MobilePASS target and push OTP settings
Select the targets (operating system and device type combinations) where users can self-enroll MobilePASS+ and MobilePASS8 tokens. Enrolled and active tokens cannot be transferred between the two MobilePASS apps. The settings apply to the current virtual server.
You can also select which type of software token is available on the allowed targets, to ensure consistent behavior across multiple targets.
You can control the availability of push based on the target. For example, you can enable push on mobile devices but not on desktop devices, such as Windows 10, due to the complexity of push in a desktop environment.
Configure targets and push notifications for MobilePASS tokens
-
On the STA Token Management console, select Policy > Token Policies > Software Token & Push OTP Setting.
-
Each row represents a target. Configure the settings for each target:
Setting Description Allowed Indicates whether an operating system and device type is available for enrollment. For example, if Android is not allowed, enrollment fails on all mobile devices and tablets running any version of the Android™ platform.
If an operating system and device type is not allowed, the row is inactive.
When you select Allowed, the default token for that target is enabled.
MobilePASS+
MobilePASS8
You can select only one MobilePASS application per operating system and device type.
- For Android, iOS, and Windows 10, select either MobilePASS+ or MobilePASS8.
- For Windows 10 Mobile, only MobilePASS+ is available.
- For all other systems, MobilePASS 8 is available.
If neither the MobilePASS+ nor the MobilePASS8 check box is selected, the corresponding Allowed check box is also not selected, and the row is inactive.
Push Notifications Determines whether a push message is triggered, based on the operating system and the push capability of the user's enrolled tokens.
The following are the default settings for new virtual servers:
Operating System Device Type Allowed Token Push Notifications Android Mobile/Tablet Enabled MobilePASS+ Enabled Chrome OS Mobile/Tablet Enabled MobilePASS+ Enabled iOS Mobile/Tablet Enabled MobilePASS+ Enabled macOS Mobile/Tablet Enabled MobilePASS+ Enabled Windows 10 Mobile Mobile Disabled MobilePASS+ Enabled Windows 10 Desktop/Tablet Enabled MobilePASS8 Disabled Windows Desktop Enabled MobilePASS8 Unavailable Mac OS X Desktop Enabled MobilePASS8 Unavailable BlackBerry 10 Mobile/Tablet Disabled MobilePASS8 Unavailable BlackBerry Java Mobile/Tablet Disabled MobilePASS8 Unavailable Windows Phone Mobile/Tablet Disabled MobilePASS8 Unavailable Windows RT Mobile/Tablet Disabled MobilePASS8 Unavailable -
Select Apply.
For a list of supported operating systems and devices, see the MobilePASS+ and MobilePASS 8 Release Notes.
Accelerate push OTP approval for MobilePASS+
The enhanced approval workflow significantly accelerates the authentication process for MobilePASS+ tokens, and enables users to manage push login requests without unlocking their mobile device.
It is highly recommended that you either enforce a device PIN or enable a PIN setting in the MobilePASS token template, so that only the device owner or token assignee can approve a push request.
If the enhanced approval workflow is enabled, users with incompatible versions of MobilePASS+ receive an error message when the application opens. The enhanced approval workflow can be disabled at any time, restoring full functionality with earlier MobilePASS+ versions.
-
On the STA Token Management console, select Policy > Token Policies > Software Token & Push OTP Setting.
-
Select the Enhanced approval workflow check box.
-
Select Apply.
Push with number matching
Number matching makes push notifications more secure. Adding number matching to push notifications can protect against push fatigue or push bombing attacks, where the user is spammed with multiple push notifications until they eventually approve a notification just to make them stop. Number matching also prevents users from approving push notifications by mistake.
Number matching forces the user to match the number on the login screen with the number in their SafeNet MobilePASS+ authenticator push notification.
-
On the STA Token Management console, select Policy > Token Policies > Software Token & Push OTP Settings.
-
Select the Secure Push authentication with numerical challenge check box.
-
Select Apply.
Users must match a two-digit number on their push notification with the number that is displayed on the application login screen.