- 28 Nov 2022
- 1 Minute to read
- Print
- DarkLight
- PDF
Setup MFA with SafeNet Trusted Access from Thales
- Updated on 28 Nov 2022
- 1 Minute to read
- Print
- DarkLight
- PDF
To setup the Multi Factor Authentication (MFA) with Thales you need to configure Active directory or Azure AD in Liquit Workspace and Thales. Liquit Workspace and Thales need to be connected through the same identity environment in order to work.
SafeNet Trusted Access
Login to the STA management console.
Create Application
- On the STA management console, select the Applications tab.
- Click the Add Application icon.
- Select the Generic Template
a. To change the application name, edit the name in the Display Name field.
b. In the integration type options, select OIDC.
c. Set Access Type to Confidential
- Click Add
- Click Next Step
- Enter the following information in the STA Setup:
Name | Value |
---|---|
ALLOWED FLOW TYPE | Authorization code flow |
SERVICE LOGIN URL | https://workspace.liquit.com |
VALID REDIRECT URL | https://workspace.liquit.com/api/auth/token/end |
USERINFO SIGNATURE ALGORITHM | RSA-SHA256 |
REQUEST SIGNATURE ALGORITHM | RSA-SHA256 |
Use the following User Identity Claims:
Name* | Value |
---|---|
UPN |
* fields are case sensitive!
- Select Save Configuration
Create a Policy to grant Users access to the application
- On the STA management console, select the Policies tab, select the Add Policy
- Enter a policy name in the New Policy box.
- Enter a brief description in the New Policy Description box.
- Under Policy Scope, in the Users section, select All Users
- In the Applications section, select Any of these Applications
a. Select the just created application - In the Default Requirements section select Granted
- After authenticating with check to boxes at
- Click Save to save your changes.
You are done configuring SafeNet Trusted Access
SafeNet Trusted Access documentation URL:
https://help.safenetid.com/operator/Content/Home.htm
OIDC:
https://help.safenetid.com/operator/Content/STA/Apps/AppsOIDC.htm
Policies:
https://help.safenetid.com/operator/Content/STA/Policies/policy_exception.htm
Liquit Workspace
Go to the relevant identity source within the Liquit Workspace that needs to utilize MFA for authenticating within the management interface of Liquit.
- On the “Authentication” page of the identity source, enable the “Federated” option and click on "Edit".
- Enter the following configuration data for each setting
Liquit Name | Thales Value* | Default Value |
---|---|---|
Protocol | OAuth 2.0 | |
Client ID | Client ID | |
Client secret | Client Secret | |
Redirect URI | https://workspace.liquit.com/api/auth/token/end | |
Token URI | Token end-point URL | |
Authorization URI | Authorization end-point URL | |
Logout URI | Logout end-point URL | |
Claim attribute | upn |
* These values are provided from the application in the STA management console