Setup MFA with SafeNet Trusted Access from Thales
  • 09 Sep 2021
  • 1 Minute to read
  • Dark
    Light
  • PDF

Setup MFA with SafeNet Trusted Access from Thales

  • Dark
    Light
  • PDF

To setup the Multi Factor Authentication (MFA) with Thales you need to configure Active directory or Azure AD in Liquit Workspace and Thales. Liquit Workspace and Thales need to be connected through the same identity environment in order to work.

SafeNet Trusted Access

Login to the STA management console.

Create Application

  1. On the STA management console, select the Applications tab.
  2. Click the Add Application icon.

image.png

  1. Select the Generic Template
    a. To change the application name, edit the name in the Display Name field.
    b. In the integration type options, select OIDC.
    c. Set Access Type to Confidential

image.png

image.png

  1. Click Add
  2. Click Next Step
  3. Enter the following information in the STA Setup:
Name Value
ALLOWED FLOW TYPE Authorization code flow
SERVICE LOGIN URL https://workspace.liquit.com
VALID REDIRECT URL https://workspace.liquit.com/api/auth/token/end
USERINFO SIGNATURE ALGORITHM RSA-SHA256
REQUEST SIGNATURE ALGORITHM RSA-SHA256

Use the following User Identity Claims:

Name* Value
email UPN

* fields are case sensitive!

SareNetConfiguration.png

  1. Select Save Configuration
    image.png

Create a Policy to grant Users access to the application

  1. On the STA management console, select the Policies tab, select the Add Policy
  2. Enter a policy name in the New Policy box.
  3. Enter a brief description in the New Policy Description box.
  4. Under Policy Scope, in the Users section, select All Users
  5. In the Applications section, select Any of these Applications
    a. Select the just created application
  6. In the Default Requirements section select Granted
  7. After authenticating with check to boxes at
    image.png
  8. Click Save to save your changes.
    You are done configuring SafeNet Trusted Access

SafeNet Trusted Access documentation URL:
https://help.safenetid.com/operator/Content/Home.htm

OIDC:
https://help.safenetid.com/operator/Content/STA/Apps/AppsOIDC.htm

Policies:
https://help.safenetid.com/operator/Content/STA/Policies/policy_exception.htm

Liquit Workspace

Go to the relevant identity source within the Liquit Workspace that needs to utilize MFA for authenticating within the management interface of Liquit.

  1. On the “Authentication” page of the identity source, enable the “Federated” option and click on "Edit".
  2. Enter the following configuration data for each setting
Liquit Name Thales Value* Default Value
Protocol OAuth 2.0
Client ID Client ID
Client secret Client Secret
Redirect URI https://workspace.liquit.com/api/auth/token/end
Token URI Token end-point URL
Authorization URI Authorization end-point URL
Logout URI Logout end-point URL
Claim attribute upn

* These values are provided from the application in the STA management console


Was this article helpful?