thalesdocs.com
Open in
urlscan Pro
65.9.66.29
Public Scan
Submitted URL: https://www6.thalesgroup.com/e/51442/lassic-crn-index-html-06282022/dnjq45/1135054795?h=mpwrdS8Oji1hpTpqMCBewM-rNCNkW2NzdqOh9...
Effective URL: https://thalesdocs.com/sta/crns/sta_classic_crn/index.html
Submission: On June 30 via api from US — Scanned from DE
Effective URL: https://thalesdocs.com/sta/crns/sta_classic_crn/index.html
Submission: On June 30 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
../../search.html
<form class="form-search form-search--header" action="../../search.html">
<label for="st-search-input"></label><input type="text" id="st-search-input" placeholder="Search terms, keywords and articles..." class="st-search-input header" autocomplete="off">
</form><form data-abide="ajax" novalidate="">
<div data-abide-error="" class="alert callout" style="display: none;" aria-live="assertive">
<p><i class="fi-alert"></i> There are some errors in your form.</p>
</div>
<div class="grid-container">
<div class="grid-x grid-padding-x">
<div class="cell">
<label>Your Name <input type="text" id="form-name" required="" aria-describedby="63uhvb-abide-error">
<span class="form-error" id="63uhvb-abide-error" role="alert">This field is required</span>
</label>
</div>
<div class="cell">
<label>Your Email <input type="email" id="form-email" required="" aria-describedby="6kc8m2-abide-error">
<span class="form-error" id="6kc8m2-abide-error" role="alert">This field is required</span>
</label>
</div>
<div class="cell">
<label> How can we improve this content? <textarea id="form-comments" required="" aria-describedby="bv5opa-abide-error"></textarea>
<span class="form-error" id="bv5opa-abide-error" role="alert">This field is required</span>
</label>
</div>
<div class="cell">
<div class="input-group-button">
<input type="submit" class="button" value="Send Your Suggestion">
</div>
</div>
</div>
</div>
</form>Text Content
Your suggested change has been received. Thank you.
* STA documentation
* * Explore Thales Docs
* General Purpose HSMs
* Luna HSMs
* ProtectServer HSMs
* Crypto Command Center
* Data Protection on Demand
* Data Protection on Demand
* SafeNet Trusted Access
* SafeNet Trusted Access
* CipherTrust Data Security Platform
* CipherTrust Manager
* CipherTrust Transparent Encryption (CTE)
* CipherTrust Integrations
* Thales CipherTrust Data Discovery and Classification
* SafeNet Trusted Access
* Getting started
* Users and groups
* User synchronization
* Operators and roles
* Tokens
* Provisioning tokens to users
* Push OTP
* Access policies
* Applications
* Authentication
* Server and agent settings
* Self-service site
* Branding the appearance
* Custom languages on the user portal and login pages
* Dashboard
* Reports
* Security integrations
* Compliance and standards
* Community content
* Previews
* SafeNet Agents
* Synchronization Agent
* SafeNet Logging Agent
* SafeNet MobilePASS+
* SafeNet MobilePASS+ for Android
* SafeNet MobilePASS+ for Chrome OS
* SafeNet MobilePASS+ for iOS
* SafeNet MobilePASS+ for watchOS
* SafeNet MobilePASS+ for Windows
* Frequently asked questions
* SafeNet MobilePASS+ terminology
* API references
* API keys
* REST API for STA
* SCIM API for STA
* Account management
* Create an account
* Account managers
* Account manager roles
* Recommended account manager role settings
* Account management groups
* Upgrade the subscription plan
* Allocate tokens and capacity
* Token inventory
* Deallocate inventory
* Delegate account management
* Alerts for account managers
* Subscriber metrics
* Account management reports
* Branding inheritance
* Customize references
* Release notes
* STA – Classic Service Zone
* STA – EU Service Zone
* STA – US Service Zone
* SafeNet MobilePASS+ for Android
* SafeNet MobilePASS+ for iOS
* SafeNet MobilePASS+ for Windows
* SafeNet MobilePASS+ SDK
Release notes
STA – Classic Service Zone
STA – CLASSIC SERVICE ZONE
* Release notes
* STA – Classic Service Zone
* Product Description
* Service Packs
* 06/29/2022
* 06/28/2022
* 06/07/2022
* 05/26/2022
* 05/17/2022
* 05/16/2022
* 05/05/2022
* 04/19/2022
* 04/14/2022
* 04/05/2022
* 03/25/2022
* 03/21/2022
* 03/16/2022
* 03/04/2022
* 03/02/2022
* 03/01/2022
* 02/23/2022
* 02/22/2022
* 02/11/2022
* 02/01/2022
* 01/31/2022
* 12/16/2021
* 12/15/2021
* 2/09/2021
* 12/08/2021
* 12/01/2021
* 11/22/2021
* 10/21/2021
* 10/14/2021
* 10/12/2021
* 10/08/2021
* 10/06/2021
* 09/30/2021
* 09/22/2021
* 09/01/2021
* 08/31/2021
* 08/27/2021
* 08/19/2021
* 08/05/2021
* 07/09/2021
* 07/01/2021
* 06/30/2021
* 06/25/2021
* 06/21/2021
* 06/18/2021
* 06/08/2021
* 06/04/2021
* 06/03/2021
* 06/02/2021
* 05/26/2021
* 05/20/2021
* 05/04/2021
* 04/08/2021
* 03/24/2021
* 03/18/2021
* 03/09/2021
* 03/08/2021
* 02/26/2021
* 02/23/2021
* 02/09/2021
* 02/03/2021
* 01/28/2021
* 01/26/2021
* 01/20/2021
* 01/11/2021
* 12/17/2020
* 12/03/2020
* 12/02/2020
* 12/01/2020
* 11/26/2020
* 11/18/2020
* 11/11/2020
* 10/28/2020
* 10/22/2020
* 10/21/2020
* 09/28/2020
* 09/24/2020
* 09/17/2020
* 08/27/2020
* 08/25/2020
* 08/13/2020
* 08/12/2020
* 07/23/2020
* 07/14/2020
* 07/13/2020
* 07/02/2020
* 06/25/2020
* 06/23/2020
* 06/17/2020
* 06/16/2020
* 06/04/2020
* 06/02/2020
* 05/29/2020
* 05/19/2020
* 05/04/2020
* 04/30/2020
* 04/23/2020
* 04/02/2020
* 03/28/2020
* 03/25/2020
* 03/21/2020
* 03/20/2020
* 03/18/2020
* 03/16/2020
* 03/13/2020
* 03/04/2020
* 02/28/2020
* 01/28/2020
* 01/24/2020
* 01/14/2020
* 12/03/2019
* 11/26/2019
* 11/12/2019
* 11/07/2019
* 10/31/2019
* 10/30/2019
* 10/29/2019
* 10/24/2019
* 10/15/2019
* 10/02/2019
* 09/17/2019
* 09/09/2019
* 09/06/2019
* 08/29/2019
* 08/27/2019
* 08/13/2019
* 08/01/2019
* 07/23/2019
* Merge SAS with STA - 06/27/2019
* 06/19/2019
* 06/18/2019
* 06/12/2019
* 06/12/2019
* 06/11/2019
* 02/15/2019
* 02/12/2019
* 01/23/2019
* 11/05/2018
* 10/25/2018
* 10/16/2018
* 09/05/2018
* 08/21/2018
* 06/14/2018
* 06/05/2018
* 05/29/2018
* 05/22/2018
* 05/03/2018
* 04/20/2018
* 04/19/2018
* 04/17/2018
* 04/16/2018
* 03/22/2018
* 03/15/2018
* 03/13/2018
* 03/08/2018
* 02/06/2018
* 02/01/2018
* 12/06/2017
* 11/01/2017
* 10/26/2017
* 08/31/2017
* Product Launch Release – 07/05/2017
* Known Issues
* Compatibility Information
* Supported Tokens
* Supported Browsers
* Supported Directories
* STA – EU Service Zone
* STA – US Service Zone
* SafeNet MobilePASS+ for Android
* SafeNet MobilePASS+ for iOS
* SafeNet MobilePASS+ for Windows
* SafeNet MobilePASS+ SDK
* STA documentation
* Release notes
* STA – Classic Service Zone
STA – CLASSIC SERVICE ZONE
RELEASE NOTES
PRODUCT DESCRIPTION
STA is an Access Management solution that enables you to centrally manage and
control access to applications through the configuration of context-aware
policies and the enforcement of appropriate authentication requirements.
STA includes a rich set of authentication functions, as well as user and token
management.
It delivers fully automated, highly secure authentication-as-a-service, with
flexible token options tailored to the unique needs of your organization,
substantially reducing the total cost of operation.
Deployment is made easy through the flexibility and scalability of automated
workflows, vendor-agnostic token integrations, and broad APIs. In addition,
management capabilities and processes are fully automated and
customizable—providing a seamless and enhanced user experience.
STA enables a quick migration to a multi-tier, multi-tenant cloud environment,
protecting everything, from cloud-based and on-premises applications to
networks, users, and devices.
For a list of existing issues as of the latest release, refer to Known Issues.
SERVICE PACKS
06/29/2022
This service pack release of STA introduces the following feature:
* OS condition support for iPadOS: The STA OS policy condition is enhanced to
support the iPadOS, therefore enabling detection of the iPadOS, and
particular versions of it, on the user’s device. The OS policy condition is
also enhanced to support the latest versions of the Windows, Android, iOS,
and macOS operating systems.
06/28/2022
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Self-provisioning rules for groups: Allows you to define which user groups
are entitled to self-enroll authenticators (MobilePASS+, FIDO, GrIDsure).
Refer to the documentation for more details.
* Preset Username for Azure Federation: Users will not need to re-enter their
Azure userID on the STA IDP logon page. The option is controlled by the
Enforce User Name setting in the application template. Refer to the template
documentation for more details.
* Proxy IP addresses included in streamed access logs: The access logs
information delivered through Log Streaming now includes the complete chain
of IP addresses that can be extracted from the X-Forwarded-For (XFF) header.
This includes the client’s IP address, but also the list of IP addresses of
proxies that are traversed by the access request in its path to the STA
service. This provides the full set of available network path information so
it can be used for reference in case of auditing reviews. The left-most IP
address reported is that of the client, while other IP addresses are those of
proxies being crossed. Some of these proxies will typically be IP addresses
of Google Cloud Platform where the STA service is hosted.
RESOLVED ISSUES
Issue Synopsis SAS-51882 Intermittent errors during authentication to shared
applications are resolved. SAS-51716 STA IDP stability improvements. SAS-50977
Improvements to the MobilePASS+ Authenticators tab interface.
06/07/2022
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-52463 Account expiry notifications work correctly. SAS-51808
Interface fixes for MobilePASS self-enrollment. SAS-50405 Fix for PIN change
dialog flow in combination with SMS Quick Log authenticators. SAS-48401 SOAP
Management API security updates. SAS-46684 Unused capacity is calculated the
same on the STA console and Management API. SAS-6082 Operator and Operator Roles
are now validated independant from each other to validate report access.
05/26/2022
This service pack release of STA introduces the following feature:
* Self-provisioning for GrIDsure: Allow users to self-provision GrIDsure as
part of the authentication flow, when they need it for the first time. Refer
to the documentation for details.
05/17/2022
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-49686 General system security enhancements.
05/16/2022
This service pack release of STA introduces the following features and resolves
the issue listed below:
* REST API
* User Management: A new, modern API is introduced to expose administrative
functionality for custom workflows and integrations, such as user
provisioning and IGA. A direct link on the STA Access Management console
provides access to API documentation using Swagger. Swagger allows your
development team and operators to visualize and interact with the API
resources without having any of the implementation logic in place.
Authentication uses API keys that are bound to STA users or service
accounts, and is not tied to STA operators. The ability to manage child
tenants is provided, based on the service account rights and tenant
visibility.
* Group Management: A REST API that can be used to manage the STA group life
cycle using a REST API to create, read, update and delete groups, and
change group membership.
* Account Information: This feature allows service providers to retrieve
service information pertaining to their managed accounts, including details
such as the tenant code, the organization name, the account status, the
account type, and the subscription plan.
* SCIM API
* User Management: Standardized interoperability and simplified integration
with user directories that support the SCIM standard. Provision users to
STA using the SCIM standard protocol. Refer to the documentation for
further details and limitations.
* Group Management: Standardized interoperability and simplified integration
with user directories that support the SCIM standard. Provision groups to
STA using the SCIM standard protocol. Refer to the documentation for
further details and limitations.
* User Session Termination API: Allows manual termination of a user's SSO
session in the context of incident management remediation. See the
documentation for more details.
* Azure Directory Sync: Significantly simplify user synchronization from Azure
AD to STA. Support users and groups that exist solely in Azure AD, enabling
STA to support all Azure AD user types. See the documentation for more
details.
RESOLVED ISSUE
Issue Synopsis SAS-53362 The Windows Logon Agent configuration file downloaded
from STA includes the BsidKey.
05/05/2022
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-48753 The STA management consoles timeout after 20 minutes of
inactivity.
04/19/2022
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* Security updates for the Push components
RESOLVED ISSUES
Issue Synopsis SAS-48840 An SMS OTP is now triggered as expected when the
override delivery method is allowed for voice OTP and ‘s’ is entered in the
passcode field. SAS-51991 KT tokens can now be correctly initialized.
04/14/2022
This service pack release of STA introduces the following features and resolves
the issue listed below:
* Simplified self-provisioning for MobilePASS+ on Android: Allow users to scan
a single QR code to download MobilePASS+ from Google Play Store and initiate
self-provisioning. Refer to the documentation for more details.
* Self-provisioning for MobilePASS+ on Chrome OS: Allow users to enroll
MobilePASS+ on Chrome OS as part of the authentication flow, when they need
it for the first time. Requires Chrome OS devices capable of running Android
apps. Refer to the documentation for more details.
Issue Synopsis SAS-50013 Windows Logon Agent shows with its correct name on the
Access Activity widgets.
04/05/2022
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* Portuguese language: Support for the Portuguese language on the STA IDP,
self-provisioning, and User Portal pages.
RESOLVED ISSUES
Issue Synopsis SAS-51153 Fixes for the Finnish translation SAS-48496 The input
validation error UI on the user portal is consistent. SAS-42044 Able to continue
inline enrollment on older iOS devices after a fresh MobilePASS+ installation.
SAS-33016 Inline enrollment is successful for users who belong to organizations
with Umlauts (ä, ö, or ü) in the name.
03/25/2022
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-41603 Users are no longer prompted to re-enter their user
name for their access request in the context of application sharing SAS-51488
Security enhancements
03/21/2022
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Support for simultaneous SMS and email OTP: You can now simultaneously
deliver the OTP to users over both SMS and email at the time of login.
Configure this functionality on the STA Token Management console in Policy >
Token Policies > SMS/Email/Voice OTP Delivery Methods.
* The Users - All - With Tokens and Tasks report includes aliases: This report
now includes alias3 and alias4.
* General security improvements
RESOLVED ISSUES
Issue Synopsis SAS-48840 Override trigger characters work correctly if the
default SMS delivery method is voice. SAS-49061 The Users - Inactive report
works correctly. SAS-50485 Large reports, such as Authentication activity, are
processed correctly.
03/16/2022
This announces the availability of a new SafeNet Trusted Access online
documentation portal that provides a new improved design and user experience.
The new portal is accessible at https://www.thalesdocs.com/sta/index.html and
replaces the previous portal https://www.thalesdocs.com/sta/Content/Home.htm.
Hyperlink references from the STA administration consoles and from Thales
portals will be updated in the coming days. Please update your bookmarks.
03/04/2022
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-51529 MobilePASS 8 for Windows msi downloads correctly during
self-enrollment.
03/02/2022
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* Scalability of STA access policies: It is now possible to configure up to 50
access policies per STA virtual server instead of 20, which was the previous
maximum.
RESOLVED ISSUES
Issue Synopsis SAS-51559 The Chrome River application can be added successfully
from the application catalog. SAS-51558 Authentication requests from a specific
Java API client are allowed to complete. SAS-51557 Authentication requests from
Cachatto Secure Browser are allowed to complete. SAS-51488 Application sharing
works correctly if the same username exists in multiple virtual servers.
03/01/2022
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* The Operating System policy condition enables you to check for iOS 14,
Android 11.0, macOS 10.15, and macOS 11.0.
RESOLVED ISSUES
Issue Synopsis SAS-50172 The Domain-Authenticated User Device condition can be
configured with a value of 0 days. SAS-48738 MobilePASS+ for Windows exe
downloads correctly during self-provisioning. SAS-47964 Enablement/disablement
actions of Integrated Windows Authentication and Delegated Password Validation
are explicitly recorded in STA audit logs.
02/23/2022
This service pack release of STA introduces the following feature:
* SafeNet Agent for Password Self-Service: The first GA version is an
out-of-the box self-service password management solution for forgotten or
expired password scenarios.
This agent enables users to reset or change their domain password while
accessing a STA-protected web application, using any configured STA
authentication method.
02/22/2022
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Parent operator organization displays correctly if child operator views audit
logs
* Service reliability updates
RESOLVED ISSUES
Issue Synopsis SAS-50572 Page title on self-enrollment is set to custom product
name. SAS-49311 BSIDCA GetProvisioningTasksForUserCount returns correct values
for exact string match. SAS-47800 Page title on self-service is set to custom
product name. SAS-43954 Azure Conditional Authentication Factors authenticates
correctly when shared with child virtual servers. SAS-43005 Self-enrollment
pages follow regular console branding. SAS-26211 Operator logon no longer
triggers authentication using an email alias. SAS-19219 Parent service dates
cannot be set to a value that is earlier than the expiration dates of its
children.
02/11/2022
This service pack release of STA introduces the following improvement and
resolves the issues listed below:
* Design and font update for GrIDsure authentication:
* Improved readability
* New font (Roboto) to better distinguish uppercase characters, lowercase
characters, and numbers
* Better contrast using black font on white background
RESOLVED ISSUES
Issue Synopsis SAS-51183 Shared applications are correctly authenticated on
parents for authentication policies that include scenarios. SAS-50424 System
cache improvements
02/01/2022
This service pack release of STA introduces the following feature:
* Finnish language: Support for Finnish language on STA IDP, self-provisioning,
and the User Portal.
01/31/2022
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-50434 The user portal displays correctly for all users.
12/16/2021
This service pack release of STA introduces the following feature:
* Additional choices for CBA user identity: This introduces two additional
choices for how to extract the username information from a certificate in the
context of Certificate Based Authentication (CBA), in this way extending
compatibility of CBA with a broader range of certificate issuers. The two new
choices are Subject Alternative Name : RFC822 and Subject : SERIALNUMBER.
12/15/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-48222 MobilePASS self-enrollment works correctly. SAS-46555
OTP PIN update works correctly after first entering a non-compliant PIN.
SAS-45445 BSIDCA "AddRADIUSAttributeToGroup" and "GetRADIUSAttributesForGroup"
function correctly. SAS-34928 GrIDsure security enhanced against leaking token
state information.
2/09/2021
The issues reported as resolved in the 12/08/2021 release have been set to
unresolved, pending further investigation.
12/08/2021
This service pack release of STA introduces the following feature:
* MobilePASS+ for Chrome OS: Allows you to use MobilePASS+ for Android on
Chrome OS with user experience adaptations for the laptop form factor. This
feature requires Chrome OS devices capable of running Android apps. Operators
can select Chrome OS as a target for MobilePASS+ enrollment on the STA Token
Management console.
12/01/2021
This service pack release of STA introduces the following feature:
* Increased the number of groups in SAML return attributes, by increasing the
length of the user attribute from 10K to 21K.
11/22/2021
This service pack release of STA introduces the following feature:
* Redirection to an external IDP: STA can integrate with an external identity
provider (IDP), to redirect traffic from STA to the other IDP for user
authentication. STA remains the primary IDP, orchestrating the use of a
secondary, external IDP. Refer to the documentation for details.
10/21/2021
This service pack introduces the following change:
Until further notice, Usage Analytics and Data Collection is disabled on SafeNet
Trusted Access. While disabled, it is not possible to change the associated
opt-in or opt-out data collection tenant setting. When usage analytics is
re-enabled in the future, all pre-existing opt-in / opt-out tenant settings will
remain as they were just before the function was disabled and data collection
will resume. For more information, please also refer to the Knowledge Base
article KB0021755.
10/14/2021
This service pack release of STA introduces the following feature and resolves
the issue listed below:
* Enable cross-links for OTP token management from the STA Access Management
console
RESOLVED ISSUE
Issue Synopsis SAS-48235 Security enhancements.
10/12/2021
This service pack release of STA introduces the following features:
* FIDO-based Passwordless Authentication: Allows you to deploy passwordless
authentication with STA using FIDO security keys and Windows Hello. Refer to
the documentation for more details.
* Users page redesign: The STA Users detail page is redesigned to accommodate
FIDO authenticator management and future enhancements. Refer to the
documentation for more details.
10/08/2021
This service pack release of STA introduces the following feature:
* End-user interface customization: Allows you to upload custom language files
for end-user logon flows, the user portal, and inline-enrollment. Refer to
the documentation for more details.
10/06/2021
This service pack release of STA introduces the following feature:
* Enhanced infrastructure security
09/30/2021
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Enhanced message customization for self-enrollment
* Performance improvements for reporting services
Issue Synopsis SAS-47862 Synchronization Agent and Remote Logging Agent
configuration files download correctly. SAS-46023 The Application Management
REST API can be used immediately after a virtual server is created. SAS-45044
The list of virtual servers correctly displays for shared applications.
SAS-42762 Polish diacritical marks (for example, ą, ć, ź, and ż) display
correctly in push notifications.
09/22/2021
This service pack release of STA introduces the following feature preview:
* Access Risk Score: Provides adaptive access through a risk score that is
based on the user's past access events and external threat intelligence
feeds.
Note
Access Risk Score is a preview feature. Contact Thales Customer Support to
request access to this feature.
09/01/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-47208 All tokens lock in the case of a failed authentication
lockout. SAS-46992 The “Extended features” menu on the Token Management console
is retitled "Access Management" and reordered to enhance usability. SAS-46746
Enhanced random number generator functionality. SAS-46450 Enhanced provisioning
tasks used to manage large numbers of users. SAS-46201 Management API-created
groups use proper character encoding. SAS-45914 Generic SMS gateway parameters
are handled correctly. SAS-44001 MobilePASS+ biometrics are allowed by default.
SAS-42454 9-character transaction IDs are supported for deallocation. SAS-41261
The Token Management console title is set to the custom product name.
08/31/2021
This service pack release of STA introduces the following feature (formerly in
preview):
* MobilePASS+ Risk Detection: Monitors and displays risk parameters associated
with SafeNet MobilePASS+ devices in your network. These parameters include OS
jailbreak and root status, OS versions in use, possible application
tampering, and malware intrusion in order to detect potential risk to the
authenticator's integrity. Refer to the documentation for more details.
Note
Acquisition of risk data requires SafeNet MobilePASS+ 2.0 or later.
08/27/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-47971 STA imports SAML metadata correctly. SAS-47967 Security
improvements for API Gateway back end logs.
08/19/2021
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Backend security enhancements
* Audit log enhancements for session termination API
* Voice OTP included in SMS challenge message
RESOLVED ISSUES
Issue Synopsis SAS-47765 Application gateway settings are saved. SAS-47702
Branding file limits are enforced correctly. SAS-47686 SAML metadata is uploaded
correctly. SAS-47029 'Origin' header value for SAML response is set correctly.
SAS-46952 SafeNet is spelled correctly on the IDP login screen. SAS-46858 IDP
timeout is increased to be compatible with RADIUS token timeout. SAS-46409 The
parent cache is provided with the latest user attributes in the case of shared
applications.
08/05/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-46858 The RADIUS token timeout is increased. SAS-30348 The
"Tokens - Count by Type and State" report generates data correctly when filtered
by token state.
07/09/2021
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-47158 SAML authentication with some specific parameters
authenticate correctly. SAS-47156 Push authentication functions correctly with
all authentication agents.
07/01/2021
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-47029 The origin header is set correctly for SAML responses.
06/30/2021
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-46954 / SAS-46961 The Azure Conditional Authentication
Factors application can be added to STA.
06/25/2021
This service pack release of STA introduces the following feature preview:
* Password Self-Service: Enables users to reset their domain passwords using
any configured STA authentication method.
Note
Password Self-Service is a preview feature. Contact Thales Customer Support to
request access to this feature.
06/21/2021
This service pack release of STA introduces the following feature and resolves
the issue listed below:
* Security updates and performance improvements for certificate based
authentication.
RESOLVED ISSUE
Issue Synopsis SAS-38634 Certificate Revocation List is correctly cached based
on its Time To Live information.
06/18/2021
This service pack release of STA introduces the following feature and previews:
* Open ID Connect Password Grant flow: This feature allows customers to
integrate applications using the Open ID Connect (OIDC) password grant flow
using the Generic Template.
* Open ID Connect Client Credentials flow (Preview): This feature allows
customers to integrate applications using the Open ID Connect (OIDC) client
credentials flow using the Generic Template – OIDC Client Credentials.
* API Access Management (Preview): Enables customers to protect against
malicious attacks on or misuse of API resources using a third-party API
gateway. In addition, it includes sample code and instructions to allow
developers to use access management to secure their API.
Refer to the documentation for further details.
Note
Open ID Connect Client Credentials flow and API access management are preview
features. Contact Thales Customer Support to request access to preview features.
06/08/2021
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-46449
On- Boarding on the STA Token Management console functions correctly when
browsing accounts.
Note: This reverts SAS-29076, which we recently announced.
SAS-46119
For offline OTPs that are sent to SafeNet Agent for Windows Logon, server-side
PINs are correctly appended or prepended, as configured on the STA Token
Management console.
SAS-43401
In auto-provision rules, the Issue Duplicate Types option checks active tokens
and pending provisioning tasks.
06/04/2021
This service pack release of STA introduces the following feature:
* Application templates are expanded to include:
* Approved (new) - based on a review of publicly available documentation, but
untested. Support for approved templates is provided on a best-effort basis.
* Verified - based on lab-testing of the integration and fully supported.
Verified templates are distinguished by the shield icon that displays next to
them in the template list.
With the combination of approved and verified templates, customers will benefit
from an increasingly large set of templates for application integrations.
06/03/2021
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-46205 The nextAudit SAML integration functions correctly.
06/02/2021
This service pack release of STA introduces the following feature preview:
* MobilePASS+ Risk Detection (Preview): Monitors and displays risk parameters
associated with SafeNet MobilePASS+ devices in your network. These parameters
include OS jailbreak and root status, OS versions in use, possible
application tampering, and malware intrusion in order to detect potential
risk to the authenticator's integrity. Refer to the documentation for more
details.
Note
Acquisition of risk data requires SafeNet MobilePASS+ 2.0. Refer to this article
to participate in the SafeNet MobilePASS+ Beta program.
05/26/2021
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Voice OTP: Users can ask to receive an OTP through a regular phone call. You
will need to subscribe to the Twilio service separately. Refer to the
documentation for more details.
* Performance and security enhancements.
RESOLVED ISSUES
Issue Synopsis SAS-45975 RADIUS attributes string values are increased from 64
to 128 characters. SAS-42162 Searches for 'All Groups' using the RADIUS Group
attribute function correctly. SAS-39165 Push OTP Geolocation data with special
characters displays correctly. SAS-29076 Unused capacity displays correctly
across the STA console and BSIDCA API. Unused capacity is total capacity minus
active or preassigned capacity.
05/20/2021
This service pack release of STA introduces the following feature:
* Time-based re-authentication: Allows access policies to enforce
re-authentication on access attempts after specified periods of time. Refer
to the documentation for more details.
05/04/2021
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* Increased RADIUS token timeout: The RADIUS token timeout is increased to 60
seconds, to provide enough time for the completion of Push OTP
authentications.
RESOLVED ISSUES
Issue Synopsis SAS-45024 The subscription plan information is displayed
correctly in the Settings. SAS-29076 Unused capacity is displayed consistently
across STA and through the BSIDCA API. Tokens that are reserved through
provisioning tasks are not included in the unused capacity.
04/08/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-43996 In the Authentication Activity, the PUSH challenge
IP address is correct. SAS-43613 Clicking a report name opens the report.
SAS-43289 On the self-service site, inheritance functions correctly for the
Inheritance of self-service "Update my Security Questions and Answers" page.
SAS-42069 The links in the self-enrollment instructions work correctly.
SAS-31578 In the Token Request report, the Process State, Approved Level 1 By,
and Approved Level 1 On fields are filled correctly.
03/24/2021
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-44940 Trend Micro integration functions correctly.
03/18/2021
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Account Delegation API: A function used to consume a delegation key to setup
delegation between two virtual servers. Refer to AddExternalOperator in WSDL
BSIDCA API Developer Guide.
* Resolve Duplicate Usernames During Sync: An option to automatically resolve
user identifier conflicts and continue the sync process. Refer to the
documentation for more information.
RESOLVED ISSUES
Issue Synopsis SAS-43893 Security enhancement. SAS-43311 The Users - Inactive
report is generated correctly. SAS-27861 The Resend option for provisioning
tasks functions correctly.
03/09/2021
IMPORTANT NOTICE: SafeNet Synchronization Agent Upgrade
Since March 9, 2021, anyone using SafeNet Synchronization Agent v3.5 or earlier
versions that do not support differential synchronization must upgrade. The
latest SafeNet Synchronization Agent is available to download from the support
site.
Failure to upgrade will prevent all user synchronization transactions from
succeeding.
03/08/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-44409 Trend Micro Apex One integration functions correctly.
SAS-44366 SAML return attributes are saved correctly. SAS-43893 Security
enhancement. SAS-43211 Logout from the User Portal functions correctly.
02/26/2021
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-44622 The Average Authentications per User metrics are
generated correctly. SAS-44451 The total authentications per month are
calculated correctly. SAS-43995 The Authentication History - Chronological
Descending report is generated correctly. SAS-43623 Tokens are correctly
assigned with BSIDCA in high-load use cases.
02/23/2021
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Network Logon Policy: Supports the following OTP logon and unlock
authentication requirements for users inside or outside of IP networks:
* Every access attempt
* Once every < 1,2, 3, or 8 hours; 1, 2, or 3 days; or 1 week >
Refer to the documentation for more details.
* Thales Branding STA Token Management Console: A modernized look and feel for
the STA Token Management console.
RESOLVED ISSUES
Issue Synopsis SAS-43068 Application sharing functions correctly. SAS-42991
BSIDCA, used for provisioning tokens, assigns tokens correctly during bulk
operations. SAS-42764 Security updates for the STA Token Management console.
SAS-42419 Updated the MobilePASS download link. SAS-32943 Configure Self-Service
Modules correctly adds languages.
02/09/2021
This service pack release of STA resolves the following issue:
Issue Synopsis SAS-44352 Year 2021 data is correctly generated into reports.
02/03/2021
This service pack release of STA introduces the following features and resolves
the issue listed below:
* Unified Logs: Allows you to view access logs and their associated
authentication logs in one place in the STA Access Management console,
therefore improving the work flow for help desk personnel and anyone else who
needs to consult the logs.
* Log Streaming: This feature allows customers to retrieve STA access,
authentication, and audit logs (1) on an ongoing basis.
The feature provides the options to do this through the use of the new
SafeNet Logging Agent v2.0.0.x, or that of the new Logs API function.
Information about how to configure the feature and agent download are
provided in the new Log Streaming menu of the STA Access Management console.
The SafeNet Logging Agent v2.0.1 retrieves your logs automatically and relays
them to a syslog endpoint of your choice. It is suitable for sending logs to
a SIEM or to another system that can be configured as a syslog endpoint. The
Logs API function is best fit for integration of log retrieval in custom log
processing or log storage applications that are not syslog endpoints.
See SafeNet Logging Agent.
Note
(1) Audit logs generated from actions taken in the STA Token Management
console are not supported by this feature.
RESOLVED ISSUE
Issue Synopsis SAS-44044 The application/JWT MIME type is supported for OIDC
authentications.
01/28/2021
This service pack release of STA introduces the following features:
* Thales Branding STA Console: A modernized look and feel for the STA Access
Management console.
* Delegated Password Validation: Allows customers to delegate password
validation against a customer defined password repository. This avoids
synchronizing hashed passwords to STA as well as synchronization delays when
the password changes. Refer to the documentation for more details.
01/26/2021
This service pack release of STA resolves the following issues:
Issue Synopsis SAS-43556 Requests for user filters with "\" in the username are
supported. SAS-43211 The logout function proceeds correctly when initiated from
the User Portal or from applications accessed via the User Portal.
01/20/2021
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Multi-Mode Authentication Settings: Enable validation of OTP codes against
all of a user's tokens during a pre-authentication rule triggered challenge
response. Refer to the documentation for more details.
* MobilePASS 8 download links are updated to the latest MobilePASS 8.4.6
RESOLVED ISSUES
Issue Synopsis SAS-42991 Tokens are correctly assigned when using the SafeNet
Management Web API. SAS-42764 Security enhancements.
01/11/2021
This service pack release of STA resolves the following issue:
Issue Synopsis SAS-43635 Security enhancement for audit and application logs.
12/17/2020
This service pack release of STA introduces the following feature:
* Access Trend Drill-down: This feature allows customers to navigate from the
STA dashboard to the associated access logs, to facilitate the investigation
and analysis of trends. This feature is available in the STA and STA Premium
subscription plans.
12/03/2020
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-42991 Tokens are correctly assigned when using the SafeNet
Management Web API.
12/02/2020
This service pack release of STA introduces the following feature:
* Domain-Authenticated User Device: This policy condition checks whether the
user authenticated with the same device to the Windows domain within a
specified number of days. This condition can be used to reduce end-user
friction when the user is accessing an app from a device that is recognized
based on a previous log-on to the Windows domain.
12/01/2020
This service pack release of STA introduces the following feature and resolves
the issue listed below:
* Thales branding of STA error pages: Any service-related error pages now
feature a Thales SafeNet Trusted Access design.
RESOLVED ISSUE
Issue Synopsis SAS-42915 Push requests function correctly for network
configurations that include RD Gateway and WLA.
11/26/2020
This service pack release of STA introduces the following feature and resolves
the issue listed below:
* General performance and database improvements.
Issue Synopsis SAS-41853 "Override default delivery method with
trigger" correctly sends a single challenge email when the configured SMS option
is overridden.
11/18/2020
This service pack release of STA introduces the following features:
* The Operating System policy condition enables you to check for iOS 13 and
Android 10.
* The Access Log Filters feature enables you to filter by application name.
* The User Device condition is renamed Known User Device. The functionality of
this condition has not changed.
11/11/2020
This service pack release of STA resolves the issues listed below:
Issue Synopsis
SAS-42696
SAS-42137
Redirects from vSec (OIDC) and SAP Ariba (SAML) function correctly.
SAS-42645
SAS-42765
Kerberos authentication works with large Kerberos tickets.
10/28/2020
This service pack release of STA introduces the following feature:
* Application Sharing between Tenants: This feature allows applications
configured in one STA virtual server (or tenant) to be shared with other STA
virtual servers for access policy control and users reach. This supports
large organizations that want management separation between business
entities, or have multiple corporate directories, and still need to use and
protect common corporate applications. Only virtual servers of type Service
Provider are allowed to share applications.
10/22/2020
This service pack release of STA introduces the following features:
* Anomalous Trends: The STA dashboard highlights when an abnormally high
proportion of access failures is detected. This allows customers to identify
problem trends that may reflect usability or configuration issues. This
feature is available in STA and STA Premium subscription plans.
* Access Log Filters:* This feature introduces the ability for operators to
filter logs on the basis of outcome value and application name. This helps
view the logs that are most relevant to an analysis, investigation, or
support case. This feature is available in all subscription plans.
10/21/2020
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-42137 Users can successfully log in to the SAP Ariba
application from their service provider's URL.
09/28/2020
This service pack release of STA introduces the following features and resolves
the issue listed below:
* Thales Branding: A new default branding is applied. The first phase changes
the MobilePASS+ application icon, color schemes in MobilePASS+, and related
enrollment pages in STA, as well as the end user-visible IDP login flows and
User Portal.
By the end of the year, Thales branding is expected everywhere in STA and key
agents, such as NPS, OAM, and Java API. More details will be provided in
future STA newsletters and this CRN.
Note
Be assured that only the default branding is adjusted. Existing branding
customizations in STA will be retained. Reverting a customization to the
default will apply the new default Thales branding.
* User-Initiated Enrollment for iOS or Android Mobile Devices: Enables end
users to enroll the first or an additional MobilePASS+ software authenticator
while they are accessing a resource from an iOS or Android device to the same
device. In this scenario, the QR code is replaced by an activation link.
RESOLVED ISSUE
Issue Synopsis SAS-40961 Inline-enrollment functions correctly.
09/24/2020
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* New MobilePASS+ icon on self-enrollment pages: We’ve started re-branding the
STA service and applications to Thales. While this is being rolled out in
phases, you may notice some inconsistencies. For instance, the MobilePASS+
icon may display differently between the app stores and STA consoles. Please
bear with us as the various components and environments are being updated. We
expect the re-branding to be complete by the end of the year. We’ll keep you
updated with announcements in our monthly STA Newsletter.
RESOLVED ISSUES
Issue Synopsis SAS-40609 Improved error handling for corrupted user data.
SAS-39932 Token details report for large virtual servers completes successfully.
SAS-38696 Maximum capacity threshold notifications are only sent once for each
trigger event. SAS-37807 Filter options are applied correctly for Authentication
Metrics (Rolling YTD) and Authentication Metrics Detailed (Rolling YTD) reports.
SAS-35994 Renamed Users - Locked Tokens - Compliance report description to
“Reports users with locked passwords and tokens”.
09/17/2020
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-41743 Database performance improvements. SAS-40934 User
matching is no longer case-sensitive for Azure Conditional Authentication
Factors.
08/27/2020
This service pack release of STA introduces the following feature:
* Usage Analytics and Data Collection
Following the announcement made on 06/02/2020 in this CRN, and communications
in previous Newsletters, usage analytics and data collection is now enabled.
The purpose of this capability is to help Thales understand usage trends and
patterns, and ultimately improve your experience with the STA product. The
only data that is collected is focused on the operator’s use of the
management consoles. Thales is committed to treating the information that is
collected with the utmost care and confidentiality. As such, the data is
anonymized to protect the privacy of the individual, will remain in the same
region as the service, and will only be used to analyze aggregated
statistical trends. Finally, the collected data does not contain personally
identifiable information (PII) and will strictly be used for Thales’ internal
use.
Customers have, at any time, the ability to opt out from usage analytics and
data collection. For more information, please refer to Knowledge Base article
KB0021755.
08/25/2020
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-36387 Push OTP authentication succeeds if a user doesn't have
an email address. SAS-39553 Users can be synchronized successfully. SAS-39628 On
the STA Token Management console, Virtual Servers > Snapshot > Authentication
Activities and Virtual Servers > Assignment > [user] > Authentication Activities
are limited to 100 records. SAS-39638 The BSIDCA ProvisionUsers method
successfully assigns tokens to multiple users. SAS-39834 Security enhancements
against a cross-frame scripting vulnerability.
08/13/2020
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-40670 SAML Signature Key Name is correctly set.
Note: This upgrade of the STA IDP enforces valid certificates for SAML request
validation. If, after this upgrade, “Invalid requester” displays when trying to
authenticate to a service provider, follow these instructions:
1. As a temporary workaround, you can disable signature validation on the
incoming SAML request to immediately enable authentication with the service
provider. This option is only available for generic template integrations or
templates that expose the functionality.
We recommend to update the request signing certificate as soon as possible.
1. Logon to the STA Management Console.
2. Browse to the affected application.
3. In Advanced Settings, select “Skip request signature validation”.
4. If enabled with the same expired certificate, assertion encryption must
be disabled. This will require an update by the service provider, too.
5. Save Configuration.
2. For a permanent solution, please work with your service provider to update
the SAML request signing certificate.
Afterward, the certificate must be imported into STA via metadata import or
manual certificate import before re-enabling “Verify request signature”.
Refer to the documentation for more detailed instructions.
08/12/2020
This service pack release of STA introduces the following features:
* SafeNet Agent for macOS Logon v1.1.0: Introduces support for Push OTP.
07/23/2020
* User interface enhancements on the STA Access Management console:
* Optimized display of authentication requirements in access policies
* Collapsible sub-menu in Settings
* Separated self-provisioning and MobilePASS+ settings
07/14/2020
This service pack release of STA introduces the following features:
* Email OTP using e trigger: Allow users to type “e” in the passcode field of
an authentication prompt, to have their OTP delivered by email, or “s” to
have it delivered by SMS. If the user types any other character or leaves the
passcode field empty, the OTP will be delivered by the configurable default
method.
* Updated SMS plugin
07/13/2020
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-40338 Support for Google Chrome, version 84 and later.
SAS-40096 Prevent intermittent authentication blocking for OIDC applications.
SAS-39658 Support application names with “-“ character in the Application
Management REST API.
07/02/2020
This service pack release of STA resolves the issue listed below:
Issue Synopsis SAS-40031 Reports are generated as expected.
06/25/2020
This service pack release of STA introduces the following feature:
* SafeNet Agent for Windows Logon 3.3 enables you to base the unlock policy on
the location of the user by using network conditions to define the IP
addresses that are valid for the user.
06/23/2020
This service pack release of STA introduces the following features:
* OIDC custom-defined and multi-value claims:
* Modify existing predefined claims and add custom claims in OIDC responses
to adapt to service provider requirements.
* Create multi-value claims with values mapped to customer text and returned
as arrays in the OIDC response.
* Performance improvements to the STA console.
06/17/2020
This service pack release of STA introduces the following feature:
* General performance and database improvements.
06/16/2020
This service pack release of STA introduces the following feature:
* Optimized UI design for Modern Authentication on the IDP: Enhances the
usability during authentication to a O365 application using Microsoft Modern
Authentication. Graphical elements for branding are removed from the screen
and margins are adjusted to avoid scrolling.
Before
After
06/04/2020
This service pack release of STA introduces the following feature:
* Application Management API:
* A REST API that can be used to add SAML applications that are in the STA
application catalog from application metadata. The generic template is not
supported.
* Full application assignment functionality that is used to manage
application authorization
* Access & Audit Logging for all API calls
Refer to the API documentation for full details.
06/02/2020
This service pack release of STA introduces the following features:
* Access Outcome Trends: This feature enhances the STA dashboard to display a
30-day historical view of detailed access event outcomes. This historical
view helps to quickly identify access failure trends that may reflect
usability or configuration issues. This feature is available in the STA and
STA Premium subscription plans.
* Opt-out Option for Usage Analytics and Data Collection: As communicated in
our recent May Newsletter, we will be introducing usage analytics and data
collection in the coming months. The purpose of this is to help us understand
usage trends and patterns, and ultimately improve your experience with the
STA product. The only data that is collected will be focused on the
operator’s use of the management consoles. We are committed to treating the
information that is collected with the utmost care and confidentiality. As
such, the data will be anonymized to protect the privacy of the individual,
will remain in the same region as the service, and will be used only to
analyze aggregated statistical trends. The data collected will not contain
personally identifiable information (PII) and will strictly be used for
Thales’ internal use.
In advance of rolling out usage analytics and data collection, which is
planned for June 15, 2020, we are now introducing the ability to opt out from
it for your tenant. As such, if you desire, you may opt out from usage
analytics and data collection now or at any point in the future. Once opted
out, you will also be able to opt back in. The option is available to you
from inside the STA Access Management console, from the Terms of Service page
link that is accessible at the bottom right of the console. Screen shots are
provided below for your reference. For more information about usage analytics
and data collection in STA, refer to the Knowledge Base article KB0021755,
which is available on our Support Portal.
05/29/2020
This service pack release of STA introduces the following feature:
* MobilePASS+ Enhanced Approval Workflow support for Windows:
* Approve push authentication requests without requiring the MobilePASS+
application to launch.
* Approve push authentication requests directly from a notification.
* Approve No PIN push requests from the Windows lock screen.
This feature can be enabled on the STA Token Management console and requires
MobilePASS+ for Windows running on Windows 10.
05/19/2020
This service pack release of STA introduces the following feature:
* General performance and database improvements.
05/04/2020
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-38806 Dormant account notifications are sent only if the
alert is configured.
04/30/2020
This service pack release of STA introduces the following feature:
* Logon policies managed through STA - This feature introduces logon policies
in STA which are automatically updated in the Windows Logon agents without
the need to rely on an external configuration management system such as
Active Directory group policies. The feature also allows customers to enforce
a maximum time period for unlocking the user's PC without an OTP.
04/23/2020
This service pack release of STA resolves the issues listed below:
Issue Synopsis SAS-38194 March statistics are included in reports. SAS-37123
Dormant account alerts are sent. SAS-36455 The token change logs identify the
user who modified the token. For provisioning rules it is a system user, for
operator-initiated provisioning it is the operator, and for self-provisioning it
is the user. SAS-36295 SAML metadata upload successfully. A permission error is
no longer triggered. SAS-35989 Usernames with special characters are accepted on
the STA login screen. SAS-35924 Switching between the STA Access Management
console and STA Token Management console no longer results in a permission
error. SAS-35920 Error messages clarify that operator and account manager roles
must be removed from reports and provisioning rules before the roles can be
deleted. SAS-29720 Operator roles are saved properly, when changes are made on
the STA Token Management console, in Policy > Role Management. SAS-20250 The
Users - Locked account report has been renamed to Users – Locked tokens. It
shows the locked tokens.
04/02/2020
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-38094 Ensures that the monthly billing reports are running
properly.
03/28/2020
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-37987 Database performance improvements. SAS-37886 Database
performance improvements.
03/25/2020
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-37890 Database performance improvements. SAS-37866 Database
performance improvements.
03/21/2020
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-37837 Database performance improvements. SAS-37836 Database
performance improvements.
03/20/2020
This service pack release of STA introduces the following feature and resolves
the issue listed below:
* Security enhancements for the Azure Conditional Authentication Factors
integration.
RESOLVED ISSUE
Issue Synopsis SAS-37808 Database performance improvements.
03/18/2020
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-37742 Database performance improvements.
03/16/2020
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-37702 Database performance improvements.
03/13/2020
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-33098 Improved display performance of the Virtual Servers tab
on the STA Token Management console.
03/04/2020
This service pack release of STA introduces the following features and resolves
the issue listed below:
* Customization of subscription plan change alerts: Allows customization of the
email and SMS alert templates for the STA product subscription plan alert.
* Security updates and STA Access Management console performance updates
RESOLVED ISSUE
Issue Synopsis SAS-35359 When multiple tokens are assigned to a user, the token
status is displayed correctly on the STA Access Management console and user
portal.
02/28/2020
This service pack release of STA introduces the following feature:
* Security enhancements for the Azure Conditional Authentication Factors
integration.
* General system stability improvements
01/28/2020
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Subscription plan change alerts: A new email/SMS alert is introduced to
optionally notify operators about changes to the subscription plan.
RESOLVED ISSUES
Issue Synopsis SAS-34663 Provisioning works correctly when password enrollment
is restricted in Policy > Token Policies > Token Restrictions. SAS-34753
Application help is linked to the template version from which the application
was created.
01/24/2020
This service pack release of STA introduces the following update:
* Software enhancements and security updates for certificate-based
authentication (CBA).
01/14/2020
This service pack release of STA introduces the following features:
* Self-enrollment of additional MobilePASS+ authenticators: Enables users to
enroll backup or replacement devices on demand without administrator
intervention, triggered from the OTP Authentication screen. Administrators
can restrict the number of tokens that can be enrolled via self-enrollment.
* Integrated Windows Authentication (Kerberos) on the User Portal: STA now
supports Integrated Windows Authentication (Kerberos) on the User Portal. In
addition, the landing page for the User Portal, enables users to easily
bookmark the page.
* Switch user during the authentication flow: Enables users to change their
username during the authentication flow unless the username was preset by the
service provider.
* Redesign of authentication settings: Authentication settings are moved from a
dedicated icon on the main navigation to a section in the Settings menu.
Note
The Logon tab in the Policies section is not functional at this time. It
supports a feature that is planned for a later release.
12/03/2019
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-34538 In Self-Enrollment > Configuring Self-Enrollment
> Configure Self-Enrollment Pages, the character limit for each field has been
increased to 4000. SAS-34537 The self-service portal always returns the same
response whether or not the user exists. SAS-34535 To increase security for the
Resend SMS option on the Self-service portal, a generic message is displayed
regardless of whether the user enters a correct PIN or user ID. The message
states: "If this user ID exists and has a mobile number, you will receive a new
SMS Token Code shortly." SAS-32379 Organization Capacity alerts are generated
successfully. SAS-24186 For authentication attempts with a GrIDsure token, the
self-service portal always returns a GrIDsure response whether or not the user
exists.
Note
Issue 2 of this release adds known issue SAS-35716.
Note
The Logon tab in the Policies section is not functional at this time. It
supports a feature that is planned for a later release.
11/26/2019
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-35118 Billing reports on records prior to September 17th,
2019 are generated correctly. SAS-34202 The inline enrollment process correctly
registers tokens. SAS-32694 Older KT-5 tokens that were imported with a previous
encryption method can be enrolled.
11/12/2019
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-33918 On the self-enrollment page, the MobilePASS and
MobilePASS+ links for iPadOS 13 are correct. SAS-33511 When a user completes the
MobilePASS+ token enrollment, any static password or AD password that is
assigned as a token is removed from their token list. SAS-30329 In COMMS >
Custom Branding > Custom Buttons, selecting the Reset button, or selecting the
Default option and then selecting Apply, reverts to the default button color.
11/07/2019
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-34814 Improved performance of QR code generation during
inline enrollment.
10/31/2019
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-34260 Certificate Based Authentication functions correctly in
cases where a root Certificate Authority (CA) issuer is identified by the
Organizational Unit (OU).
10/30/2019
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-24132 When accessing an application from an iOS device, the
push authentication can now also be accepted from that same device.
10/29/2019
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-33780 Tokens are correctly allocated from the On-Boarding
tab. SAS-31968 Custom email addresses are correctly saved. SAS-29635 The Change
Log correctly records tokens that are revoked.
10/24/2019
This service pack release of STA resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-32694 Legacy KT-5 tokens enroll successfully.
10/15/2019
This service pack release of STA introduces the following features and resolves
the issues listed below:
* STA Access Management console Settings > Branding > User Login and Operator
Login replace Comms > Custom Branding > IDP Login & Operator Login
functionality in the STA Token Management console.
* The Snapshot tab loads more quickly.
* Virtual Servers > Comms > SAML Service Providers > SAML 2.0 Settings displays
the End of Life date for this functionality and provides a link to the
enhanced interface for managing SAML applications on the STA Application
Management console.
* The Service Metrics - Total Active Users per Month (Rolling YTD) report
includes columns for: Product Plan and Custom #1 - #3.
Note: You may need to exclude the new columns from existing scheduled reports
if they are not required.
* The Application tab on the STA Token Management console is removed. To manage
applications, select Applications from the Extended Features menu.
* Passwords and ICE tokens are not available for provisioning in Virtual
Servers > Policy > Token Policies > Token Restrictions.
* The status of synced passwords is displayed only for synced passwords in the
STA Token Management console under Virtual Servers > Assignment > User
Detail. See the illustration which follows.
RESOLVED ISSUES
Issue Synopsis SAS-33881 Enrollment proceeds without intermittent interruptions.
SAS-33702 Duplicate provisioning tasks are prevented so that the token inventory
is not depleted. SAS-32433 Race conditions that allow assigned tokens to also be
in inventory are prevented.
10/02/2019
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-33502 The number of IP addresses supported by scenarios is
increased. SAS-33376 Domain passwords ending with two & characters in a row are
supported.
09/17/2019
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Windows Logon 3.0: The new Windows Logon 3.0 agent is now available for
download and installation directly from the STA console. It is found under
the Applications tab through the Windows Logon application template. The
agent is now easier to deploy without configuring the authentication nodes.
This version of the agent supports Windows 10 only.
* Subscription Plan Downgrade: Allows you to downgrade a subscription plan (for
example from STA Premium to STA, or from STA to STA Basic). Downgrading a
subscription is subject to contractual rules and commercial agreements.
RESOLVED ISSUES
Issue Synopsis SAS-32244 Changes to Synchronization Agent settings can be saved.
SAS-30132 Added the following timezone offset option: UTC-02:30.
09/09/2019
This service pack release of STA introduces the following feature:
* Country Change condition: Allows you to check whether the access attempt of a
given user originates from a different country compared to the previous
successful access by the same user. Use this condition to step-up
authentication or deny access in these situations.
09/06/2019
This service pack release of STA introduces the following feature and resolves
the issue listed below:
* Access Logs and Audit Logs: To further simplify navigation on the STA
console, the Access Logs and Audit Logs are now accessed from the Home tab.
The presentation of the Access Logs and Audit Logs is updated with an improved
UI. These improvements include a new timezone selector that allows you to view
the logs in either local time or UTC time, and a refresh button that allows you
to display the latest logs captured by the system. The refresh button replaces
the old filter reset button.
RESOLVED ISSUE
Issue Synopsis SAS-31946 The mapping for OIDC claims can now be edited.
08/29/2019
This service pack release of STA introduces the following features:
* Anonymizer condition: Checks whether the access request originates from
behind an anonymizer (VPN, proxy, or Tor) that hides the originator’s real IP
address. This condition uses a regularly updated IP intelligence database
that keeps track of anonymizers in the public network. You can combine the
anonymizer and network conditions to remove false positives that could be
caused by the detection of legitimate customer proxies. Use the anonymizer
condition to step-up authentication or deny access in these situations.
* User Device condition: Checks whether the access request originates from a
known device for this user. This condition determines whether this user has
successfully authenticated using this device in the specified period. This
condition allows you to lower authentication requirements and reduce user
friction when authenticating with a known device.
* Enhanced Operating System condition: Allows you to identify situations where
the operating system of the connecting user is not included in a specified
list of operating system types or versions. This feature makes it easy to
configure policy behavior for cases where the connecting machine’s OS falls
outside of the list of OS types and versions supported by the your IT group.
The features are available in the STA and STA Premium plans.
08/27/2019
This service pack release of STA introduces security enhancements and resolves
the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-32894 Changes to Synchronization Agent settings can be saved.
08/13/2019
This service pack release of STA resolves the issues listed below:
RESOLVED ISSUES
Issue Synopsis SAS-31324
OTP delivery via email works correctly. If the email subject contains line feed
or carriage return characters, the characters are replaced with a white-space.
SAS-30866 The language on the self-service portal can be changed by the end
user. SAS-30803
Account managers who do not have an operator role are able to access the
STA console.
SAS-28382 SMS messages over 160 characters are now correctly split into multiple
160 character messages. The following are counted as multiple characters: \b
(backspace), \n (newline), \r (carriage return), ^ ~ | € [,],{,} SAS-24379
Changes to the Custom Title on the Self-Enrollment page can be saved. The Custom
Title field is grayed-out if "Use Inherit Customization" is in use.
Note
Issue 2 of this release adds resolved issues: SAS-30866, 28382, and 24379.
08/01/2019
This service pack release of STA introduces the following change, resolves the
issues listed below, and provides security enhancements:
* The product name displayed at the top of the operator login page for the STA
Token Management console (previously known as the SAS console) is changed
from SafeNet Authentication Service to SafeNet Trusted Access as a follow up
to the merging of STA with STA. For customers who have configured a custom
product name, the custom name remains unchanged.
RESOLVED ISSUES
Issue Synopsis SAS-32162 When an operator tries to log in with an unknown user
ID, the logs correctly indicate the failure reason as Invalid User. SAS-31851 /
ASCO-11538 The IDP login screen correctly forwards to the application instead of
displaying "Already logged in". SAS-31422 Operators who belong to many groups
can successfully log in to the management consoles. SAS-31413 Operators can log
in when there is an apostrophe in their email address. SAS-30947 STA waits until
Kerberos ticket collection completes. SAS-30630 The Users page is now displayed
properly when accessed from the shortcut link on the STA Token Management
console.
07/23/2019
This service pack release of STA resolves the following issues:
RESOLVED ISSUES
Issue Synopsis SAS-31461
Inline enrollment of tokens with user-side PINs works successfully.
SAS-31086
The Service Metrics – Total Active Users per Month (Rolling YTD) report works
correctly.
MERGE SAS WITH STA - 06/27/2019
This service pack release of STA merges SafeNet Authentication Service (SAS) and
SafeNet Trusted Access (STA) to form a combined access management and
authentication service named SafeNet Trusted Access (STA).
This introduces the following changes:
* The SafeNet Authentication Service (SAS) product name is changed to SafeNet
Trusted Access (STA).
* Three subscription plans are introduced: STA Basic, STA, and STA Premium.
* Customers with SAS service subscriptions are upgraded to the STA Basic
subscription plan. Customers with STA service subscriptions are migrated to
the STA Premium subscription plan.
* A new Extended Features shortcut links menu is added to the SAS console,
which is now referred to as the STA Token Management console. This new
shortcut menu provides a fast way to navigate to the access management
capabilities in the STA console.
* This CRN consolidates the previous two separate CRNs for SafeNet
Authentication Service (SAS) and SafeNet Trusted Access (STA). You can find
the previous SAS release notes on the Customer Support Portal.
PRODUCT NAME CHANGE
The SafeNet Authentication Service (SAS) product name is changed to SafeNet
Trusted Access (STA).
This new product name will appear in the operator console, system generated
emails, self-service portal, and enrollment pages. For customers who have
configured a custom product name, that custom name remains unchanged.
The product name that appears on the user’s login page will also be changed in
the coming weeks. This change will be communicated separately.
THREE SUBSCRIPTION PLANS ARE INTRODUCED
The SafeNet Trusted Access is now available in three subscription plans:
* SafeNet Trusted Access Basic
* SafeNet Trusted Access
* SafeNet Trusted Access Premium
The three plans have the following features:
STA Basic STA STA Premium SAS functionality All + + Authentication methods
All authentication methods that are offered by SAS
Domain password
+
Kerberos
+
Certificate-based authentication
Applications
Applications page
SAML & OIDC templates
User portal
+ + Policies Apply policies to groups of users
+
Apply policies to groups of users and applications
+ Conditions
Network
(IP address ranges)
+
OS, location
+ Session Session timeout control + + Authentication frequency Once per session
+
Every access attempt
+
SAS SERVICE SUBSCRIPTIONS ARE UPGRADED TO STA BASIC
SAS service subscriptions are now upgraded to STA Basic subscriptions. This
comes with new features that were previously accessible to only STA customers:
* Access management policies for different groups of users: Control access
decisions and authentication requirements to applications based on the user's
group membership.
* Access management policy scenarios based on network context: Control access
decisions and authentication requirements to applications based on which
network the user is connecting from.
* User-initiated token enrollment – also referred to as inline enrollment:
Customers can configure the ability for users to self-provision their SafeNet
MobilePASS+ token. Self-provisioning means that users who don't already have
a token can immediately enroll a new token on their own when they need it,
without using an enrollment email.
* Application management: Customers can configure the integration of
applications using predefined SAML or OIDC templates.
Default operators (with the operator role) are automatically granted permissions
to access the STA Access Management console (the STA console). They can extend
this permission to other operator roles that are configured by the customer.
STA SERVICE SUBSCRIPTIONS ARE UPGRADED TO STA PREMIUM
STA service subscriptions are now migrated to STA Premium subscriptions. They
continue to benefit from the full set if capabilities offered by their STA
service.
STA SUBSCRIPTION PLAN INFORMATION CAN BE VIEWED IN THE STA CONSOLE
Customers can view their STA subscription plan information from the STA Access
Management console.
NEW EXTENDED FEATURES SHORTCUTS MENU
A new shortcut links menu is introduced on the SAS console (the STA Token
Management console) to allow operators to rapidly navigate to useful functions
in the STA Access Management console. Only operators who have permission to
access the STA Access Management console can view this menu.
NEW EMBEDDED SHORT-CUT LINKS
Embedded shortcut links are added to the Applications and Policy tabs of the STA
Token Management console. These shortcuts allow operators to rapidly navigate to
the associated functions on the STA Access Management console.
06/19/2019
This service pack release of SAS Cloud version 3.7.36 resolves the issue listed
below:
RESOLVED ISSUE
Issue Synopsis SAS-31404 Auto-provisioning tokens works as expected.
06/18/2019
This service pack release of STA introduces the following feature and resolves
the issues listed below:
* New SAS Console operator login supporting push OTP: A new login experience is
introduced for the operator login. It provides a better operator login user
experience and supports push OTP authentication. Because the user experience
comes with a new, modernized UI, custom branding of the operator login page
has to be reapplied.
The branding for the new operator login experience is set on the new,
intuitive branding page, which features a live preview option. Company Logo,
Top Banner, Operator & End User Background, and all text colors can be
customized. Browse to COMMS > Custom Branding > IDP Login & Operator Login,
and select the OPERATOR LOGIN tab to apply your company branding.
Note
Branding on the new operator login page does not support inheritance. The
branding needs to be individually applied to each virtual server.
If there are any issues with the new login experience, add the ?logic=classic
parameter at the end of the regular SAS console login URL, to fall back to
the previous login:
https://cloud.safenet-inc.com/console/?login=classic*
Issue Synopsis SAS-30244 The BSIDCA ProvisionUsers method can be used to assign
tokens to multiple users. SAS-30264 SafeWord/SAM OTP solutions can be
successfully migrated to SAS Cloud using the SafeWord database export format.
Existing enrolled tokens and user-token associations are retained, to provide a
seamless migration experience for end users. SAS-28112 Any restrictions on
IP address ranges that are set in the SAS console under Policy > Role Management
> Allowed Management IP Range apply to both the SAS and STA consoles with
OIDC-based logins.
06/12/2019
This service pack release of STA introduces the following features:
* Inline Enrollment: You can offer your users the option to self-provision a
SafeNet MobilePASS+ token. Self-provisioning means that users who don't
already have a token can immediately enroll a new token on their own, without
using an enrollment email.
* SAS as a multi-factor option in Microsoft Azure AD: Customers with at least
an Active Directory Premium P1 subscription can integrate SAS as a
multi-factor option into their Azure AD Conditional Access Policies. This
feature includes:
* Support for multiple token types, including hardware tokens
* Easy integration with a simple copy & paste operation
06/12/2019
This service pack release of STA resolves the issue listed below.
RESOLVED ISSUE
Issue Synopsis SAS-31183 MobilePASS+ tokens can be enrolled with a server-side
PIN on iOS devices.
06/11/2019
This service pack release of STA introduces the following changes and resolves
the issues listed below:
* Import of Yubico Personalization Tool PSKC format
* Default storage period of reports set to 365 days
* Reports default to “Run now”
* Updated MobilePASS 8 to latest version 8.4.5.3
RESOLVED ISSUES
Issue Synopsis SAS-29574 Locked tokens correctly display in the Tokens tab.
SAS-29325 Authentication activity is correctly sent to the Remote Logging Agent.
SAS-28293 Accounts can be deleted. SAS-28023 Stale MSM notification profiles are
correctly removed during token enrollment, avoiding duplicate push
notifications. SAS-27093 The text on buttons is bolded to more easily
distinguish between valid (black) and invalid (grayed-out) options. SAS-26080 An
IDP auto-trigger no longer triggers sending a new SMS for tokens that are in
QuickLog mode. A successful authentication will trigger sending the next OTP via
SMS.
Note
SAS Service Pack Releases that precede 06/11/2019 are documented in the SAS CRNs
on the Customer Support Portal.
02/15/2019
This service pack release of STA introduces the following feature:
* Customization of Application Icons: Customers are now able to customize the
icons that represent applications in the STA User Portal and the STA console.
This can be done for each application individually by uploading an image
file.
02/12/2019
This service pack release of STA introduces the following feature:
* List authenticators on the user portal: This features allows your end users
to a view a list of their authenticators, on the user portal. The list
indicates the status of each token and whether push is enabled.
01/23/2019
This service pack release of STA introduces the following feature:
* Integration of Applications with Open ID Connect: This feature allows
customers to integrate web applications using the Open ID Connect (OIDC)
protocol. It is primarily focused at the integration of customer in-house
applications that do not have built-in SAML capabilities.
The solution is delivered together with sample OIDC Relying Party software. It
is also designed for compatibility with certified OIDC Relying Party software.
It thereby allows for the use of readily available OIDC software packages for
integration in the applications.
11/05/2018
This service pack release of STA introduces the following features:
* Additional fields for status of AD password in the STA console (preliminary):
Fields are added in the STA console to display the status of the AD password.
The status is currently represented as Unavailable pending release of
software expected in the coming weeks.
* Epic Hyperspace Agent in STA: This feature allows integration with the Epic
Hyperspace application through the use of an agent available from the
Applications tab in the STA console.
10/25/2018
This service pack release of STA introduces the following feature:
* Certificate-based authentication: STA now supports PKI credentials, enabling
organizations to enforce the use of certificate-based authentication when
defined in a STA access policy. This allows organizations to take advantage
of their existing PKI implementations to protect access to their cloud
applications and assets.
RESOLVED ISSUES
Issue Synopsis SAS-25036 The user portal for newly created virtual server
accounts now displays as active on the console.
10/16/2018
This service pack release of STA introduces the following feature:
* The visual organization and presentation of the Authentication tab in the STA
console is updated in preparation for the introduction of Certificate Based
Authentication in the future. There is no functional impact with this change.
09/05/2018
This service pack release of STA introduces the following features and resolves
the issues listed below:
* Rename an application: This feature enables customers to change the display
name for an application, which appears on the user portal and in the STA and
SAS consoles.
* Additional Languages for STA Login and User Portal: Users can now select
Simplified Chinese, Traditional Chinese, and Korean, in addition to the
languages that were already available.
08/21/2018
This service pack release introduces the following feature and resolves the
issue listed below:
* Outlook Web Application in STA: This feature allows customers to manage
access to the Outlook Web Application through SafeNet Trusted Access and in
this way extend the value of the STA policy framework and scenario-based
contextual conditions to the application.
This feature uses the new Outlook Web Application (OWA) 2.1.0 agent; which
can be downloaded from the STA console Applications tab, where it is provided
as part of the Outlook Web App template.
RESOLVED ISSUE
Issue Synopsis SAS-19667 A scenario condition that specifies multiple OS types
(for example, Windows and OS X) applies proper logic.
06/14/2018
This service pack release introduces the following feature:
* Additional Languages for STA Login and User Portal: Users can now select
Czech, Dutch, and Italian in addition to the languages which were already
available.
06/05/2018
This service pack release introduces the following features and resolves the
issues listed below:
* Windows SSO Integration for STA: This feature provides the option for STA to
recognize the user's login to the enterprise Windows Domain as an
authentication credential in the SSO session.
* Language Selector on the Login Pages: This feature allows users to select
their language of choice on the STA login pages from a drop-down menu.
RESOLVED ISSUES
Issue Synopsis ASCO-3069 Logs can be exported from the STA console when using
Internet Explorer. SAS-22317 Key size for SAML application certificates is not
limited to 2048. SAS-21715 Users can access the STA console without generating a
system error message. SAS-20945 Login UI text for challenge response can be
presented in language of choice (for supported languages).
05/29/2018
This service pack release introduces the following features:
* Language Adaptability for STA Login Dialog: This feature introduces language
adaptability for the STA login page dialog. The system presents the login
dialog in the user’s preferred language as defined by language selections
configured in browser settings. The feature initially supports Danish,
English, French, German, Japanese, Norwegian, and Swedish; with more
languages to be added through future enhancements.
* Additional Languages for STA User Portal: Users can now select Danish,
Japanese, Norwegian, and Swedish in the User Portal. This comes in addition
to English, French, and German which were already available.
05/22/2018
This service pack release introduces the following feature:
* Customization of the STA Console Login UI: Customers can now customize visual
attributes of the login interface presented to their operators when they log
in to the STA administration console. This includes customization of the
company logo, background image, and colors; all managed through a
user-friendly interactive user interface.
05/03/2018
This service pack release introduces the following feature:
* Read-only Permission for STA Operators: This feature allows customers to
configure operator roles with read access permission to the STA console but
no write permission. This type of role configuration could for example be
used for help desk support personnel who need to access information in the
STA console about users, access logs, policy configuration, and application
configuration, but do not need to make changes to policy or application
configurations.
04/20/2018
This service pack release introduces the following features and resolves the
issues listed below:
* Language Selection on STA User Portal: This feature allows users to select
the language that is presented by the STA User Portal interface. The feature
initially supports English, French, and German. Additional languages will be
added through future enhancements.
RESOLVED ISSUES
Issue Synopsis SAS-22049 Login page for STA User Portal now appears with correct
formatting when using supported Internet Explorer versions. SAS-22100
Applications that were unassigned from a user no longer display inside the User
Portal for that user.
04/19/2018
This service pack release resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis
SAS-20248
When configuring an application in STA, the ACS URL of that application can now
contain any of the following special characters:
? ! $ |
04/17/2018
This service pack release introduces the following feature and resolves the
issues listed below:
* Export Logs: Users can export Access Logs or Audits Logs from the STA console
into a file. The exported data set is also bound by any applied filter
settings.
LIMITATION
Export Logs does not work using Internet Explorer. This limitation will be
resolved as soon as possible through a maintenance update.
RESOLVED ISSUES
Issue Synopsis SAS-21997 Signature Algorithm settings are correctly updated and
effective in STA. SAS-21993 Metadata can be uploaded for specific or known
applications. SAS-21624 Once a STA console session expires, it cannot be renewed
without the re-entry of login credentials. SAS-21595 Metadata upload pass-though
mode used with the generic template operates correctly. SAS-21167 SAML Return
Attributes are correctly updated when a replacement metadata file is uploaded.
SAS-20822 The Single Logout URL value imported from a metadata file correctly
displays in the application's configuration within the STA console.
04/16/2018
This service pack release introduces the following feature and resolves the
issue listed below:
* Single Sign-On from the STA Console to the SAS Console: This feature provides
the ability for STA operators to access the SAS console from the STA console
without re-entering their authentication credentials. At this point in time,
the single sign-on is strictly from the STA console to the SAS console. If
logging in to the SAS console first, the operator still needs to enter their
credential when accessing the STA console.
RESOLVED ISSUE
Issue Synopsis SAS-21328 An application configuration cannot be saved when a
mandatory field is missing. STA generates an error message that states which
fields are missing.
03/22/2018
This service pack release introduces the following feature and resolves the
issue listed below:
* Filter Logs by Dates: This feature enables customers to apply a date range
filter when viewing the STA Access Logs and Audit Logs so that only those
logs that fall within the specified date range are displayed.
LIMITATIONS AND IMPORTANT NOTES
This service pack removes some of the limitations stated in the service pack
03/15/2018.
The Generic Template has been updated to allow an application to integrate with
the User Portal when using the SP-initiated flow – in this case, a Service Login
URL must now be configured as part of the application configuration.
Applications that were previously configured with the Generic Template and
require the SPinitiated flow must be reconfigured with the new (and now current)
version of the Generic Template in order to work properly with the User Portal.
Templates for the following applications now support the User Portal:
* Oracle WebLogic Server
* AirWatch
* BlueJeans
If you configured any of these applications prior to this service pack, then you
must reconfigure them using the new (and now current) version of the associated
template in order for the application to properly work with the User Portal.
RESOLVED ISSUE
Issue Synopsis SAS-21223 Metadata Upload using the Generic Template supports
Wallix Access Manager, New Relic, FreshDesk, and BambooHR.
03/15/2018
This service pack release introduces the following feature and resolves the
issues listed below:
* User Portal: Portal from which end users can view a list of their
applications and access them with a simple click. A Single-Sign-On session is
initiated when logging into the user portal. This allows users to access
their applications seamlessly from the Portal, requiring additional
authentication only when needed as specified by the policy.
LIMITATIONS AND IMPORTANT NOTES
If you are using the Generic Template to configure an application, the
application must support the IdP-initiated flow (as defined in the SAML
standards) in order to be invoked from the User Portal.
Applications which cannot yet be invoked from the User Portal include:
* Oracle WebLogic Server
* AirWatch
* BlueJeans
* Palo Alto GlobalProtect
* Apache Web Server
A maintenance release with updates for the Generic Template and templates for
the above-listed applications will soon be introduced to remove the above-stated
limitations. Once this is available you will be required to reconfigure these
applications in the Applications tab of the STA console with the new templates
in order to use the applications in conjunction with the User Portal.
If you have already configured instances of the following applications in STA:
* G Suite
* SAP Cloud Platform
* Adobe Creative Cloud
and want to allow your users to access the application from the User Portal, you
must first create a new instance of the application in the Applications tab of
the STA console and use that new instance. This will ensure that the application
is configured based on a version of the template which provides parameters that
are required for correct inter-working with the User Portal.
RESOLVED ISSUES
Issue Synopsis SAS-20618 The user ID filter on Access Logs and Audit Logs pages
accepts special characters. SAS-20939 The “Enforce User Name” SAML advanced
setting property becomes effective when saved. SAS-20942 NameID in the template
is not overwritten when an uploaded metadata does not include a NameID.
SAS-21495 Able to add or update a scenario that includes “macOS” as a selection
in the OS condition.
03/13/2018
This service pack release resolves the issue listed below:
RESOLVED ISSUE
Issue Synopsis SAS-19819 Failed Result is now correctly reported in access logs,
when there is an access attempt where a valid password and an invalid OTP were
entered.
03/08/2018
This service pack release introduces the following features and resolves the
issue listed below:
* Advanced Configuration Settings for Applications: This feature provides the
ability to configure advanced settings for SAML applications in STA. The
advanced settings include signature options, the format of the NameID field,
encryption options, and more. This feature is initially available on the
Generic Template and significantly broadens the range of applications that
can be configured in STA.
* Filter Access Logs by User: This feature allows customers to apply a user
filter when viewing the STA Access Logs or STA Audit Logs so that only the
logs of a specific user are displayed.
RESOLVED ISSUE
Issue Synopsis ASCO-2389 Users with special characters in their user identity
field can now be searched in the STA Users page.
02/06/2018
This service pack release introduces the following feature:
* Metadata Import for Application Configuration: With this feature the
configuration of applications in STA is made simpler and faster through the
ability to import application-provided configuration metadata files. Instead
of manually entering configuration data, the information is automatically
populated in STA from the content of the metadata file.
02/01/2018
This service pack release introduces the following features and resolves the
issue listed below:
* Application Assignment: Customers can now assign groups of users to
applications; in this way letting them control through STA which of their
users are authorized to access any given application based on their group
membership.
* IDP Login Customization for STA: Customers can now customize visual
attributes of the login page presented by STA to end-users, while accessing
applications. This includes customization of the company logo, background
image and colors - all managed through a user friendly interactive UI.
As part of this feature, the default background image of the user login page is
updated.
RESOLVED ISSUE
Issue Synopsis SAS-16923 Images are now reliably displayed in application
template help files.
12/06/2017
This Service Pack introduces a variety of User Interface adjustments and
improvements in the STA administration console and resolves the issues listed
below.
RESOLVED ISSUES
Issue Synopsis SAS-19074 Policies and Applications can be deleted from the STA
console when using Internet Explorer. SAS-17432 Push authentication events
initiated through STA correctly record information in the MobilePass+
application and in authentication logs. SAS-16755 Upon entry of one or multiple
IP addresses as part of configuring a network condition, the UI correctly
rejects the IP address as invalid data.
11/01/2017
This service pack release introduces the following features:
* Enhanced Applications Tab: The visual organization and user interface of the
applications management tab in the STA console is improved to make it even
easier to configure and manage applications for STA Single Sign-On.
* Enhanced OS Conditions with iOS and Android: The OS Condition, optionally
configurable in STA Policies, can now check for iOS or Android versions in
addition to Windows and Mac OS versions.
10/26/2017
This service pack release resolves the issue listed below and introduces the STA
console Users tab which enables customers to search for users and view the
associated attributes, statistics, and recent access activity.
Note
User details include a section titled "Assigned Applications" which is not yet
active. When the Application Assignment feature is released in SafeNet Trusted
Access (STA) at a later date, customers will be able to authorize access for
each application on a user group basis. Until this feature is available, subject
to meeting the policy-driven access requirements, all users of a given tenant
are authorized to access all applications configured for that tenant.
RESOLVED ISSUE
Issue Synopsis SAS-16755 IP addresses in Network Conditions can be edited and
updated as needed.
08/31/2017
This service pack release resolves the issues listed below and introduces the
following features:
* Denial of Access – Enables you to block access to cloud applications based on
context conditions or groups of users.
* OS Condition – Enables you to grant or deny access, or to adjust the
authentication requirements based on contextual conditions (the Operating
System) of the end-user’s device.
* IP Address in Access Logs – Displays the originating IP address in STA access
logs; enabling you to determine the source of each access attempt.
* Reason for Deny or Fail – Displays additional information in STA access logs
for auditing and help desk support.
* Push OTP for STA Operator Login – Provides Operators with an additional
method of logging into the STA console.
RESOLVED ISSUES
Issue Synopsis SAS-17665 Grid presented on GrIDsure authentication has improved
image quality. SAS-17400 Format for list of groups in return attributes conforms
to SAML standards. SAS-16944 Clicking Back button on Passcode prompts takes user
back to user id prompt. SAS-16894 Operator login accepts “+” sign in email
address. SAS-16807 If a user's first or last name is not configured, the login
dialog displays an empty name field instead of a “Null” string. SAS-16271 The
Login screen displays correctly on smaller mobile phones.
PRODUCT LAUNCH RELEASE – 07/05/2017
This is the first release of SafeNet Trusted Access. This release includes the
following features:
* Federated Smart Single Sign-On (SSO) – Provides users with convenient access
to applications by extending their current identity to the cloud and enabling
them to log in to all their cloud applications with a single identity. Users
can authenticate once during a SSO session and be automatically authenticated
for each application that they access during the same session.
* Application Configuration – A simple to use, template-based, user interface
for configuring your applications in STA. Administrators can select a
template that corresponds to the application – or if none exist, use the
Generic Template. Each template includes help configuration information
specific to the application.
Note
The help configuration information associated with each template is currently
provided in a preliminary version that may contain some inaccuracies.
* Access Policies – A Global and (optional) Exception policies enable you to
configure the level of access or authentication requirements that apply,
taking into consideration which application is accessed, by whom, and in
which context.
* Context Conditions – Network and location specific conditions can be
configured in order to specify authentication requirements in relation to the
context of the access request.
* Flexible Authentication – Uses SAS and a variety of software and hardware
credentials, including: Active Directory (domain) passwords, token-based
One-Time Passwords (OTP), Push authentication, SMS, and GrIDsure.
* Logs and Dashboard – Logs of access attempts: whom accessed which
application, when, and through which policy. Displays statistics of access
attempts per policy and application.
KNOWN ISSUES
This table provides a list of the known issues as of the latest release.
Issue Synopsis SAS-48471
Summary: FIDO does not work with Touch ID on Apple Safari for Mac.
Workaround: None
SAS-46238
Summary: The Voice OTP setting incorrectly displays Default when set to Custom.
Workaround: None
SAS-45981
Summary: The Voice OTP settings incorrectly display as Voice Settings and the
French text variant is missing.
Workaround: None
SAS-45865
Summary: The request to send an OTP on the STA login screen does not include
voice as a delivery option.
Workaround: None
SAS-45807
Summary: Voice calls do not distinguish between uppercase and lowercase
characters while delivering an OTP.
Workaround: None
SAS-45806
Summary: The delivery method of the operator making changes in a parent
organization is used to send notifications about changes to a user in a child
organization.
Workaround: None
SAS-39671
Summary: Authentication logs generated in the EU zone between June 8 and June
29, 2020 which contain special characters are missing from the STA Access
console (Access Logs page) and STA Token Management console (Snapshot page). (EU
zone)
Workaround: Affected logs are still available and can be viewed through the
Authentication History Report. This report can be generated from the Reports tab
of the STA Token Management console.
SAS-38988
Summary: When adding a new account in Microsoft Outlook, the STA login window
might be hidden behind the Outlook registration dialog box.
Workaround: Click the STA login window to bring it to the foreground.
SAS-37728
Summary: When an auto-provisioning rule is associated with a group that is
subsequently removed, and a new group is created or renamed with the same name,
the existing auto-provisioning rule will trigger.
Workaround: Delete the auto-provisioning rule or use a different group name.
SAS-37023
Summary: In the user management API, the pagination links (first, prev, self,
last, and next) contain the wrong port, and therefore return a 404 response on
the next get API call. (EU and US zones)
Workaround: Remove the port in the link or change it to 443.
SAS-36946
Summary: SAS IDP returns OIDC claim groups in a comma-separated string.
Workaround: A future release will provide an option to return groups as either a
comma-separated string or a JSON array.
SAS-35952
Summary: When using Internet Explorer to view multiple scenarios under a policy,
the list of scenarios displays incorrectly.
Workaround: Use a different browser.
SAS-35716
Summary: The scroll bar for the STA application policy list is missing.
Workaround: None.
SAS-32974
Summary: If the SafeNet Synchronization Agent is not configured for a virtual
server and the Comms > Authentication Processing > LDAP Sync Agent Settings> Use
Delayed Sync Removal check box is selected, when you use the Delete User API on
a synced user, the user is scheduled for removal but is never removed (even
after the 24-hour period has passed).
Workaround: Clear the Use Delayed Sync Removal check box and delete the user
again.
SAS-30420
Summary: Kerberos authentication fails with IE11. The user is denied access, the
related access event on the STA consoles shows "Failed to collect context data".
Workaround: Add the service provider you're trying to access as a trusted site
in IE11.
SAS-26837
Summary: Email addresses support only ASCII characters.
Workaround: None. A future release will support UTF-8 encoding in email
addresses.
SAS-26833
Summary: Policy cannot be saved if description includes "," or ";" characters.
Workaround: None.
SAS-25595
Summary: When you select the Virtual Servers tab, then select the On-Boarding
tab, and then select the Back button to return to the Virtual Servers tab, an
error page is displayed.
Workaround: None.
SAS-25526
Summary: The Firefox and Safari browsers do not prompt the user to insert a
smart card during certificate-based authentication.
Workaround: Use a different browser or train users to insert a smart card when
it is required for login.
SAS-25524
Summary: With the Internet Explorer browser, the certificate-based
authentication smart card insertion prompt can sometimes be hidden behind the
browser window.
Workaround: Use a different browser or train the user to look for the smart card
dialog window when using the Internet Explorer browser.
SAS-25456
Summary: When using the Chrome browser for certificate-based authentication, the
user is required to enter a valid PIN within one minute or they will time-out.
Workaround: None.
SAS-24733
Summary: Accounts with password set to never expire will show the expiry date as
unavailable.
Workaround: None, will be changed to "Never expire" in a future release.
SAS-22160
Summary: AddUser does not support defining the user's groups during user
creation.
Workaround: Add the user to groups after creating the user using the
AddUserToGroup() function.
SAS-21928
Summary: When uploading application metadata using the generic template, the
value of the Signature Key Name is not set correctly.
Workaround: Update the Signature Key Name to the required value and save.
SAS-21246
Summary: Signing and Encryption certificates are not loading into STA when the
application is configured with the application-provided metadata file and when
the “use” attribute is missing in the “KeyDescriptor” element of the
cryptographic key (or certificate).
Workaround: If a Signing or Encryption certificate is required for the
configuration, verify that the application-provided metadata file includes the
“use” attribute for the provided certificate. If the “use” attribute is missing,
edit the metadata file to include it prior to uploading in STA:
<md:KeyDescriptor use="signing"> or <md:KeyDescriptor use="encryption">.
SAS-20542
Summary: The following messages that result in denied access for the end user
are not logged in SAS: SASIDP_RISK_MANAGER_IS_DOWN;
SASIDP_FAILED_TO_COLLECT_CONTEXT_DATA;
SASIDP_NOT_AUTHORIZED_TO_ACCESS_APPLICATION; and SASIDP_INVALID_USER.
Workaround: None.
SAS-20087
Summary: The error message displayed when configuring a duplicate EntityID is
too generic.
Workaround: Ensure that the EntityID being configured is not a duplicate.
SAS-19505
Summary: Special characters are not accepted in the SAML Return Attributes field
name: Failed to update Application Settings.
Workaround: Do not use special characters in the SAML Return Attributes field
name.
SAS-18653
Summary: In Internet Explorer, help text is not displayed in input boxes on the
Users, Add Application, and Create Policy pages.
Workaround: Click outside the input box to display the help text.
SAS-17067
Summary: Upon uploading an invalid Service Provider certificate, the error
message provided by STA is too generic for the operator to know that the
certificate could not be processed.
Workaround: If upon saving an Application in the STA console, the “Failed to
update Application Settings” message is presented, then verify that you are
using a recent Service Provider certificate (as granted by the SAML Application
or Service Provider).
SAS-16998
Summary: STA operator welcome email can take several hours to arrive.
(Previously listed as ASCO-1910.)
Workaround: None.
SAS-16702 Summary: SAML return attribute groups do not contain parents of nested
groups.
Workaround: None.
SAS-11428
Summary: The first step of SAML authentication with Enhanced User Login is
displayed as a challenge in the Authentication Activity Report.
Workaround: None.
SAS-8174
Summary: In the Token Details panel, the Push OTP state in the Mobile App
section only displays the Push OTP state at the time of token enrollment.
Workaround: None.
SAS-7237
Summary: A group name gets synced to SAS, even if that group name is already
present internally.
Workaround: Avoid using same group name in SAS and LDAP.
SAS-5017
Summary: When adding multiple logging agents in the SAS Console, only the first
agent added receives logging events, even after it is removed.
Workaround:Remove all logging agents, and then re-add only one.
SAS-4827
Summary: User IDs with UTF-8 characters do not display properly.
Workaround: This issue exists in certain versions of Internet Explorer only.
Using another browser will avoid this display issue.
SAS-4766
Summary: Allowing one logging agent host for a Virtual Server allows all logging
agent hosts.
Workaround: None.
SAS-3624
Summary: Customizations to email enrollment messages are not saved after being
modified, reverting to the default values.
Workaround: This issue stems from how certain options are enabled in the SAS
Management Console:
* To customize email messages, you must first set the Customize Email Messages
option to Custom under Comms > Communications > Email Messages.
* To customize the MobilePASS page for self-enrollment, you must clear the Use
Inherit Customizations option under Virtual Servers > Self-Service > Set
Customization Inherit.
* To enable both the custom Self-Enrollment email page (Virtual Servers > Comms
> Communications > Email Messages > Email Message Type: Self-Enrollment) and
the customized MobilePASS page (Virtual Servers > Self-Service > Configure
Self-Enrollment Pages), you must disable the Set Customization Inherit option
under Virtual Servers > Comms > Custom Branding.
SAS-2708
Summary: Error when adding Shibboleth node if DNS/Host URL is unresolvable.
Workaround: None.
SASNOI- 4575
Summary: GrIDsure token policies that have "Use special/symbolic characters"
selected are not working with Shibboleth 3.8.
Workaround: None.
SASIL-3875
Summary: In cases where a user concurrently initiates two SAML authentication
sessions in the same browser: if one of the SAML SP is configured with Enhanced
User Login enabled while the other is configured with Enhanced User Login
disabled, then the Enhanced User Login user experience may not be provided and
authentication may fail. This would only happen if the two SAML authentication
sessions are with different user IDs, or if the second session is initiated
while the first one has not completed authentication.
Workaround: None. This will be fixed in a future release.
SASIL-3326
Summary: Use of Internet Explorer version 8 for SAML authentication provides
incorrect formatting, which results in a degraded user experience.
Workaround: Use a more recent version of Internet Explorer.
Multiple Tickets Summary: The help documentation of some of the application
templates refer to an assignment procedure that does not apply to STA.
Workaround: Ignore the information in the application template help documents
about “Enabling SAML Service in the Identity Provider”.
COMPATIBILITY INFORMATION
SUPPORTED TOKENS
HARDWARE TOKENS
* KT-4, KT-5, RB, eToken PASS time-based, eToken PASS event-based, SafeNet
GOLD, eToken 3410, eToken 3400, CD-1, IDProve 100, SafeNet OTP 110, SafeNet
OTP Display Card
SOFTWARE TOKENS
* MobilePASS+: Clients are available for Android, iOS, and Windows.
* MobilePASS: Clients are available for Android, iOS, BlackBerry, Windows
Desktop, Windows Phone, Windows RT, and Mac OS X.
Refer to the MobilePASS+ and MobilePASS documentation for supported operating
system versions.
* MP-1: SafeNet Trusted Access support for MP-1 tokens software will be phased
out over the next few months, as described in the End-of-Support (EOS)
schedule below. There will be no change in the SMS functionality of the MP-1
token.
After the EOS date, you will no longer be able to enroll software MP-1
tokens, and the application will no longer be available on the app stores.
MP-1 tokens that are already active will continue to work based on the
platform limitations. After the dates specified below, if any issues are
encountered with the token, the end user will be required to enroll one of
the replacement products.
MP-1 will continue to support SMS and should be used in all cases for which a
user requires SMS.
EOS Platform EOS Date Replacement Product MP-1 for iOS September 30, 2017
MobilePASS+ MP-1 for Android December 31, 2017 MobilePASS+ MP-1 for Windows
Desktops June 30, 2018 MobilePASS+ MP-1 for BlackBerry and Mac OS June 30,
2018 MobilePASS 8
For full details on replacement products and all key dates of the EOS
process, please refer to the EOS product announcement here.
SUPPORTED BROWSERS
Note
Safari support applies to only the STA Access Management Console.
* Chrome™ 59 and later
* Firefox® 53 and later
* Microsoft Edge
* Safari 5 and later on iOS
* Safari 10.1 and later on Mac OS
* Internet Explorer 11 and later
Warning
Internet Explorer must be used in native mode and not in compatibility mode with
STA. To ensure that the compatibility mode is not used, ensure that
safenetid.com is not included in the list of websites that are identified for
compatibility view setting. You can control this in the Internet Explorer
browser settings under Compatibility View settings.
SUPPORTED DIRECTORIES
LDAP SQL Active Directory MS-SQL Novell eDirectory 8.x MySQL SunOne 5.x Oracle
SafeNet Trusted Access
© Copyright 2019-2022, Thales Group
+1 410-469-1651 technical.support.dis@thalesgroup.com
* Support
* Customer Release Notes
* Customer Support Portal
* Legal
* End User License Agreement
* Terms of Service
© Copyright 2019-2022, Thales Group
+1 410-469-1651 technical.support.dis@thalesgroup.com
SUGGEST A CHANGE
Thank you! Your suggestion has been submitted.
https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….
There are some errors in your form.
Your Name This field is required
Your Email This field is required
How can we improve this content? This field is required
×
Print
Suggest An Edit
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link
Copy Link