Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Previews

SafeNet Agent for Windows Logon

search

Please Note:

SafeNet Agent for Windows Logon

This is a preview feature. Contact Thales Customer Support to request access to preview features.

SafeNet Agent for Windows Logon is designed to help Microsoft enterprise customers ensure that valuable resources are accessible only by authorized users. It delivers a simplified and consistent user login experience, virtually eliminates help desk calls related to password management, and helps organizations comply with regulatory requirements.

The use of Two-Factor Authentication (2FA) instead of just traditional static passwords to access a Windows environment is a critical step for information security.

For information about the released features, see: SafeNet Agent for Windows Logon.

For a list of existing issues as of the latest release, refer to Known Issues.

Preview Release Disclaimer

Release intent: Thales preview releases are short-lived and made available to customers “On Demand”, allowing them to provide feedback and explore upcoming feature/s specific to the preview release.
Release caveats:
- Non-production usage: Preview releases are not intended for use in production environments and Thales will not provide support for the production use of preview releases.
- Limited functionality: Preview releases may have limited or restricted functionality and there are no warranties for such releases.
- Support: Preview releases may be changed or discontinued. Upgrades from previous and upgrade to upcoming GA versions of the product are not supported.

Preview Release Description

v4.2.2

This preview release introduces the following features

  • Agent Configuration Management API: Any configuration changes made to the SafeNet Agent for Windows Logon instance in SafeNet Trusted Access (STA) are automatically applied when a system with the SafeNet Agent for Windows Logon restarts. This enables administrators to centrally manage configuration updates without redeploying the agent or pushing changes via MDM.

  • Installer Prerequisite Validation: The SafeNet Agent for Windows Logon installer now checks prerequisites such as administrative access and .NET Framework v4.8 before proceeding with installation. If these requirements are not met, the installer exits gracefully without making any changes.

  • Support for FIDO2 authenticators: FIDO2 (Fast IDentity Online) is a set of open standards designed to provide phishing-resistant and strong authentication. FIDO authentication in the SafeNet Agent for Windows Logon aims to eliminate passwords for online authentication, offering a more secure and user-friendly experience.

    Note

    FIDO support in this release is tested with Thales FIDO authenticators.

    • Two registry settings, PasswordlessEnabled and PasswordlessGroup, have been added to support passwordless logon along with FIDO authenticators. For more details, see registry settings.

    • While authenticating with passwordless logon using a FIDO authenticator, ensure that you configure the registry settings as they are in passwordless logon policy for other authenticators.

    • For additional information about the preview features, see: system requirements, pre-installation, running the solution, and troubleshooting.

    • Limitations of authentication using a FIDO2 authenticator with SafeNet Agent for Windows Logon:

      • Lack of support for platform authenticators: Platform-based authenticators such as Windows Hello and biometric sensors are not compatible.

      • No support for offline authentication: Offline authentication is not supported. Users must possess an offline supported authenticator, however, at least one online authentication must be performed using this authenticator.

      • Unsupported scenarios: Remote Desktop Protocol (RDP), Outgoing RDP connections, and Credential User Interface (CredUI) operations are not supported.

Known Issues

Issue Synopsis
SASNOI-22902 Summary: The Enrollment Service is not running or stopped after the launch of the SafeNet Desktop Logon application.
Workaround: Restart your system and try again. For more information, see troubleshooting. It will be fixed in a future release.
SASNOI-22603 Summary: If Allow Outgoing RDP without OTP in the SafeNet Agent for Windows Logon management console is disabled, then FIDO authentication does not work.
Workaround: None. Ensure to enable the setting always.
SAS-74515 Summary: While performing logon using the FIDO security key, user is redirected to the Passcode screen.
Workaround: None. Report and share logs with the Thales support team.
SASNOI-22590 Summary: The Security key option does not appear on the list of authenticators at the login screen. This is an intermittent issue and will be resolved in a future release.
Workaround: Close the list of authenticators screen, switch to a different user tile, and then continue the authentication.
SASNOI-22519 Summary: While enrolling a user for passwordless using a FIDO authenticator, the Windows security pop-up displays an untrusted app warning for SafeNet Desktop Logon.exe.
Workaround: None. It will be resolved in a future release.

On this page