SafeNet's Token Management System provides a high-value of protection using secure tokens, making it a perfect tool for second level authentication in Parallels Remote Application Server.
To get started, open the Remote Application Server console and click Connection in the sidebar. Then click the Second Level Authentication tab.
Choose SafeNet as a provider and click Settings.
To ensure that the OTP Service URL is properly configured and the connection is valid, click Check connection.
The Publishing Agent communicates with the SafeNet Token Management System Server. For greatest security, you should have this behind a firewall. Also, be sure that the OTP Service URL is set correctly.
Mode: Select how you want your users to be authenticated from the following options.
Mandatory for all users: Every user using the system must log in using two-factor authentication.
Create token for Domain Authenticated Users: Allows Remote Application Server to automatically create software tokens for Domain Authenticated Users. Choose a token type from the drop-down list. Note that this option only works with software tokens.
- Use only for users with a SafeNet account: Allows users that do not have a SafeNet account to use the system without having to login using two-factor authentication.
TMS Web API URL: Enter the location of the SafeNet API URL.
User Repository: Enter the user repository destination.
Configure exclusion rules from second level authentication using the following options:
User/Group exclude list: To exclude a user or group from second level authentication, enable this option and click Configure. To exclude a user or group from second level authentication, press Add.
Client IP exclude list: To exclude clients from a specific IP or a range of IPs from second level authentication, enable this option and click Configure. Then click Add to select a client IP or range of IPs.
Client Mac Exclude list: To exclude clients from a specific MAC address from second level authentication, enable Client MAC Exclude list and click Configure. Then click Add to select a client MAC address from the range.
Connection to the following Gateway IPs
Enter Gateway IP addresses you want to exclude from SafeNet.