Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All

Tokens

Token authentication

SafeNet Trusted Access
Getting started
- Subscription plans
- Log in to the STA consoles
- STA consoles
- Provision tokens
- Enroll a token
- Access your first application
- Protect cloud applications
Users and groups
- Configure individual users
- Manage tokens for a user
- Users on the STA Access Management console
- Groups
- Containers
- Restrict access based on the time, day, or date
- Account lockout and unlock policies
User provisioning
- Microsoft Entra ID synchronization
- User Provisioning through Identity Management Framework
  - Bi-directional Synchronization
  - Identity Management Framework Deployment
  - Using CSV as Identity Source
  - Using Active Directory (AD) as Identity Source
  - Using Microsoft Entra ID as Identity Source
  - SafeNet Trusted Access IdM Connector
  - Identity Management Framework - Frequently Asked Questions
- Add immutable IDs to users in Microsoft Entra ID
- User Provisioning through miniOrange using SCIM
- User Provisioning through Okta using SCIM
- Multi-role accounts
Operators and roles
- Operators
- External operators
- Provision roles automatically
- Alerts
Tokens
- Token allocations
- Token templates
- Token restrictions
- Temporary password policy
- Token passcode processing policy
- Configure server-side PINs
- Token synchronization
- Token authentication
- Import SafeNet tokens
- MobilePASS target and push OTP settings
- MobilePASS+ token self-provisioning
- SMS credits
- SMS, email, and voice OTP delivery
- GrIDsure
- Quicklog authentication
- Initialize hardware tokens
- Import YubiKey tokens
Provisioning tokens to users
- Automate token provisioning
- Self-provisioning rules for groups
- Provisioning tasks
- Assign a hardware token to a user
- Bulk assign third-party tokens
Push OTP
- Requirements and considerations for push OTP
- Enable push OTP and MobilePASS+
- Push OTP rejection policy
- Customize push notifications and alerts
- Configure applications for push OTP
- Token management and enrollment
- Push OTP authentications
Access policies
- Global access policy
- Add a policy
- Scenarios and conditions
- Grant or deny access to groups of users
- Logon policies
- Pre-authentication rules
Applications
- User portal
- SAML applications
- Custom SAML applications
- OIDC applications
- Custom OIDC applications
- SafeNet agents
- Share your applications
- SafeNet Application Gateway for Amazon Elastic Beanstalk
- Windows Logon app sharing
- Legacy SAML configurations
Authentication
- Integrated Windows Authentication (Kerberos)
- Certificate-based authentication
- Delegated password validation
- FIDO authentication
- External FIDO management
- IDP orchestration
  - ADFS as an external identity provider
  - Microsoft Entra ID as an external identity provider
  - Okta as an external IDP
  - OneWelcome as an external IDP
- STA Hybrid Access Management Add-On
  - Balancing Security and Flexibility with Hybrid IAM
  - STA Access Continuum
- Flexible Passwordless Authentication Journeys
RADIUS integrations
- RADIUS attributes for users or groups
- RADIUS third-party token support
- Block RADIUS authentication
Server and agent settings
- Authentication nodes
- Single sign-on session timeout
- Restrict IP range
- Email server settings
- SMS settings
- Voice OTP settings
- Configuring a voice provider
- FTP/SFTP/SCP settings
- Time zone offset
- Data collection
- Download an encryption key for agents
- Language
- Migrate SafeNet authentication servers
User self-service
- Self-service site
  - Site appearance and default language
  - Self-service modules
  - Self-enrollment pages
  - Configure authorities, OOB enrollment, and policies
  - Process requests and view reports
- Prefill the user name
Branding the appearance
- Customize user and operator login pages
- Customize email messages
- Customize SMS messages
- Customize voice OTP messages
Language customization
- Languages on the user login pages
- Languages on self-provisioning pages
- Languages on the user portal
Dashboard
- Access logs
- Authentication activity
- Authentication metrics
- Access and authentication log fields
- Audit logs of operator activity
- Log Streaming
- SafeNet MobilePASS+ authenticators
- Usage report
Reports
- Billing reports
- Compliance reports
- Inventory reports
- Security policy reports
Identity governance and administration
- STA Identity Governance with SailPoint IdentityIQ
- Solution Overview
- Generate STA Authentication API key
- Create and Configure a Web Services Application in SailPoint IdentityIQ
- Running the Solution
- Certification
- Rules
Security integrations
- Security Orchestration with Cortex XSOAR
Compliance and standards
Community content
- Authentication with AD Federation Services
- Protecting Remote Desktop Services
Previews
- Access risk score
- API access management
- Mobile app for API access management
- Configure STA for API access management
- Policy enforcement using an API gateway
- Back-end API for the mobile app
- STA integration with Entra ID EAM

STA documentation
SafeNet Trusted Access
Tokens
Token authentication

Token authentication

User login options include the following:

Login with one authenticator

To access a protected resource with only one authenticator configured for your account:

Go to the protected resource login page.
At the welcome prompt, enter your user name and then select Login.
Enter your domain password and then select Login.
Enter the passcode for the configured authentication method and then select Login.

In this example, the configured authentication method is email. For details about authentication delivery settings, see Generate and deliver OTPs.

After successfully authenticating, the protected resource opens.

Line

Choose from multiple authenticators

To access a protected resource using any one of multiple authenticators configured for your account:

Go to the protected resource login page.
At the welcome prompt, enter your user name and then select Login.
Enter your domain password and then select Login.
Select an authentication method.

In this example, Send a code to your email is selected, as shown in the next step.

Only the authentication methods that are configured for your account are listed. Authenticators that are locked or suspended are greyed-out to show that they are inactive and cannot be used. For details about authentication delivery settings, see Generate and deliver OTPs, MobilePASS target and push OTP settings, and MobilePASS+ token self-provisioning.
Enter your passcode and then select Login to access the protected resource.

Line

Remember user name on device

To login with a specific device + browser combination without typing your user name:

Go to the protected resource login page.
At the welcome prompt, select Remember me on this device.
Enter your user name and then select Login.
Enter your domain password and then select Login.
Authenticate using the method configured for your account.

In this example, the configured authentication method is email. For details about authentication delivery settings, see Generate and deliver OTPs.

After successfully authenticating, the protected resource opens.

The next time that you login to the protected resource using the same device and browser combination, you will be prompted for your password, without first entering your user name.

Line

Add authenticator

To add an authentication method:

Go to the protected resource logon page.
At the welcome prompt, enter your user name and then select Login.
Select Other options.

Other options displays only if: 1) You are eligible to enroll multiple authenticators and 2) Inline enrollment is enabled, or 3) You have not reached the maximum number of tokens you are allowed.
Select Add authenticator.
(Optional) Select Go back to return to your configured authentication method rather than add another.
Follow the prompts to add the authenticator.

Line

Remember default authenticator

To choose a default authentication method so that you bypass the list for future logins:

Go to the protected resource login page.
At the welcome prompt, enter your user name and then select Login.
Enter your domain password and then select Login.
Select Remember for future logins and then select your default authentication method.

Only the authentication methods that are configured for your account are listed. Authenticators that are locked or suspended are greyed-out to show that they are inactive and cannot be used.

In this example, Send a push to MobilePASS+ is selected as the default authentication method.

After successfully authenticating, the Remember for future logins functionality is enabled and the protected resource opens.
When ready, close the session.

The next time you go to the protected resource, your default authentication method (for example, push to MobilePASS+) displays, rather than the list of options.

Approve Push

Line

Forget default authenticator

To de-select a default authentication method so that the list for all methods displays:

Go to the protected resource login page.
At the welcome prompt, enter your user name and then select Login.
Enter your domain password and then select Login.

Your default authentication method (for example, push to MobilePASS+) displays.
Select Other options.
De-select the Remember for future logins option and then successfully authenticate.
When ready, close the session.

The next time you go to the protected resource, the list of authentication methods displays, rather than the method you last used.

Line

Change default authenticator

To change your authentication method:

Go to the protected resource login page.
At the welcome prompt, enter your user name and then select Login.
Enter your domain password and then select Login.
Select Other options.

In this example, the configured authentication method is email. For details about authentication delivery settings, see Generate and deliver OTPs.

Other options are available only if: 1. Inline enrollment is enabled for the user and 2. The user has not reached their maximum number of tokens.
Select an authentication method.

Only the authentication methods that are configured for your account are listed. Authenticators that are locked or suspended are greyed-out to show that they are inactive and cannot be used.

After successfully authenticating, the protected resource opens.

On this page

SafeNet Trusted Access

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com