Previous page

Next page

Locate page in Contents

Print this page

Configuring SafeNet

SafeNet Token Management System product provides a high-value of protection via secure tokens which makes it a perfect tool for second-level authentication in Parallels Remote Application Server.

To configure SafeNet:

  1. In the Parallels Remote Application Server console, navigate to the Connection / Second Level Authentication tab.
  2. In the Provider drop-down list, select SafeNet .
  3. C lick the Settings button. The SafeNet Properties dialog opens.

    SLA_SafeNet_Properties.png

  4. On the Connection tab page, enter the valid URL into the OTP Service URL field. To verify that the connection with the OTP Service can be established, click the Check connection button.

    Note: RAS Publishing Agent communicates with the SafeNet Token Management System Server. It is highly recommended to have this behind a firewall for security reasons.

  5. Click the Authentication tab.
  6. In the Mode drop-down list, select how you want your users to be authenticated.

    Mandatory for all users:  Every user using the system must login using two-factor authentication.

    The available modes are:

    • Create token for Domain Authenticated Users : Allows Parallels Remote Application Server to automatically create software tokens for Domain Authenticated Users. Choose a token type from the drop down list. Note that this option only works with software tokens.
    • Use only for users with a SafeNet account : Allows users that do not have a SafeNet account to use the system without having to login using two-factor authentication.
  7. In the TMS Web API URL field, enter the location of the SafeNet API URL.
  8. In the User Repository field, enter the user repository destination.
  9. Click OK to save the values and close the SafeNet Properties dialog.

Configure Exclusion Rules

On the Second Level Authentication tab page, specify the exclusion rules in the Exclusion section.

SLA_Exclusion.png

To exclude a user or a group from second-level authentication:

  1. Select the User/Group exclude list option and click Configure .
  2. Click the Add button and select users and groups to exclude from second-level authentication.

To exclude a client IP address or IP address range from second-level authentication:

  1. Select the Client IP exclude list option and click Configure .
  2. Click the Add button and specify a single IP address or an IP address range.
  3. Click OK and then OK again to save the changes and close the dialogs.

To exclude a client MAC address:

  1. Select the Client MAC Exclude option and click Configure .
  2. Click the Add button and select a client MAC address from the list.

To exclude gateway IP addresses:

  1. Select the Connection to the following Gateway IPs option.
  2. Type a gateway IP address or expand the drop-down list and select one or more IP addresses from the list. Click the plus sign icon to add the available gateways to the list.
  3. Click OK to save the selection close the dialog. The IP addresses will appear in the Connection to the following Gateway IPs edit box.

Parallels Client

In the Parallels Client — New Account Info dialog:

  1. Enter any four digits in the OTP PIN number field (these digits will be required further on in the process).
  2. Enter your email address and then click on OK .
  3. Log into your email account and retrieve the email containing the information you will need to activate your SafeNet authentication. An example of this email is shown below.

    Activation Key: YZQHoczZWw3cBCNo

    Token Serial: 4F214C507612A26A

    Download MobilePASS client from: http://localhost:80/TMSService/ClientDownload/MobilePASSWin.exe

    *Login with domain credentials.

    *Place the attached seed file in the same folder as the MobilePASS client.

    Enter the One-Time Password to log into the Terminal Server Connection.

    Application PIN: 4089

  4. Download the MobilePASS client from the URL provided in the email.
  5. Enter the Activation Key found in the SafeNet email.
  6. Next, input the application PIN found in the email into the MobilePASS PIN field.
  7. Click Generate to generate the eToken number and then click Copy .
  8. Combine the OTP PIN and eToken in this order: OTP + eToken.
  9. Enter this value into the Parallels Client and click OK to log in.