continuum
- Flexible Passwordless Authentication Journeys
RADIUS integrations
- RADIUS attributes for users or groups
- RADIUS third-party token support
- Block RADIUS authentication
Server and agent settings
- Authentication nodes
- Single sign-on session timeout
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configuring a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Data collection
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
User self-service
- Self-service site
  - Site appearance and default language
  - Self-service modules
  - Self-enrollment pages
  - Configure authorities, OOB enrollment, and policies
  - Process requests and view reports
- Prefill the user name
Branding the appearance
- Customize user and operator login pages
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Language customization
- Languages on the user login pages
- Languages on self-provisioning pages
- Languages on the user portal
Dashboard
- Access logs
- Authentication activity
- Authentication metrics
- Access and authentication log fields
- Audit logs of operator activity
- Log Streaming
- SafeNet MobilePASS+ authenticators
- Usage report
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Identity governance and administration
- STA Identity Governance with SailPoint IdentityIQ
- Solution Overview
- Generate STA Authentication API key
- Create and Configure a Web Services Application in SailPoint IdentityIQ
- Running the Solution
- Certification
- Rules
Security integrations
- Security Orchestration with Cortex XSOAR
Compliance and standards
Community content
- Authentication with AD Federation Services
- Protecting Remote Desktop Services
Previews
- Access risk score
- API access management
- Mobile app for API access management
- Configure STA for API access management
- Policy enforcement using an API gateway
- Back-end API for the mobile app
- STA integration with Entra ID EAM

Audit logs of operator activity

Each saved change to SafeNet Trusted Access (STA) settings by the operator is recorded in audit logs on the STA Access Management console.

alt_text

The audit logs include the following information about configuration changes to your STA account:

Column	Description
Timestamp	The time of the action is based on the selected time zone, which can be either Local Time or UTC Time. Local time is based on the time zone setting in your browser.
UserID	The identity of the user who performed the action is defined on the STA Token Management console, on the Users tab.
IP Address	The public IP address of the operator is identified.
Organization	The organization identifies the virtual server of the operator.
Action Taken	The description of the change includes actions such as Add, Delete, Enable, Disable, Reorder (change the rank of a policy or scenario), and Update.
Object Type	The type of object that the operator changed includes Application, Policy, Scenario, Setting, and Authentication - Issuing CA.
Object Title	The object title is the name of the object. It includes the name of the parent of the object, if any. For example, if the object is a scenario, then the name of the policy is also displayed.

Filter the audit logs

By default, the logs include all users and a 90-day date range, and can display a maximum of 20 pages.

If you have a large amount of data, you can filter the logs by user ID or date range. The search filters remain in effect when you switch between the Access Logs and Audit Logs tabs.

You can also export the logs as a CSV file.

On the STA Access Management console, select the Home tab.
Select the Audit Logs tab.
To filter the logs by user ID, type one or more of the starting characters in the search box. You can include letters or numbers.

STA displays the logs only for user IDs that start with those characters.
To filter the logs by date, enter the Start Date or End Date.

The date filters use only dates (such as 2019-04-25) and exclude the time of day. The date filters use your local time zone, based on the time zone setting in your browser. The default is a 90-day period.
- The default start date is 90 days before the current date. The start date can be any time up to and including the current date.
- The default end date is the current date. The end date can be the same as or later than the start date.
To switch the Timestamp column between Local Time and UTC Time, use the view selector:

Local Time is based on the time zone setting in your browser. This view selector affects only the timestamps and does not affect the Start Date and End Date filters, which always use your local time zone.
To update the list of logs without resetting the filters, select Refresh the logs.

Export the audit logs

You can export the logs to a CSV file. The scope of the exported logs is constrained by the user and date filters that are set when you export the logs.

Filter the logs as required.
Select Export.

The Export Audit Logs to CSV dialog box displays a default file name and a list of the data that is included in the log.

Suggest A Change

Audit logs of operator activity

Filter the audit logs

Export the audit logs

On this page