Set up MFA with SafeNet Trusted Access from Thales
  • 04 Oct 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Set up MFA with SafeNet Trusted Access from Thales

  • Dark
    Light
  • PDF

Article Summary

To set up the Multi-Factor Authentication (MFA) with SafeNet Trusted Access you need to configure Microsoft Active Directory or Microsoft Entra ID (Azure AD) in Liquit Workspace and Thales. Liquit Workspace and Thales need to be connected through the same identity environment to work.

Create an application in STA Access Management

  1. In the STA Access Management console, select the Applications tab.

  2. Click the Add Application or + button.

  3. Select the Generic Template.

image.png

  1. In the Application Details screen that opens, configure the following:
  • In the Display Name field add a name.
  • In the Integration Protocol section select OIDC.
  • For Access Type select Confidential.

image.png

  1. Click Add in the bottom right. The application details panel opens with the Configure tab displayed.
  • In Step 01: Generic Template Setup click Next Step.
  • In Step 2: STA Setup configure the following:

ALLOWED FLOW TYPE Authorization code flow and implicit flow
SERVICE LOGIN URL https://workspace.liquit.com
VALID REDIRECT URL https://workspace.liquit.com/api/auth/token/end
USERINFO SIGNATURE ALGORITHM RSA-SHA256
REQUEST SIGNATURE ALGORITHM RSA-SHA256
In the User Identity Claims section, in the Name field insert an email (note that it is case sensitive) and in the Value field select UPN

SareNetConfiguration.png

  1. Click Save Configuration.
    image.png

For more information about configuring a custom OIDC application, see STA documentation.

Create a policy in STA Access Management to grant users access to the application

  1. In the STA Access Management console, select the Policies tab and then click the + (Add policy) icon.
  2. In the Create Policy window displayed, configure the following:
  • In the New Policy field, enter a name for the new policy.
  • In the New Policy Description field, enter a description for the new policy.
  • Under the Scope section:
    • for Users select All Users.
    • for Applications select Any of these Applications and then enter the application you just created.
  • Under the Decision section:
    • for Access attempts are select Granted.
    • for Authentication methods select Password, Once per session, Allow Integrated Windows Authentication (Kerberos), OTP, Every access attempt.

thales-sta-add-policy.png

  1. Click Save to save your changes.

You are done configuring SafeNet Trusted Access.
For more information about adding a policy, see STA documentation.

Liquit Workspace

  1. In Liquit Workspace, navigate to the relevant identity source that needs to utilize MFA for authenticating.
  2. Open it and go to the Authentication screen.
  3. Enable the Federated option and click edit1x.png Edit.
  4. In the Edit authentication dialog box that opens configure the following:
Liquit NameSTA Value*Default Value
ProtocolOAuth 2.0
Client IDClient ID
Client secretClient Secret
Redirect URIhttps://workspace.liquit.com/api/auth/token/end
Token URIToken end-point URL
Authorization URIAuthorization end-point URL
Logout URILogout end-point URL
Claim attributeupn

* These values are provided from the application in the STA management console.

For more information about SafeNet Trusted Access, see SafeNet Trusted Access documentation or Thales Customer Support Portal.


Was this article helpful?