SAM 8.0 SP4 User Guide Rev A PDF

SafeNet Authentication Manager (SAM)
Version 8.0 SP4 Revision A
Users Guide
Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate. SafeNet, Inc. is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions. The specifications contained in this document are subject to change without notice. SafeNet and SafeNet Authentication Manager are either registered with the U.S. Patent and Trademark Office or are trademarks of SafeNet, Inc., and its subsidiaries and affiliates, in the United States and other countries. All other trademarks referenced in this Manual are trademarks of their respective owners. SafeNet Hardware Revision Aand/or Software products described in this document may be protected by one or more U.S. Patents, foreign patents, or pending patent applications. Please contact SafeNet Support for details of FCC Compliance, CE Compliance, and UL Notification. Date of publication: August 2012 Last update: Thursday, July 26, 2012 12:47 pm
. / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
Support
We work closely with our reseller partners to offer the best worldwide technical support services. Your reseller is the first line of support when you have questions about products and services. However, if you require additional assistance you can contact us directly at:
Telephone
You can call our help-desk 24 hours a day, seven days a week: USA: 1-800-545-6608 International: +1-410-931-7520
Email
You can send a question to the technical support team at the following email address: support@safenet-inc.com
Website
You can submit a question through the SafeNet Support portal: http://c3.safenet-inc.com/secure.asp
Additional Documentation
The following SafeNet publications are available:

SafeNet Authentication Manager 8.0 SP4 Administrators Guide SafeNet Authentication Manager 8.0 SP4 ReadMe
Table of Contents
Part I: Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 1: SafeNet Authentication Manager Overview . . . . . . . . . . . . . . . . . . . . . . 12
Product Brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Support for your Evolving Authentication Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Extend Strong Authentication to Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Strong Authentication and Credential Management for Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
SafeNet Authentication Manager Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Token Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Associating Your Token with SafeNet Authentication Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Maintaining Your Token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Your Token Password or OTP PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Handling a Forgotten Token Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Handling a Forgotten OTP PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preparing to Take Your Token On-the-Road . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resolving a Lost Token Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Resolving a Lost Token On-the-Road . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 19 20 20 21 22 22 23
Chapter 2: Token Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Token Uses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
Certificate-Based Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 OTP Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Secure Data Storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Hardware Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Software Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

SafeNet eToken Virtual Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MobilePASS Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MobilePASS Messaging Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Registered Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 31 31 32 32
Part II: Self Service Center. . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 3: Self Service Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Self Service Center Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Before Any Tokens are Enrolled . . . . . . . . . . . . Left Panel . . . . . . . . . . . . . . . . . . . . . . . . . Right Panel . . . . . . . . . . . . . . . . . . . . . . . . After Tokens are Enrolled . . . . . . . . . . . . . . . . Left Panel . . . . . . . . . . . . . . . . . . . . . . . . . Right Panel . . . . . . . . . . . . . . . . . . . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . .. .. .. .. .. .. . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . .. .. .. .. .. .. . . . . . . .. .. .. .. .. .. .. .. .. .. .. .. . . . . . . ....... ....... ....... ....... ....... ....... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 36 37 39 40 40
Accessing the Self Service Center Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Installing Software Components for Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Enabling ActiveX Components for Token Enrollment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Installing Client Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Installing SafeNet Authentication Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Installing SafeNet Authentication Manager Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 4: Self Service Center - Token Management . . . . . . . . . . . . . . . . . . . . . . . 67

Updating Your Token Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Changing and Resetting Your Token Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Enabling and Temporarily Disabling Your Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Revoking Your Lost or Damaged Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Replacing or Upgrading Your Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Downloading a SafeNet eToken Rescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Changing and Resetting Your OTP PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Validating Your OTP Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Enrolling a New SafeNet eToken Virtual Temp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Enabling Token OTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Managing Registered Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Viewing Information of a Registered Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Unregistering a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Chapter 5: Self Service Center - User Activities . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Enrolling a New Smartcard or USB Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Enrolling a New OTP Token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Enrolling a New MobilePASS Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Generating an OTP on Your Mobile Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Enrolling a New MobilePASS Messaging Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Enrolling a New SafeNet eToken Virtual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Completing Your Authentication Questionnaire . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Changing Your SafeNet Authentication Manager User Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Part III: Rescue Service Center . . . . . . . . . . . . . . . . . . . . 156

Chapter 6: Rescue Service Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Rescue Service Center Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Accessing the Rescue Service Center Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Chapter 7: Rescue Service Center - Token Activities . . . . . . . . . . . . . . . . . . . . . . 164

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Right Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Retrieving a Response Code to Unlock Your Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Managing Your Lost or Damaged Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Reporting and Temporarily Replacing Your Lost or Damaged Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Replacing Your Token with a New Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Generating an OTP Using Your SafeNet eToken Rescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Enabling and Temporarily Disabling Your Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185 Resetting Your OTP PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 Validating Your OTP Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Chapter 8: Rescue Service Center - Rescue Token Management . . . . . . . . . . . . . . 191

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Right Panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Recovering Your SafeNet eToken Rescue Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194 Replacing Your SafeNet eToken Rescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Closing Your SafeNet eToken Rescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Part IV: SAM Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Chapter 9: SAM Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
SAM Agent Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205 Viewing the SAM Agent Status. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Verifying Your Token Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Downloading a SafeNet eToken Rescue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Part V: Portals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Chapter 10: Authentication Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Using the Authentication Portal to Register a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Authenticating Via the Authentication Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Using the Application to Change Your OTP PIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Chapter 11: MobilePASS Enrollment Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

MobilePASS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Enrolling a MobilePASS Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Enrolling a MobilePASS Messaging Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Chapter 12: MobilePASS Messaging Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

MobilePASS Messaging Token Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Using the MobilePASS Messaging Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Chapter 13: Apple Mobile Device Enrollment. . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Mobile Device Enrollment Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Enrolling a Mobile Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Updating a Mobile Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Chapter 14: eToken Anywhere Enrollment Portal . . . . . . . . . . . . . . . . . . . . . . . . 251

eToken Anywhere Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Using the eToken Anywhere Enrollment Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Enrolling an eToken PRO Anywhere Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 Updating an Enrolled eToken PRO Anywhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Chapter 15: Transaction Signing Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

SafeNet eToken 3500 Token Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 Using the Transaction Signing Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265
10
Introduction
The following chapters provide an overview of the SafeNet Authentication Manager and the SafeNet tokens that it supports.
In this section:
Chapter 1: SafeNet Authentication Manager Overview (page 12) Chapter 2: Token Overview (page 24)
11
SafeNet Authentication Manager Overview
SafeNet Authentication Manager provides a framework of interfaces that enable users to manage their own physical and virtual tokens.
In this chapter:
Product Brief SafeNet Authentication Manager Tasks Token Management
1. SafeNet Authentication Manager Overview / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
12
Product Brief
Support for your Evolving Authentication Needs
SafeNet Authentication Manager is a comprehensive authentication server that allows organizations to implement a future-ready strong authentication strategy for securing local and remote access to numerous corporate resources using a single authentication back-end. Offering extensive management capabilities for SafeNets entire range of OTP, certificate based, and software authentication solutions, secure access to Office 365 and SaaS applications, secure access to network resources for employees using iOS devices, and support for advanced security applications, SafeNet Authentication Manager enables organizations to address their current and evolving secure access needs.
Extend Strong Authentication to Cloud Computing

As enterprises migrate to cloud computing environments and SaaS applications, they face the challenge of ensuring secure and convenient access to core applications and highly confidential resources that no longer reside within the corporate network. SafeNet Authentication Manager addresses this challenge by providing a seamless, consistent strong authentication and SSO experience for enterprise users who need to securely access Office 365 and SaaS applications, such as GoogleApps and SalesForce.com (SFDC).
1. SafeNet Authentication Manager Overview / Product Brief SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
13
Strong Authentication and Credential Management for Mobile Devices

Employees are increasingly using non-IT issued consumer devices to gain access to sensitive corporate and customer data. IT departments are struggling to enforce security policies on these devices, exposing businesses to serious security vulnerabilities in the form of data breaches and unauthorized access. By offering credential life cycle management and over-the-air certificate provisioning for mobile devices, SafeNet Authentication Manager ensures that only authenticated users with a trusted device can access corporate information and applications.
1. SafeNet Authentication Manager Overview / Product Brief SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
14
SafeNet Authentication Manager Tasks

In your SafeNet Authentication Manager configuration, your administrator has defined which tasks you are authorized to perform. The following table lists the SafeNet Authentication Manager tasks that can be performed by users, and the features that can be used to perform each one. Rescue Service Center
Task
Enroll one of the following: Smartcard or USB token OTP token SafeNet eToken Virtual SafeNet eToken Virtual Temp
Self Service Center
SAM Agent
Portal
Enroll an eToken PRO Anywhere token and update its content Enroll a MobilePASS token Enroll a MobilePASS Messaging token Enroll a mobile device Manage registered devices
eToken Anywhere Enrollment Portal
x x
MobilePASS Enrollment Portal MobilePASS Enrollment Portal, MobilePASS Messaging Portal Apple Mobile Device Enrollment
1. SafeNet Authentication Manager Overview / SafeNet Authentication Manager Tasks SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
15
Task
Check that a tokens content is up-to-date Update token content Complete an authentication questionnaire Change a Token Password Change an OTP PIN Reset a Token Password Retrieve a Response Code to unlock a token and reset its Token Password Reset an OTP PIN Upgrade a token by replacing it with a newer model Enable or temporarily disable a token Report and revoke a lost token
Self Service Center

x x x x x x x
In non-Windows environments only
Rescue Service Center
SAM Agent
x
Portal
Authentication Portal
x x x x
x x
16
Task
Replace a lost token with a new token Replace a lost OTP device with a Temp OTP Download a SafeNet eToken Rescue Activate and manage access to a SafeNet eToken Rescue to replace a lost token Validate an OTP token Use a token to sign a transaction
Self Service Center

x
SAM Agent
Portal
x x x x x x
Transaction Signing Portal
17
Token Management
Associating Your Token with SafeNet Authentication Manager
Use the Self Service Center when your administrator tells you to do any of the following:

Enroll a smartcard or USB token Enroll an OTP token Enroll a SafeNet eToken Virtual Enroll a SafeNet eToken Virtual Temp Update your token content Upgrade your token by replacing it with a more advanced device Replace your lost token with a new one
Use the Self Service Center or the MobilePASS Enrollment Portal when your administrator tells you to do any of the following:

Enroll a MobilePASS token Enroll a MobilePASS Messaging token
Use the Self Service Center or the eToken Anywhere Enrollment Portal when your administrator tells you to do the following:
Enroll an eToken PRO Anywhere token
1. SafeNet Authentication Manager Overview / Token Management SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
18
Use the Apple Mobile Device Enrollment when your administrator tells you to do the following:
Enroll an Apple mobile device
Maintaining Your Token

SafeNet Authentication Manager is designed to help ensure that no one else uses your token. Use a SafeNet Authentication Manager service center to do the following:

Update your token content if you suspect that content was deleted Temporarily disable your token if it is misplaced or if it is not needed for an extended period Enable your disabled token when you want to use it again Validate your OTP token if your token has lost its synchronization with the system, and you cannot authenticate using a generated OTP Change your SafeNet Authentication Manager user password if you suspect that someone else has seen it Manage your registered devices
19
Setting Your Token Password or OTP PIN

It is your responsibility to remember your Token Password or OTP PIN. Your SafeNet Authentication Manager configuration may require you to provide it to gain access to your token content. Change your Token Password or OTP PIN if you suspect it has been compromised. The default Token Password is 1234567890, unless your administrator has changed the default. Your SafeNet Authentication Manager configuration may require you to change your Token Password from the default value. Depending on your SafeNet Authentication Manager configuration, your Token Password may be required to meet password quality criteria, such as:

minimum length inclusion or exclusion of lower-case letters, upper-case letters, numerals, and/or special characters disqualification of password values previously used
Setting a complex Token Password provides added security to your token authentication process.
Handling a Forgotten Token Password

If you forgot your Token Password, or if you consecutively entered incorrect password values too many times, you need to unlock your token and set a new password.
20
Depending on your SafeNet Authentication Manager configuration, you can use the Self Service Center to reset your Token Password should you forget it. If your token is locked, and you cannot reset your Token Password, do one of the following:

In a non-Windows environment, use the Self Service Center to unlock your token. Use the Rescue Service Center to enter the Challenge Code displayed in the SafeNet Authentication Client Tools or eToken Network Logon application, and then paste the generated Response Code to the application. Contact your administrator.
Handling a Forgotten OTP PIN

If you forgot your OTP PIN, or if you consecutively entered incorrect values too many times, you need to unlock your OTP profile and set a new OTP PIN. Depending on your SafeNet Authentication Manager configuration, you can use the Self Service Center to reset your OTP PIN should you forget it. If you cannot reset your OTP PIN using the Self Service Center, and your OTP profile is locked, contact your administrator.
21
Preparing to Take Your Token On-the-Road

Before you travel, use the Self Service Center to do the following:
Complete an authentication questionnaire to ensure that you will have access to the Rescue Service Center while you are out of the office. The answers you provide will be used to authenticate you to the Rescue Service Center. Download a SafeNet eToken Rescue, a secure backup of your token content, to ensure that you can request access to a backup of your token content while you are out of the office.
If you already downloaded a SafeNet eToken Rescue, use the SAM Agent to verify that the file is up-todate.
Resolving a Lost Token Locally

If your token is lost or damaged, do the following: a b c Log on to the Self Service Center, and report your lost or damaged token so that it is revoked. Ask your administrator to give you a new token in its place. Log on to the Self Service Center again, and replace your old token with the new one.
22
Resolving a Lost Token On-the-Road

If you are away from your office when your token is lost or damaged, use the Rescue Service Center to do the following (depending on the options available in your SafeNet Authentication Manager configuration):

Report your token as lost or damaged. If you will need to authenticate yourself using an OTP but will not need any other token content, request a Temp OTP to replace your token. If you will need access to your token content and do not have a SafeNet eToken Rescue secure backup file, download a SafeNet eToken Rescue. If you will need access to your token content, activate a downloaded SafeNet eToken Rescue to use as a temporary token replacement. If you do not need a Temp OTP or a SafeNet eToken Rescue, revoke or temporarily disable your token.
23
Token Overview
This chapter describes various types of tokens and their uses.
In this chapter:
Token Uses Hardware Tokens Software Tokens
2. Token Overview / SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.
24
Token Uses
Tokens, also known as authenticators, are used primarily for some or all of the following purposes:

Certificate-Based Authentication OTP Generation Secure Data Storage
Certificate-Based Authentication
A certificate is a signed document approving the identity of the private key on a token. The private key acts as a unique identifier for each user. It enables users to securely access networks or protected websites, or to digitally sign data and transactions, providing proof of authenticity.
OTP Generation
One-Time Password (OTP) authentication is based on a system in which the token and the backend authentication service share a unique algorithm used for generating a sequence of passwords. The OTP value changes each time an OTP is generated. Since the server and the token generate exactly the same passwords in the same sequence, the server can authenticate the user when the tokens OTP value is submitted.
2. Token Overview / Token Uses SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.
25
OTP authentication enables secure access to networks from any computer with an internet connection. By constantly changing the password required for authentication, OTP usage makes it more difficult to gain unauthorized access to restricted resources. OTP authentication does not require a physical token to be connected to the computer.
Secure Data Storage

A token may be used for secure storage of data such as:

User profiles - collections of personal data which identify the user to specific applications Flash memory that can be partitioned into a mass storage allocation and a CD-ROM emulation
2. Token Overview / Token Uses SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.
26
Hardware Tokens
SafeNet Authentication Manager supports a variety of hardware tokens, including:

Smartcards USB tokens OTP tokens
2. Token Overview / Hardware Tokens SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.
27
Software Tokens
A software token is a set of one or more files stored on a general-purpose electronic device, such as a computer, portable drive, or mobile phone. The following software tokens are supported by SafeNet Authentication Manager:

SafeNet eToken Virtual Products MobilePASS Tokens MobilePASS Messaging Tokens Mobile Devices Registered Devices
SafeNet eToken Virtual Products

Depending on the SafeNet eToken Virtual product used, the software authenticator file may be stored on your computer or on a portable drive. The software authenticator is locked to the device and can be used only on the computer or portable drive on which it was enrolled.
2. Token Overview / Software Tokens SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.
28
When you enroll a SafeNet eToken Virtual or SafeNet eToken Virtual Temp on your computer, or, if the SafeNet Authentication Manager SAM Agent is used to download a SafeNet eToken Rescue, the authenticator is saved in your personal Documents folder, in the eTokenVirtual subfolder. Its filename extension is .etvp.
NOTE
A file copied from a SafeNet eToken Virtual product is not usable.
Your SafeNet Authentication Manager configuration may allow you to enroll the following SafeNet eToken Virtual products:
SafeNet eToken Virtual

Can contain the same token content as an eToken NG-OTP device, such as eToken SSO profiles, OTP generation facilities, and certificates Depending on your SafeNet Authentication Manager configuration, can be saved either to your computer, or to an external device Can contain token content similar to an eToken NG-OTP device, but its certificates are valid only for the time period defined by your administrator One SafeNet eToken Virtual Temp can be enrolled for each physical token already enrolled to you Must be saved to your computer Is usable for a limited period of time
SafeNet eToken Virtual Temp

29
SafeNet eToken Rescue
Contains a backup of certain token content, such as Network Logon profiles, OTP generation facilities, and certificates
NOTE
You may need other token content, such as your WSO profiles, while using your SafeNet eToken Rescue. Restore them to your SafeNet eToken Rescue from backup files.
Accessible only through a password that is disclosed when you report your token as lost or damaged Depending on your SafeNet Authentication Manager configuration, can be saved either to your computer, or to an external device Depending on your SafeNet Authentication Manager configuration, can be downloaded using the Self Service Center, the Rescue Service Center, or the SAM Agent Is usable for a limited period of time
To generate an OTP using a SafeNet eToken Virtual product: 1 2 3 If the appropriate SafeNet eToken Virtual authenticator is not connected, browse to its location, right-click the filename, and click Open to define the file to SafeNet Authentication Client. Right-click the SafeNet Authentication Client tray icon, and from the menu, select the appropriate SafeNet eToken Virtual authenticator. Right-click the SafeNet Authentication Client tray icon, and from the menu, select Generate OTP. The Generate OTP window opens.
30
4 5
Click Generate OTP. Depending on your SafeNet Authentication Manager configuration, you may be required to enter the Token Password. Enter the SafeNet eToken Virtual products password. An OTP is generated and displayed. Copy the OTP to your application to authenticate yourself.
6 7
MobilePASS Tokens
Your SafeNet Authentication Manager configuration may allow you to enroll a MobilePASS token. A MobilePASS token is an application that can generate an OTP value for authentication. Install the MobilePASS application on your mobile device to use it as an OTP token that works independently of mobile network connectivity.
MobilePASS Messaging Tokens

Use the MobilePASS Messaging application to receive a generated OTP as an SMS (Short Message Service) message on your mobile device.
31
Mobile Devices
Your SafeNet Authentication Manager configuration may allow you to enroll a mobile device using the Apple Mobile Device Enrollment. This enables your device to access your enterprises network resources.
Registered Devices
Your SafeNet Authentication Manager configuration may allow you to register a device, such as a browser on your personal computer, for authentication to specific applications. After a device has been registered, authenticating from it is simpler and more secure than standard authentication. SafeNet Authentication Manager manages the following information for each device that has been registered:

the browser and operating system details the time of its most recent use for authentication
32
II

Self Service Center
The following chapters describe how to use SafeNet Authentication Managers Self Service Center.
In this section:
Chapter 3: Self Service Center (page 34) Chapter 4: Self Service Center - Token Management (page 67) Chapter 5: Self Service Center - User Activities (page 123)
. / SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.
33
Self Service Center
SafeNet Authentication Managers Self Service Center is a web-based application that enables you to manage many user and token activities.
In this chapter:
Self Service Center Overview Accessing the Self Service Center Main Menu Installing Software Components for Enrollment
3. Self Service Center / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
34
Self Service Center Overview

When you open the SafeNet Authentication Managers Self Service Center window, a list of your enrolled tokens is displayed in the left panel, and a list of options is displayed in the right panel.
NOTE
to the Self Service Center window.
Your SafeNet Authentication Manager configuration determines which options are displayed in the right panel of the Welcome
3. Self Service Center / Self Service Center Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
35
Before Any Tokens are Enrolled

The following is an example of a Self Service Center window where no tokens are enrolled.
Left Panel
The following message is displayed in the left panel of the Self Service Center window, below your user name:
You have no active tokens

36
Right Panel
The right panel may include the following User Account options:
Enrolling a New Smartcard or USB Token Token enrollment adds your smartcard or USB token to the SafeNet Authentication Manager inventory if it is not already there, associates the token with your username, and loads its content with the data you need.
Enrolling a New OTP Token OTP (One-Time Password) token enrollment associates your physical OTP token, which is not a smartcard or a USB token, with your username in the SafeNet Authentication Manager inventory.
Enrolling a New MobilePASS Token MobilePASS token enrollment installs a MobilePASS application on your mobile device, enabling you to generate an OTP on the device.
Enrolling a New MobilePASS Messaging Token MobilePASS Messaging token enrollment enables you to receive a generated OTP as an email message, or as an SMS (Short Message Service) message on your mobile device.
Enrolling a New SafeNet eToken Virtual SafeNet eToken Virtual enrollment enrolls a software token. Depending on your SafeNet Authentication Manager configuration, a SafeNet eToken Virtual is stored as a file on your computer, or on a portable drive.
Completing Your Authentication Questionnaire
37
Before you can authenticate yourself to the Rescue Service Center, you must complete an authentication questionnaire in the Self Service Center. This provides a backup method of identifying yourself in case you lose your token or forget its password when you are out of the office.
Changing Your SafeNet Authentication Manager User Password Users in some SafeNet Authentication Manager environments authenticate to SafeNet Authentication Manager using a user password. Change your user password if you think someone else has seen it.
NOTE
Your SafeNet Authentication Manager configuration determines which options are displayed in the right panel.
38
After Tokens are Enrolled

The following is an example of a Self Service Center window where at least one token is enrolled.
39
Left Panel
A list of the names of your enrolled tokens is displayed in the left panel of the Self Service Center window, below your user name. An image representing the token type is displayed next to each token name. If the tokens status is not Normal, the status is displayed:

Lost Damaged Disabled Revoked
The selected token is highlighted. If you need to perform an action on a different token, select the appropriate token in the left panel before selecting an option in the right panel.
Right Panel
The right panel includes messages relating to the selected token, followed by User Account options. For the list of User Account options, see page 37. The Selected Token options displayed in the right panel may include:
Updating Your Token Content If you accidentally deleted content from your token, or if a warning message is displayed that your token content must be updated, use this option to update it.
Changing and Resetting Your Token Password
40
Change your password if it is about to expire, or if you think someone else has seen it. Depending on your SafeNet Authentication Manager configuration, you may be able to reset your password should you forget it.
Enabling and Temporarily Disabling Your Token Temporarily disable your token if it is misplaced, or if it is not needed for an extended period. If your token is disabled, you must enable it before you can use it again.
Revoking Your Lost or Damaged Token Revoke a lost or damaged token immediately to prevent anyone else from using its content. Replacing or Upgrading Your Token Revoke your token, and load a new one with the same content. Downloading a SafeNet eToken Rescue Prepare a backup of your token content in case you lose your token when you are away from your office and cannot replace it with a new one.
Changing and Resetting Your OTP PIN Change your OTP PIN if you think someone else has seen it. Depending on your SafeNet Authentication Manager configuration, you may be able to reset your OTP PIN should you forget it.
Validating Your OTP Token
41
If you repeatedly generate an OTP without submitting one for authentication, or if the time function of your OTP token has deviated, your OTP token loses its synchronization with the system. You must validate your OTP token so that SafeNet Authentication Manager can authenticate OTPs that are subsequently generated.
Enrolling a New SafeNet eToken Virtual Temp SafeNet eToken Virtual Temp enrollment creates a software token on your computer that can be used for a limited period of time in place of a token that has been enrolled. The SafeNet eToken Virtual Temp is loaded with token content similar to the content loaded on your enrolled physical token.
Enabling Token OTP If you have been using a static Temp OTP value for authentication, cancel the Temp OTP. This strengthens security by requiring a unique OTP generated on your token to be used for authentication.
Managing Registered Devices View the registered information of your device, and unregister your device when you no longer need to use it for authentication.
NOTE
42
Accessing the Self Service Center Main Menu

To access the Self Service Center, you must be logged on to your companys local network. Access to the Self Service Center requires one of the following authentication methods:

The standard Windows user authentication method The authentication method set by your administrator
NOTE
Each company has its own SafeNet Authentication Manager server. This guide uses the name localhost to represent your companys SafeNet Authentication Manager server. When following the steps in the procedure, replace <localhost> with the name of your companys SafeNet Authentication Manager server.
To access the Self Service Center main menu: 1 Open your web browser, and go to http://<localhost>/SAMservice where <localhost> is the name of your companys SafeNet Authentication Manager server.
NOTE
For the website to display properly, ensure that the browsers Text Size is set to Medium. 1 On the browser toolbar, click View. 2 From the dropdown menu, select Text Size > Medium.
Depending on your user store, the Self Service Center Logon window may open.
3. Self Service Center / Accessing the Self Service Center Main Menu SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
43
You may be required to provide logon credentials, such as your Domain, User Name, and Password. You may have an option to select Keep me signed in, which enables you to re-open the Self Service Center within a predefined time period without logging on again.
The Welcome to the Self Service Center window opens.
44
If you have no enrolled tokens, the following message is displayed in the left panel of the Self Service Center window:
You have no active tokens
If you have at least one enrolled token, a list of your tokens is displayed in the left panel of the Self Service Center window, below your user name. The list includes the names of each of your tokens, their representative token images, and their status if not Normal.
45
The selected token is highlighted.

NOTE See Self Service Center Overview on page 35.
4 5
Select a User Account option in the right panel, or select a token in the left panel and select from its Selected Token options. To exit the Self Service Center, close the browser.
46
Installing Software Components for Enrollment

The token enrollment process requires that the following software components be installed on your computer:

Security settings that enable ActiveX components SafeNet Authentication Client SafeNet Authentication Manager Client
Depending on your SafeNet Authentication Manager configuration, you may be authorized to install some or all of these components without the assistance of your administrator.
Enabling ActiveX Components for Token Enrollment

Before enrolling a token, ensure that the browsers security settings are configured to include the SafeNet Authentication Manager service center in your computer's trusted sites zone. To include the SafeNet Authentication Manager service center in your computer's trusted sites zone: 1 2 On your computer, open the Internet Explorer browser. On the toolbar, click Tools, and from the dropdown menu, select Internet Options. The Internet Options window opens.
3. Self Service Center / Installing Software Components for Enrollment SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
47
Select the Security tab. The Security tab opens.
48
4 5
In the Web content zone box, select Trusted sites. Click Sites. The Trusted sites window opens.
49
6 7 8 9
In the Add this website field, enter the URL of the SafeNet Authentication Manager service center. If the SafeNet Authentication Manager service center website URL begins with HTTPS, select Require server verification (https:) for all sites in the zone. Otherwise, clear this option. Click OK until all windows are closed. If your browsers security settings are still not configured to enable ActiveX components for token enrollment, contact your administrator.
50
Installing Client Components

Two client components must be installed on all client computers used for enrolling USB tokens, smartcards, or SafeNet eToken Virtual products:

SafeNet Authentication Manager Client SafeNet Authentication Client
To install a client component on your computer: 1 2 Connect a token to be enrolled. In the Welcome to the Self Service Center window, select an option to enroll a USB token, smartcard, or SafeNet eToken Virtual product. If SafeNet Authentication Client or SafeNet Authentication Manager Client is not installed on your computer, the Enrollment failed window opens.
51
Click the link Click here to install the required components. The Client Components Installation window opens.
Click the appropriate link to download the missing component.

To install SafeNet Authentication Client, see Installing SafeNet Authentication Client on page 53. To install SafeNet Authentication Manager Client, see Installing SafeNet Authentication Manager Client on page 60.
When the missing components have been installed, close the browser window, and reopen the Self Service Center.
52
Installing SafeNet Authentication Client

To install SafeNet Authentication Client on your computer: 1 Open the Client Components Installation window. See Installing Client Components on page 51.
NOTE
Contact your administrator if SafeNet Authentication Client is not installed and the SafeNet Authentication Client download link is not displayed.
Click the link Download SafeNet Authentication Client. The File Download window opens.
53
Click Run. A Security Warning window opens, identifying the name of the program.
Click Run. Depending on your SafeNet Authentication Manager configuration, an installation wizard may be initiated to install SafeNet Authentication Client. The SafeNet Authentication Client Installation Wizard opens.
54
Click Next. The Interface Language window opens.
55
6 7 8
From the dropdown list, select the language in which the SafeNet Authentication Manager screens will appear. If configuration settings are detected from a previous version, you can select Use the existing configuration settings. Click Next. The End-User License Agreement is displayed.
56
Read the license agreement, and select the option, I accept the license agreement. The Installation Type window opens.
10 Click Next.
57
11 Select Standard. Note: IfyouradministratorhasinstructedyoutorunthelegacyBSeccompatibleinstallation,select BSeccompatible. 12 Click Next. The Destination Folder window opens, displaying the default installation folder.
58
13 Click Next to begin the installation. When the installation is complete, the Successfully installed message is displayed.
59
14 Click Finish.
Installing SafeNet Authentication Manager Client

To install SafeNet Authentication Manager Client on your computer: 1 Open the Client Components Installation window. See Installing Client Components on page 51.
60
Click the link Download SafeNet Authentication Manager Client. The File Download window opens.
Click Run. A Security Warning window opens, identifying the name of the program.
61
Click Run. Depending on your SafeNet Authentication Manager configuration, an installation wizard may be initiated to install SafeNet Authentication Manager Client. The SafeNet Authentication Manager Client Installation Wizard opens.
Click Next.
62
The License Agreement is displayed.
6 7
Read the license agreement, and select the option, I accept the license agreement. Click Next. The Destination Folder window opens, displaying the default installation folder.
63
Click Next. The Select Installation Type window opens.
64
Depending on your SafeNet Authentication Manager configuration, you may be required to select the installation type; Select Typical.
NOTE
If your administrator has instructed you to install the legacy Desktop Agent, select Complete.
10 Click Next to begin the installation. When the installation is complete, the Successfully installed message is displayed.
65
11 Click Finish.
66
Self Service Center - Token Management
Use SafeNet Authentication Managers Self Service Center to manage token activities.
In this chapter:
Updating Your Token Content Changing and Resetting Your Token Password Enabling and Temporarily Disabling Your Token Revoking Your Lost or Damaged Token Replacing or Upgrading Your Token Downloading a SafeNet eToken Rescue Changing and Resetting Your OTP PIN Validating Your OTP Token Enrolling a New SafeNet eToken Virtual Temp Enabling Token OTP Managing Registered Devices
4. Self Service Center - Token Management / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
67
Updating Your Token Content

Update your token content for any of the following reasons:

You accidentally deleted content from your token. Your administrator asked you to update your token content. You want to change certain token details. A message was displayed that you should update your token content when one of the following occurred:

You accessed the Self Service Center The SAM Agent determined that your token content must be updated You verified your token content using the SAM Agent
Updating token content is identical to enrolling a new token, except that the token already exists in the SafeNet Authentication Manager inventory. To update your token content: 1 2 Connect the token to be updated. In the Welcome to the Self Service Center window, select the appropriate token, and select Update the token content. The Token Content Update Wizard opens.
4. Self Service Center - Token Management / Updating Your Token Content SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
68
3 4
Click Start. Depending on your SafeNet Authentication Manager configuration, you may be required to enter your Token Password.
Enter the Token Password, and click Submit. 5 Depending on your SafeNet Authentication Manager configuration, you may be required to set a new Token Password.
69
Enter a new Token Password, confirm it, and click Submit.

TIP
It is your responsibility to remember your new Token Password. You must provide it to authenticate yourself when you access your token content.
NOTE
Depending on your SafeNet Authentication Manager configuration, your Token Password may be required to comply with password quality settings, such as: minimum length inclusion or exclusion of lower-case letters, upper-case letters, numerals, and/or special characters disqualification of password values previously used
The Set Token Name window opens.

70
You may change the token name. In this example, the token name is changed to Sarahs OTP Token.
TIP
If you have more than one token, we recommend assigning each one a unique token name.
71
7 8
Click Submit. Depending on your SafeNet Authentication Manager configuration, you may need to do any of the following:

Enter a certificate password. If you are enrolling an OTP token, set a new OTP PIN. Enter and confirm your user password.
Click Submit.
72
TIP
It is your responsibility to remember your new OTP PIN. You must provide it to authenticate yourself when you use your OTP.
When the enrollment is completed, the following information is displayed:

an Enrollment successfully completed message the token name other details
10 Click Back to main menu to return to the Welcome to the Self Service Center window.
73
Changing and Resetting Your Token Password

Change your password if it is about to expire, or if you think someone else has seen it. Depending on your SafeNet Authentication Manager configuration, you may be able to reset your password if you forgot it. To change or reset your Token Password: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Change or reset the Token Password. The Change Token Password window opens.
4. Self Service Center - Token Management / Changing and Resetting Your Token Password SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
74
Do one of the following:

To change your Token Password, complete the Current Password field. If your SafeNet Authentication Manager is configured to allow password reset, you can select I forgot my password.
Enter a new Token Password, confirm it, and click Start.

TIP
NOTE
A Password successfully changed message is displayed.
75
Click Back to main menu to return to the Welcome to the Self Service Center window.
76
Enabling and Temporarily Disabling Your Token

For security reasons, you should temporarily disable your token if it is misplaced, or if it is not needed for an extended period. If your token is disabled, you must enable it before you can use it again. To temporarily disable a token: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Temporarily disable the token. Options are displayed to confirm your request.
Select Yes. Disable the token. The token is marked as disabled, and a Token successfully disabled message is displayed.
4. Self Service Center - Token Management / Enabling and Temporarily Disabling Your Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
77
To enable a token: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Enable the disabled token. The token is enabled, and a Token successfully enabled message is displayed.
4. Self Service Center - Token Management / Enabling and Temporarily Disabling Your Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
78
Revoking Your Lost or Damaged Token

For security reasons, you should report a lost or damaged token as soon as possible. A token that is reported as lost or damaged is marked as Revoked in the SafeNet Authentication Manager inventory. Its certificates, Network Logon profiles, and OTP can never be used again for authentication. The information you provide when revoking your token is reported to your administrator. If you already have a replacement token, and your token is not an OTP token, follow the instructions for replacing a lost or damaged token, instead of this section. See Replacing or Upgrading Your Token on page 90.
NOTE
When a revoked token is replaced, new certificates, Network Logon profiles, and OTP generation replace those on the revoked token. Depending on your SafeNet Authentication Manager configuration, some certificates from your revoked token are also loaded onto your new one.
Depending on your SafeNet Authentication Manager configuration, you may download and activate a SafeNet eToken Rescue, a secure backup file on your computer or external device, to use in place of the reported token. For more information about SafeNet eToken Rescue tokens, see Chapter 2: SafeNet eToken Rescue, on page 30.
4. Self Service Center - Token Management / Revoking Your Lost or Damaged Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
79
To revoke a lost or damaged token: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Report the token as lost or damaged. The Report a Lost or Damaged Token window opens.
80
Select one of the following:

My token is lost My token is damaged
3 4 5
In the box, type a detailed reason for revoking your token. Select Revoke the token. Depending on your SafeNet Authentication Manager configuration, you may be able to select Download and activate a new SafeNet eToken Rescue to use in place of the reported token. If you requested the activation of a SafeNet eToken Rescue, a prompt appears asking for the maximum number of days that you need to use it.
81
Enter the number of days that you need the SafeNet eToken Rescue to be functional.
NOTE
A SafeNet eToken Rescue provides a lower level of security than a standard token. We recommend limiting its use to the number of days needed to acquire a new physical token.
Click Submit.
82
If you did not request to download a SafeNet eToken Rescue, a Revoke successfully completed message is displayed.
Click Back to main menu to return to the Welcome to the Self Service Center window. In the left panel, the revoked token is marked as Lost or Damaged. Only one Selected Token option is displayed, allowing you to replace the token.
83
10 If you requested to download a SafeNet eToken Rescue, the following is displayed:

a Revoke successfully completed message the SafeNet eToken Rescue expiration date the SafeNet eToken Rescue password
84
11 Do the following: a Write down the SafeNet eToken Rescue password, and save it in a safe place.
NOTE
It is your responsibility to remember your SafeNet eToken Rescue password. You may need to provide it to gain access to your SafeNet eToken Rescue content. After your SafeNet eToken Rescue is opened, use the SafeNet Authentication Client Tools application to change the password to one that you can remember, yet no one else can know.
85
Click the link Click here to download your SafeNet eToken Rescue file. The File Download window opens.
86
Click Save. The Save As window opens.
87
Select a location on your computer or external device to store the SafeNet eToken Rescue, and click Save. The SafeNet eToken Rescue is saved, and the Download Complete window opens.
Click Open to define the file to SafeNet Authentication Client. The SafeNet eToken Rescue is connected.
Click OK to close the dialog box. The SafeNet eToken Rescue is saved to your computer or external device.
88
Click Back to main menu to return to the Welcome to the Self Service Center window. The following is displayed:

In the left panel, the revoked token is marked as SafeNet eToken Rescue. At the top of the right panel, a warning message displays when the token will expire. In the Selected Token area, options for the SafeNet eToken Rescue are displayed. See Self Service Center - User Activities on page 123.
89
Replacing or Upgrading Your Token

This section describes how to:

Replace a lost or damaged token with a new one Upgrade an outdated token by replacing it with a new model a b c d If your old token is not revoked, SafeNet Authentication Manager revokes it. The new token is added to the SafeNet Authentication Manager inventory if it is not already there. The new token is associated with your username. The new token is enrolled and loaded with the appropriate content to replace your revoked token. Depending on your SafeNet Authentication Manager configuration, this content may include:

When you replace or upgrade a token, the following steps take place:
Certificates Network Logon profiles OTP generation
NOTE
Restore other token content, such as WSO profiles, from backup files.
4. Self Service Center - Token Management / Replacing or Upgrading Your Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
90
To replace or upgrade a non-USB OTP token: 1 2 Revoke your old OTP token. See Revoking Your Lost or Damaged Token on page 79. Enroll your new OTP token. See Enrolling a New OTP Token on page 133.
To replace or upgrade a token: 1 2 3 Connect the new token, and disconnect all others. In the Welcome to the Self Service Center window, select the appropriate token, and select Replace or upgrade the token. If the old token has not yet been revoked, the Replace or Upgrade Token window opens.
91
If you are upgrading a token, select Upgrade your token to a new one, and click Submit. If you are replacing a token, do the following: Select one of the following:

Report and replace your lost token Report and replace your damaged token
b c
In the box, type a detailed reason for revoking your token. Select Yes, revoke the token, and click Submit.
92
A wizard opens.
If you are replacing a token, the Replace Token Wizard opens.
If you are replacing a SafeNet eToken Virtual, you may be required to select the location of the new SafeNet eToken Virtual:

This computer Portable drive
NOTE
The portable drive must be connected.
If you are upgrading a token, the Token Upgrade Wizard opens.
93
5 6
Click Start. Depending on your SafeNet Authentication Manager configuration, you may be required to enter the Token Password of the new token.
Enter the default Token Password used in your company, and click Submit.
NOTE
The default Token Password is 1234567890, unless your administrator has changed the default.
94
Depending on your SafeNet Authentication Manager configuration, a warning may be displayed that the token is about to be initialized.
Select Yes. Continue with the enrollment. 8 Depending on your SafeNet Authentication Manager configuration, you may be required to set a new Token Password.
95
Enter a Token Password that is different from the tokens previous Token Passwords, confirm it, and click Submit.
TIP
NOTE
96
The Set Token Name window opens, displaying the default token name defined in your SafeNet Authentication Manager configuration.
10 You may change the token name. In this example, the token name is changed to Sarahs OTP Token.
97
TIP
11 Click Submit. 12 Depending on your SafeNet Authentication Manager configuration, you may need to do any of the following:

98
13 Click Submit.
TIP
14 When the enrollment is completed, the following information is displayed:

99
NOTE
Content on page 68.
If the details displayed are incorrect, you can change them by updating the token content. See Updating Your Token
15 Click Back to main menu to return to the Welcome to the Self Service Center window.
100
Downloading a SafeNet eToken Rescue

You can save your token content to a SafeNet eToken Rescue, a secure backup file on your computer or external device. A SafeNet eToken Rescue is a SafeNet eToken Virtual product that can be activated for use as a temporary token replacement if your token is lost or damaged. Download a SafeNet eToken Rescue file each time you leave on a trip so that the most up-to-date token content is backed up and available to you. If your token is lost or damaged when you are away from your office, contact your administrator, or use the Rescue Service Center to report your lost token and to activate your SafeNet eToken Rescue. Then use your SafeNet eToken Rescue as you would use your physical token. For more information about SafeNet eToken Rescue tokens, see Chapter 2: SafeNet eToken Rescue, on page 30. To download a SafeNet eToken Rescue: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Download a SafeNet eToken Rescue in case the token becomes lost. A SafeNet eToken Rescue successfully created message is displayed.
4. Self Service Center - Token Management / Downloading a SafeNet eToken Rescue SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
101
Click the link Click here to download the SafeNet eToken Rescue file. The File Download window opens.
102
Select a location on your computer or external device to store the SafeNet eToken Rescue, and click Save. The SafeNet eToken Rescue is saved, and the Download Complete window opens.
103
Click Open to define the file to SafeNet Authentication Client. The SafeNet eToken Rescue is connected.
6 7
Click OK to close the dialog box. Click Back to main menu to return to the Welcome to the Self Service Center window.
104
Changing and Resetting Your OTP PIN

Change your OTP PIN if you think someone else has seen it. Depending on your SafeNet Authentication Manager configuration, you may be able to reset your OTP PIN if you forgot it. To change or reset your OTP PIN: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Change or reset the OTP PIN. The Change OTP PIN window opens.
4. Self Service Center - Token Management / Changing and Resetting Your OTP PIN SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
105

To change your OTP PIN, complete the Current PIN field. If your SafeNet Authentication Manager is configured to allow OTP PIN reset, you can select I forgot my PIN.
Enter a new OTP PIN, confirm it, and click Start. An OTP PIN successfully changed message is displayed.
4. Self Service Center - Token Management / Changing and Resetting Your OTP PIN SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
106

If you repeatedly generate an OTP without submitting one for authentication, or if the time function of your OTP token has deviated, your OTP token loses its synchronization with the system. You must validate your OTP token so that SafeNet Authentication Manager can authenticate a subsequentlygenerated OTP. To validate your OTP token: 1 In the Welcome to the Self Service Center window, select the appropriate token, and select Validate the OTP token. The Validate OTP Token window opens.
Use your OTP token to generate an OTP value.
4. Self Service Center - Token Management / Validating Your OTP Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
107
Depending on your SafeNet Authentication Manager configuration, enter one of the following into the OTP Value field:

OTP value generated on your token OTP value generated on your token, preceded or followed by your OTP PIN OTP value generated on your token, preceded or followed by your Windows password
4 5
Click Submit. You may be requested to repeat step 2 through step 4 one or more times.
TIP
You may need to wait until the previous OTP value fades from the token display before attempting to generate a new OTP value.
6 7
An OTP validation successfully completed message is displayed. Click Back to main menu to return to the Welcome to the Self Service Center window.
4. Self Service Center - Token Management / Validating Your OTP Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
108
Enrolling a New SafeNet eToken Virtual Temp

SafeNet eToken Virtual Temp enrollment creates a software token on your computer that can be used temporarily in place of an enrolled token. For more information, see Chapter 2, SafeNet eToken Virtual Products, on page 28. To enroll a new SafeNet eToken Virtual Temp: 1 2 Disconnect all tokens. In the Welcome to the Self Service Center window, select the token to be temporarily replaced by a SafeNet eToken Virtual Temp, and select Enroll a new SafeNet eToken Virtual Temp.
4. Self Service Center - Token Management / Enrolling a New SafeNet eToken Virtual Temp SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
109
The SafeNet eToken Virtual Temp Enrollment Wizard opens.
110
3 4
Click Start. Depending on your SafeNet Authentication Manager configuration, you may be required to set a new Token Password.
111

TIP
NOTE
You may change the SafeNet eToken Virtual Temp name. In this example, the token name is changed to My Temp Token.
112
TIP
7 8

113
Click Submit.
TIP
When the enrollment is completed, the following information is displayed:

114
10 Click Back to main menu to return to the Welcome to the Self Service Center window. The name of the enrolled token is displayed in the left panel.
115
Enabling Token OTP

If you have been using a static Temp OTP value for authentication, you can return to using OTPs generated on your token. To require future authentication attempts to use a token-generated OTP, and not the Temp OTP: 1 In the Welcome to the Self Service Center window, select Enable Token OTP. The Enable Token OTP window opens.
Click Start. The Temp OTP is cancelled, and the token OTP is enabled. A message confirms that use of the Temp OTP is cancelled.
4. Self Service Center - Token Management / Enabling Token OTP SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
116
4. Self Service Center - Token Management / Enabling Token OTP SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
117
Managing Registered Devices

Depending on your SafeNet Authentication Manager configuration, you may be able to register your device during an authentication request. See Using the Authentication Portal to Register a Device on page 216. Registering your device will do the following:

simplify future authentication requests enable you to view information about the registered device, including its most recent authentication use
SafeNet Authentication Manager manages the information of devices that have been registered. Use the Self Service Center to view registered device information, and to unregister your device.
4. Self Service Center - Token Management / Managing Registered Devices SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
118
Viewing Information of a Registered Device

To view a registered devices information: 1 In the Welcome to the Self Service Center window, select the name of your registered device.
Click Display Information. The following details of the registered device are displayed:

browser and operating system most recent use for authentication
119
3 4
If you think any of the information is incorrect, contact your administrator. Click Back to main menu to return to the Welcome to the Self Service Center window.
120
Unregistering a Device
To unregister the device: 1 In the Welcome to the Self Service Center window, select the name of your registered device.
Click Unregister the device.
121
Click Unregister. The device is no longer registered for authentication requests.
122
Self Service Center - User Activities
Use SafeNet Authentication Managers Self Service Center to manage user activities.
In this chapter:
Enrolling a New Smartcard or USB Token Enrolling a New OTP Token Enrolling a New MobilePASS Token Enrolling a New MobilePASS Messaging Token Enrolling a New SafeNet eToken Virtual Completing Your Authentication Questionnaire Changing Your SafeNet Authentication Manager User Password
5. Self Service Center - User Activities / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
123
Enrolling a New Smartcard or USB Token

Your administrator may ask you to enroll your new smartcard or USB token yourself. When you enroll a token, the following steps take place: a b c The token is added to the SafeNet Authentication Manager inventory if it is not already there. The token is associated with your username. The token is loaded with the data you need.
To enroll a new smartcard or USB token: 1 In the Welcome to the Self Service Center window, select Enroll a new smartcard or USB token.
NOTE
If a required software component is not installed on your computer, the Enrollment failed window opens during the attempted enrollment. For more information, see Chapter 3, Installing Software Components for Enrollment, on page 34
The Token Enrollment Wizard opens.
5. Self Service Center - User Activities / Enrolling a New Smartcard or USB Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
124
2 3
Connect the token to be enrolled, and click Start. Depending on your SafeNet Authentication Manager configuration, you may be required to enter the Token Password.
Enter the default Token Password used in your company, and click Submit.
NOTE
125
Depending on your SafeNet Authentication Manager configuration, a warning may be displayed that the token is about to be initialized.
Select Yes. Continue with enrollment. 5 Depending on your SafeNet Authentication Manager configuration, you may be required to set a new Token Password.
126
Enter a Token Password that is different from the tokens previous Token Passwords, confirm it, and click Submit.
TIP
NOTE
127
The Set Token Name window opens, displaying the default token name defined in your SafeNet Authentication Manager configuration.
You may change the token name. In this example, the token name is changed to Sarahs OTP Token.
128
TIP
8 9

129
10 Click Submit.
TIP

130
NOTE
If the details displayed are incorrect, you can change them by updating the token content. See Updating Your Token Content on page 68.
131
13 Select an option from the right panel, or close the browser to exit the Self Service Center.
132
Enrolling a New OTP Token

Physical tokens that are not smartcards or USB-compatible tokens can be used to generate an OTP (One-Time Password) for authentication to your application. Your administrator may have enrolled your new OTP token before giving it to you, or you may be asked to enroll it yourself. OTP token enrollment associates your OTP device with your username in the SafeNet Authentication Manager inventory. To enroll a new non-USB OTP token: 1 Have your OTP device in front of you so that you can identify the serial number printed on the label of the OTP device case. If the printed serial number is not readable, contact your administrator. 2 In the Welcome to the Self Service Center window, select Enroll a new OTP token. The OTP Token Enrollment window opens.
5. Self Service Center - User Activities / Enrolling a New OTP Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
133
3 4
In the OTP Token Serial Number field, enter the serial number printed on the label of your OTP device case. Depending on your SafeNet Authentication Manager configuration, you may be required to set a new OTP PIN, and confirm it.
TIP
5 6
Click Submit. The enrollment process begins. Your OTP token is enrolled in SafeNet Authentication Manager, and a Process successfully completed message is displayed.
134
135
Enrolling a New MobilePASS Token

Enroll a MobilePASS token to generate an OTP on your mobile device without the need for a physical token. The token works independently of mobile network connectivity. To enroll a new MobilePASS token for your mobile device: 1 At the bottom of the left panel in the Welcome to the Self Service Center window, click Downloads. The Download Links window opens.
Click Open MobilePASS applications download page. The SafeNet website opens to the MobilePASS Authenticators Download Page.
5. Self Service Center - User Activities / Enrolling a New MobilePASS Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
136
Use the link on the SafeNet website to download and install the appropriate MobilePASS application to your mobile device. An Activation Code may be displayed on your mobile device. You will need to enter it in step 9. In the Download Links window, click Back to main menu. In the Welcome to the Self Service Center window, select Enroll a new MobilePASS token. The Token Name window opens, displaying the default MobilePASS token name defined in your SafeNet Authentication Manager configuration.
4 5
6 7
You may change the token name. Click Submit. The Activation Code window opens.
137
8 9
If a MobilePASS Policy string is displayed, copy it to your mobile device, and click Continue on your mobile device to generate an Activation Code. Enter the Activation Code displayed on your mobile device, and click Submit.
10 Depending on your SafeNet Authentication Manager configuration, you may be required to enter an OTP PIN. If so, Enter a new OTP PIN, confirm it, and click Submit.
TIP
11 The MobilePASS token successfully enrolled window opens.
138
12 Click Back to main menu to return to the Welcome to the Self Service Center window. 13 Continue the activation process on your mobile device. This includes setting a MobilePASS PIN for your mobile device.
Generating an OTP on Your Mobile Device

After the MobilePASS application is installed, use your mobile device to generate an OTP. To generate an OTP on your mobile device: 1 2 3 On your mobile device, open the MobilePASS application. A prompt is displayed requesting your MobilePASS PIN. Enter your mobile devices MobilePASS PIN. Generate an OTP.
139
The generated OTP is displayed for a limited period of time. 4 Use the generated OTP, together with the OTP PIN or Windows password if required, to authenticate to the application.
140
Enrolling a New MobilePASS Messaging Token

Enroll a MobilePASS Messaging token to enable the system to send generated OTP passcodes on demand to your mobile device or email address. To enroll a new MobilePASS Messaging token: 1 In the Welcome to the Self Service Center window, select Enroll a new MobilePASS Messaging token. The SMS Token Enrollment window opens, displaying the mobile phone number that is defined for you in the SafeNet Authentication Manager user store.
To use a different mobile phone number, enter the required number in the Your Mobile Phone
Number field and click the Use For Messaging field.

5. Self Service Center - User Activities / Enrolling a New MobilePASS Messaging Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
141
3 4
Click Confirm. An OTP passcode value is sent as a message to the mobile phone number. Depending on your SafeNet Authentication Manager configuration, you may be required to set an OTP PIN.
Enter an OTP PIN, confirm it, and click Submit.

TIP
The Please enter the OTP window opens.
142
Enter the OTP value. Depending on your SafeNet Authentication Manager configuration, you may be required to enter the OTP value preceded or followed by your OTP PIN or Windows password.
Click Verify. The Messaging token successfully enrolled window opens.
143
Enrolling a New SafeNet eToken Virtual

SafeNet eToken Virtual enrollment creates a software token on your computer or portable drive. For more information, see Chapter 2, SafeNet eToken Virtual Products, on page 28. To enroll a new SafeNet eToken Virtual: 1 2 Disconnect all tokens. In the Welcome to the Self Service Center window, select Enroll a new SafeNet eToken Virtual.
NOTE
If a required software component is not installed on your computer, the Enrollment failed window opens during the attempted enrollment. For more information, see Chapter 3, Installing Software Components for Enrollment, on page 47.
The SafeNet eToken Virtual Enrollment Wizard opens.
5. Self Service Center - User Activities / Enrolling a New SafeNet eToken Virtual SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
144
Depending on your SafeNet Authentication Manager configuration, you may be required to select the location of the new SafeNet eToken Virtual:

This computer Portable drive
NOTE
The portable drive must be connected.
4 5
Click Start. Depending on your SafeNet Authentication Manager configuration, you may be required to set a new Token Password.
145

TIP
NOTE
146
You may change the SafeNet eToken Virtual name. In this example, the token name is changed to Sarahs Virtual Token.
TIP
147
8 9

10 Click Submit.
TIP
148

NOTE
If the details displayed are incorrect, you can change them by updating the token content. See Updating Your Token Content on page 68.
149
13 Select an option from the right panel, or close the browser to exit the Self Service Center.
150
Completing Your Authentication Questionnaire

To identify yourself when you are on-the-road and cannot use your token, your administrator may have prepared an authentication questionnaire for you to complete. Your answers are used as a way to identify yourself to the Rescue Service Center, and to other management functions. The Rescue Service Center provides a solution for situations in which you are out of the office and cannot contact your administrator for help. For more information, see Chapter 6, Rescue Service Center, on page 157. To complete the authentication questionnaire: 1 In the Welcome to the Self Service Center window, select Complete a questionnaire for Rescue Service Center authentication. The Authentication Questionnaire window opens, displaying authentication questions.
5. Self Service Center - User Activities / Completing Your Authentication Questionnaire SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
151
NOTE
Each company defines its own authentication questions. The questionnaire shown is an example.
Answer the questions.

NOTE
When authenticating to the Rescue Service Center, you must provide the same answers you entered in this questionnaire. Questionnaire answers are not case-sensitive.
Click Submit. An Authentication Questionnaire successfully completed message is displayed.
152
153
Changing Your SafeNet Authentication Manager User Password

Depending on your SafeNet Authentication Manager configuration, you may be assigned a SafeNet Authentication Manager user password. To change your SafeNet Authentication Manager user password: 1 In the Welcome to the Self Service Center window, select Change my SafeNet Authentication Manager user password. The Change user password window opens.
Do the following:
5. Self Service Center - User Activities / Changing Your SafeNet Authentication Manager User Password SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
154
a b c
Enter your current SafeNet Authentication Manager user password. Enter a new SafeNet Authentication Manager user password, and confirm it. Click Submit.
NOTE
It is your responsibility to remember your new SafeNet Authentication Manager user password. You must provide it to authenticate yourself to SafeNet Authentication Manager.
Your SafeNet Authentication Manager user password is changed, and the Password changed successfully message is displayed.
5. Self Service Center - User Activities / Changing Your SafeNet Authentication Manager User Password SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
155
III

The following chapters describe how to use SafeNet Authentication Managers Rescue Service Center.
In this section:
Chapter 6: Rescue Service Center (page 157) Chapter 7: Rescue Service Center - Token Activities (page 164) Chapter 8: Rescue Service Center - Rescue Token Management (page 191)
156
SafeNet Authentication Managers Rescue Service Center is a web-based application for users who are away from their office and are unable to use their token due to specific problems.
In this chapter:
Rescue Service Center Overview Accessing the Rescue Service Center Main Menu
6. Rescue Service Center / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
157
Rescue Service Center Overview

The Rescue Service Center provides a solution for situations in which you are out of the office and cannot contact your administrator. Use the Rescue Service Center to perform certain actions which can normally be performed only by an administrator. The Rescue Service Center covers situations in which you need help with your token or SafeNet eToken Rescue, such as:

You forgot your Token Password Your token is damaged or lost You need to temporarily disable your token You need to enable your temporarily disabled token You need access to your downloaded SafeNet eToken Rescue You no longer need your SafeNet eToken Rescue
If your token is an OTP token, you can do the following:

Reset your OTP PIN Validate your OTP token
6. Rescue Service Center / Rescue Service Center Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
158
Accessing the Rescue Service Center Main Menu

You must complete an authentication questionnaire in the Self Service Center before you can use the Rescue Service Center. For more information, see Chapter 5, Completing Your Authentication Questionnaire, on page 151. Access the Rescue Service Center through your companys server.
NOTE
Each company has its own SafeNet Authentication Manager server. This guide uses localhost to represent your companys SafeNet Authentication Manager server. When following the steps in the procedure, replace <localhost> with the name of your companys SafeNet Authentication Manager server.
To access the Rescue Service Center main menu: 1 Open your web browser, and go to http://<localhost>/SAMRescue where <localhost> is the name of your companys SafeNet Authentication Manager server.
NOTE
For the website to display properly, ensure that the browsers Text Size is set to Medium. 1 On the browser toolbar, click View. 2 From the dropdown menu, select Text Size > Medium.
The Welcome to the Rescue Service Center authentication window opens.
6. Rescue Service Center / Accessing the Rescue Service Center Main Menu SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
159
Enter your username, type the text shown in the picture, and click Submit.
NOTE
The text is not case-sensitive.
The User Authentication window opens, displaying questions you answered in the Self Service Center.
160
NOTE
Each company defines its own authentication questions. The questionnaire shown is an example.
Enter the same responses you provided to the Self Service Center, and click Submit.
NOTE
The answers are not case-sensitive.
When the answers are authenticated, The Welcome to the Rescue Service Center options window opens.
161
If you have no enrolled tokens, the following message is displayed at the top of the Rescue Service Center window:
No tokens found You do not have any enabled tokens.
If you have at least one enrolled token, a list of your tokens is displayed in the left panel of the Rescue Service Center window, below your user name. The list includes the names of each of your tokens, their representative token images, and their status if not Normal. The selected token is highlighted.
Select the appropriate token in the left panel, and select an option from the right panel.
NOTE
162
To exit the Rescue Service Center, click Log Off in the left panel.
163
Rescue Service Center - Token Activities
Use SafeNet Authentication Managers Rescue Service Center to manage token activities when you are away from your office and are unable to use your token due to specific problems.
In this chapter:
Main Menu Retrieving a Response Code to Unlock Your Token Managing Your Lost or Damaged Token Enabling and Temporarily Disabling Your Token Resetting Your OTP PIN Validating Your OTP Token
7. Rescue Service Center - Token Activities / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
164
Main Menu
Unless the token selected in the Welcome to the Rescue Service Center window is a SafeNet eToken Rescue, some or all of the following options are displayed.
Right Panel
The options displayed in the right panel may include:
Retrieving a Response Code to Unlock Your Token Complete the process of unlocking a token whose Token Password has been forgotten. Managing Your Lost or Damaged Token
7. Rescue Service Center - Token Activities / Main Menu SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
165
Report a lost or damaged token so that it cannot be used by anyone else, and optionally arrange for a temporary replacement.
Enabling and Temporarily Disabling Your Token Temporarily disable your token if it is misplaced, or if it is not needed for an extended period. If your token is disabled, you must enable it before you can use it again.
Resetting Your OTP PIN Reset your OTP PIN should you forget it. Validating Your OTP Token If you repeatedly generate an OTP without submitting one for authentication, or if the time function of your OTP token has deviated, your OTP token loses its synchronization with the system. You must validate your OTP token so that SafeNet Authentication Manager can authenticate OTPs that are generated.
NOTE
7. Rescue Service Center - Token Activities / Main Menu SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
166
Retrieving a Response Code to Unlock Your Token

If you forgot your Token Password, or if you consecutively entered an incorrect Token Password too many times, your token becomes locked. Use the Challenge - Response system to do the following:

Unlock your token Set a new Token Password
To unlock your token and set a new Token Password: 1 Select Unlock token in one of the following SafeNet applications:

SafeNet Authentication Client Tools eToken Network Logon
Assign a new Token Password, and follow the Unlock token instructions until a Challenge Code is generated.
TIP
It is your responsibility to remember your new Token Password.
3 4
Log on to the Rescue Service Center. In the Welcome to the Rescue Service Center window, select Unlock the token. The Unlock Token window opens.
7. Rescue Service Center - Token Activities / Retrieving a Response Code to Unlock Your Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
167
Type the 16-character Challenge Code displayed on the Unlock Token window of your application, and click Submit. The Unlock Response Code window opens.
168
6 7
Record the displayed Response Code, or click Copy to clipboard. Enter or paste the 16-character Response Code to the Unlock Token window of your application, and continue with that application.
169
Managing Your Lost or Damaged Token

For security reasons, you should report a lost or damaged token as soon as possible. If your token becomes lost or damaged when you are away from your office, your SafeNet Authentication Manager configuration determines which of the following actions you can do through the Rescue Service Center:
If you do not need your tokens content, set its status as one of the following:

Revoked: Select this option if your token is permanently unavailable to you. Your token can never be used again by anyone. Disabled: Select this option if your token is temporarily unavailable to you. You can use your token again after you enable it.
If you need to replace only the tokens OTP function, request a Temp OTP. A Temp OTP is a static value to use in place of a generated OTP. Its value does not change, and so it provides a low level of security. It is valid for a limited time only.
7. Rescue Service Center - Token Activities / Managing Your Lost or Damaged Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
170
If you need to replace your token content, and you have not downloaded a SafeNet eToken Rescue, download one and activate it. If you need to replace your token content, and you already downloaded a SafeNet eToken Rescue, activate it.
NOTE
A SafeNet eToken Rescue is a secure backup file on your computer or external device. It is used as a temporary token replacement. It is accessible for a limited time only, and only through a password that is disclosed when you report your token as lost or damaged. For more information about SafeNet eToken Rescue tokens, see Chapter 2, SafeNet eToken Rescue, on page 30.
Reporting and Temporarily Replacing Your Lost or Damaged Token

To report your lost or damaged token, and optionally, to temporarily replace it: 1 In the Welcome to the Rescue Service Center window, select Report the token as lost or damaged. The Revoke a lost or damaged token window opens.
171
Select the appropriate answer to What happened to your token?.

My token is lost My token is damaged
172
Depending on your SafeNet Authentication Manager configuration, select one of the options displayed.

I do not need that token again, so I do not need a replacement I want to activate the SafeNet eToken Rescue I already downloaded I want to download and activate a new SafeNet eToken Rescue I want a Temp OTP to replace my OTP
4 5
In the box, type details regarding your request. If you requested an Temp OTP, a prompt appears asking for the Temp OTP expiration date.
173
Enter or select the latest date that you will need the Temp OTP to be functional.
NOTE
A Temp OTP provides a lower level of security than a standard OTP. We recommend limiting its use to the minimum number of days needed to acquire a new physical token.
174
If you requested the activation of a SafeNet eToken Rescue, a prompt appears asking for the maximum number of days that you need to use it.
175
Enter the number of days that you need the SafeNet eToken Rescue to be functional.
NOTE
A SafeNet eToken Rescue provides a lower level of security than a standard token. We recommend limiting its use to the number of days needed to acquire a new physical token.
7 8
Click Submit. If you did not request access to a Temp OTP or a SafeNet eToken Rescue, a Token Revocation Confirmation window opens.
176

To temporarily disable, but not permanently revoke, your lost token, select No, I may still find my token. I want to disable my token only temporarily. To permanently revoke your lost token so that it can never be used again, select Yes, my token is lost or damaged. I want to revoke it. To cancel the request to report your token as lost or damaged, click Back to main menu.
If you selected to revoke your token, the token status is displayed in the Token successfully revoked window.
10 If you requested a Temp OTP, the following Temp OTP information is displayed:

the Temp OTP value to use instead of a generated OTP the Temp OTP expiration date
NOTE
The expiration period of your Temp OTP is determined by your SafeNet Authentication Manager configuration.
177
Write down the Temp OTP value, and save it in a safe place.
TIP
It is your responsibility to remember your new Temp OTP. During authentication, you must provide it in place of a generated OTP.
11 If you requested to download or activate a SafeNet eToken Rescue, the following information is displayed:

the SafeNet eToken Rescue expiration date the SafeNet eToken Rescue password
178
Write down the SafeNet eToken Rescue password, and save it in a safe place.
NOTE
It is your responsibility to remember your SafeNet eToken Rescue password. You may need to provide it to gain access to your SafeNet eToken Rescue content. After your SafeNet eToken Rescue is opened, use the SafeNet Authentication Client Tools application to change the password to one that you can remember, yet no one else can know.
12 If you requested to download a SafeNet eToken Rescue, click the link Click here to download your SafeNet eToken Rescue file. The File Download window opens.
179
13 Click Save. The Save As window opens.
180
14 Select a location on your computer or external device to store the SafeNet eToken Rescue, and click Save. The SafeNet eToken Rescue is saved, and the Download Complete window opens.
181
15 Click Open to define the file to SafeNet Authentication Client. The SafeNet eToken Rescue is connected.
16 Click OK to close the dialog box. The SafeNet eToken Rescue is saved to your computer or external device.
182
Replacing Your Token with a New Token

When you return to your office, do the following: 1 2 3 4 Ask your administrator to give you a new token in place of your lost one. Log on to the Self Service Center through your companys server. If you had access to a Temp OTP or a SafeNet eToken Rescue, revoke your token by selecting Report the token as lost or damaged. Do one of the following actions to replace your revoked token with the new one: t
IfyourtokenisanonUSBOTPdevice,selectEnrollanewOTPtoken. If your token is not an OTP device, select Replace or upgrade the token.
Generating an OTP Using Your SafeNet eToken Rescue

To generate an OTP using a SafeNet eToken Rescue: 1 2 3 If the SafeNet eToken Rescue is not connected, browse to its location, right-click the filename, and click Open to define the file to SafeNet Authentication Client. Right-click the SafeNet Authentication Client tray icon, and from the menu, select the SafeNet eToken Rescue token. Right-click the SafeNet Authentication Client tray icon, and from the menu, select Generate OTP. The Generate OTP window opens.
183
4 5 6
Click Generate OTP. A message appears requesting the Token Password. Enter the SafeNet eToken Rescue password. An OTP is generated and displayed. Copy the OTP to your application to authenticate yourself.
184
Enabling and Temporarily Disabling Your Token

For security reasons, you should temporarily disable your token if it is misplaced, or if it is not needed for an extended period. If your token is disabled, you must enable it before you can use it again. To temporarily disable your token:
In the Welcome to the Rescue Service Center window, select Temporarily disable the token. The token is marked as disabled, and a Token successfully disabled message is displayed.
To enable your token:
In the Welcome to the Rescue Service Center window, select Enable the token. The token is enabled, and a Token successfully enabled message is displayed.
7. Rescue Service Center - Token Activities / Enabling and Temporarily Disabling Your Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
185
7. Rescue Service Center - Token Activities / Enabling and Temporarily Disabling Your Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
186
Resetting Your OTP PIN

Reset your OTP PIN if you forgot it. To reset your OTP PIN: 1 In the Welcome to the Rescue Service Center window, select Reset the OTP PIN. The Change OTP PIN window opens.
Enter a new OTP PIN, confirm it, and click Start. An OTP PIN successfully changed message is displayed.
7. Rescue Service Center - Token Activities / Resetting Your OTP PIN SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
187
7. Rescue Service Center - Token Activities / Resetting Your OTP PIN SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
188

If you repeatedly generate an OTP without submitting one for authentication, or if the time function of your OTP token has deviated, your OTP token loses its synchronization with the system. You must validate your OTP token so that SafeNet Authentication Manager can authenticate a subsequentlygenerated OTP. To validate your OTP token: 1 In the Welcome to the Rescue Service Center window, select Validate the OTP token. The OTP Token Validation window opens.
Use your OTP token to generate an OTP value, enter it in the OTP Value field, and click Submit.
7. Rescue Service Center - Token Activities / Validating Your OTP Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
189
You may be requested to repeat step 2 one or more times.

TIP
You may need to wait until the previous OTP value fades from the token display before attempting to generate a new OTP value.
Click Submit. An OTP validation successfully completed message is displayed.
7. Rescue Service Center - Token Activities / Validating Your OTP Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
190
Rescue Service Center - Rescue Token Management
Use SafeNet Authentication Managers Rescue Service Center to manage activities relating to your SafeNet eToken Rescue token when you are away from the office. For more information about SafeNet eToken Rescue tokens, see Chapter 2, SafeNet eToken Rescue, on page 30.
In this chapter:
Main Menu Recovering Your SafeNet eToken Rescue Password Replacing Your SafeNet eToken Rescue Closing Your SafeNet eToken Rescue
8. Rescue Service Center - Rescue Token Management / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
191
Main Menu
If the token selected in the Welcome to the Rescue Service Center window is a SafeNet eToken Rescue, some or all of the following options are displayed.
Right Panel
The options displayed in the right panel may include:
Recovering Your SafeNet eToken Rescue Password Recover the SafeNet eToken Rescue password that was provided during activation. Replacing Your SafeNet eToken Rescue Download another SafeNet eToken Rescue file to replace one already downloaded.
8. Rescue Service Center - Rescue Token Management / Main Menu SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
192
Closing Your SafeNet eToken Rescue Close your activated SafeNet eToken Rescue when you no longer need it.
8. Rescue Service Center - Rescue Token Management / Main Menu SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
193
Recovering Your SafeNet eToken Rescue Password

If you cannot access your activated SafeNet eToken Rescue because you forgot its password, use the Rescue Service Center to recover the SafeNet eToken Rescue password that was provided during activation.
NOTE
Only the original password can be recovered. If you changed the password, the new password cannot be recovered. You must download a new SafeNet eToken Rescue.
To recover your SafeNet eToken Rescue password: 1 In the Welcome to the Rescue Service Center window, select Send me a new password for the SafeNet eToken Rescue. The following information is displayed:

a SafeNet eToken Rescue password successfully recovered message the SafeNet eToken Rescue expiration date the SafeNet eToken Rescue password
8. Rescue Service Center - Rescue Token Management / Recovering Your SafeNet eToken Rescue Password SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
194
8. Rescue Service Center - Rescue Token Management / Recovering Your SafeNet eToken Rescue Password SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
195
Replacing Your SafeNet eToken Rescue

If you cannot locate the SafeNet eToken Rescue file that you already downloaded, or if you cannot recover its password, download another file.
NOTE
If access to your SafeNet eToken Rescue was already enabled, the expiration date remains the date that was set when it was first activated.
To replace your SafeNet eToken Rescue file: 1 In the Welcome to the Rescue Service Center window, select Replace a lost SafeNet eToken Rescue. The following information is displayed:

a SafeNet eToken Rescue successfully created message the SafeNet eToken Rescue expiration date the new SafeNet eToken Rescue password
8. Rescue Service Center - Rescue Token Management / Replacing Your SafeNet eToken Rescue SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
196
TIP
It is your responsibility to remember your new SafeNet eToken Rescue password. You may need to provide it to gain access to your SafeNet eToken Rescue content.
Click the link Click here to download your SafeNet eToken Rescue file. The File Download window opens.
197
198
Select a location on your computer or external device to store the SafeNet eToken Rescue, and click Save. The Download Complete window opens.
199
Click Open to define the file to SafeNet Authentication Client.
Click OK to close the dialog box.
The replacement SafeNet eToken Rescue is saved to your computer or external device.
200
Closing Your SafeNet eToken Rescue

For security reasons, close your activated SafeNet eToken Rescue when you no longer need it. A SafeNet eToken Rescue can never be used again after it is closed. To close your SafeNet eToken Rescue: 1 In the Welcome to the Rescue Service Center window, select Close the SafeNet eToken Rescue. The Token Revocation Confirmation window opens.
Select Yes, my token is lost or damaged. I will not use it again. A SafeNet eToken Rescue successfully closed message is displayed.
8. Rescue Service Center - Rescue Token Management / Closing Your SafeNet eToken Rescue SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
201
The SafeNet eToken Rescue is closed and can never be used again.
8. Rescue Service Center - Rescue Token Management / Closing Your SafeNet eToken Rescue SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
202
IV
SAM Agent
The following chapter describes how to use SafeNet Authentication Clients SAM Agent.
In this section:
Chapter 9: SAM Agent (page 204)
203
SAM Agent
The SafeNet Authentication Client includes the SAM Agent facility.
In this chapter:
SAM Agent Overview Viewing the SAM Agent Status Verifying Your Token Content Downloading a SafeNet eToken Rescue
9. SAM Agent / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
204
SAM Agent Overview

Depending on your SafeNet Authentication Manager configuration, the SAM Agent facility does the following:

Sends alerts to users when their token content is about to expire or is not up-to-date Enables SafeNet eToken Rescue file downloads Contributes token connection data to produce an Hourly Distribution of Token Connections report for your administrator
9. SAM Agent / SAM Agent Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
205
Viewing the SAM Agent Status

View the SAM Agent status from the SafeNet Authentication Client tray menu. To view the SAM Agent status:
Right-click the SafeNet Authentication Client tray icon, and from the menu, select SAM Agent.
The SAM Desktop Agent Status window opens.
9. SAM Agent / Viewing the SAM Agent Status SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
206
The following information is displayed:
SAM Server

Shows if the SAM Agent is connected to the SAM Server Displays the SAM Agent version number
207
Token Content Verification

Shows if the token content verification feature is enabled Displays the date that the SAM Agent last checked if the token content needed updating Displays the date of the next scheduled token content check Shows if the SafeNet eToken Rescue verification feature is enabled Displays the date that the SAM Agent last checked if the SafeNet eToken Rescue needed updating Displays the date of the next scheduled SafeNet eToken Rescue check
SafeNet eToken Rescue

208
Verifying Your Token Content

During the following events, the system checks if the token content on your connected token needs to be updated:

You access the Self Service Center The SAM Agent performs a scheduled check Depending on your SafeNet Authentication Manager configuration, you can use the SAM Agent to verify your token content
If your token content is found to be out-of-date, a message is displayed. When your token content needs to be updated, we recommend using the Self Service Center to update it as soon as possible. To verify your token content: 1 2 Open the SAM Desktop Agent Status window. See Viewing the SAM Agent Status on page 206. Click Verify Now. The SAM Agent checks if your token content needs to be updated, and a message is displayed.
9. SAM Agent / Verifying Your Token Content SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
209
If a message is displayed that your token content needs to be updated, use the Self Service Center to update it.
9. SAM Agent / Verifying Your Token Content SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
210
Downloading a SafeNet eToken Rescue

You can save your token content to a SafeNet eToken Rescue, a secure backup file on your computer or external device. A SafeNet eToken Rescue is a SafeNet eToken Virtual product that can be activated for use as a temporary token replacement if your token is lost or damaged. Ensure that you have an updated SafeNet eToken Rescue file each time you leave on a trip so that the most up-to-date token content is backed up and available to you. If your token is lost or damaged when you are away from your office, contact your administrator, or use the Rescue Service Center to report your lost token and to activate your SafeNet eToken Rescue. Then use your SafeNet eToken Rescue as you would use your physical token.
NOTE
A SafeNet eToken Rescue is accessible for a limited time only, and only through a password that is disclosed when you report your token as lost or damaged to your administrator or to the Rescue Service Center.
Depending on your SafeNet Authentication Manager configuration, you can use the SAM Agent to verify that you have an up-to-date SafeNet eToken Rescue. If it is not up-to-date, you can manually download an updated SafeNet eToken Rescue. To verify your SafeNet eToken Rescue, and download an updated one: 1 2 Open the SAM Agent Status window. See Viewing the SAM Agent Status on page 206. Click Download Now.
9. SAM Agent / Downloading a SafeNet eToken Rescue SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
211
A new SafeNet eToken Rescue file is downloaded, and a message is displayed.
9. SAM Agent / Downloading a SafeNet eToken Rescue SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
212
Portals
The following chapters describe how to use SafeNet Authentication Managers web-based user portals.
In this section:
Chapter 10: Authentication Portal (page 214) Chapter 11: MobilePASS Enrollment Portal (page 230) Chapter 12: MobilePASS Messaging Portal (page 240) Chapter 13: Apple Mobile Device Enrollment (page 246) Chapter 14: eToken Anywhere Enrollment Portal (page 251) Chapter 15: Transaction Signing Portal (page 263)
213
10

Authentication Portal
To provide a higher level of security, your company may require you to authenticate through an Authentication Portal.
In this chapter:
Introduction Using the Authentication Portal to Register a Device Authenticating Via the Authentication Portal Using the Application to Change Your OTP PIN
10. Authentication Portal / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
214
Introduction
Your SafeNet Authentication Manager configuration may include an Authentication Portal through which you authenticate to selected applications. The Authentication Portal determines which identity information you must provide for each application. You may be required to enter one or more of the following:

your username your network password an Authentication Code which includes a One-Time Password (OTP) that you generate using your enrolled token
NOTE
Depending on your SafeNet Authentication Manager configuration, your Authentication Code may also include your OTP PIN or Windows password.
You may be required to connect a token that contains a valid authentication certificate. The Authentication Portal may include a Single Sign-On (SSO) feature, which allows you to visit other websites, and return to the portal without being required to enter a password again. The SSO may end after a fixed period of time, when the browser is closed, or when you sign out from the portal.
10. Authentication Portal / Introduction SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
215
Using the Authentication Portal to Register a Device

Depending on your SafeNet Authentication Manager configuration, you may be able to register a device, such as a browser on your personal computer, for authentication to specific applications. Authenticating from a registered device is simpler and more secure than standard authentication. If your device has not been registered, an option to register it may be displayed each time you authenticate. See Managing Registered Devices on page 118 to view a registered devices information, and to unregister a registered device.
10. Authentication Portal / Using the Authentication Portal to Register a Device SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
216
Authenticating Via the Authentication Portal

To authenticate using the Authentication Portal: 1 Open your web browser, and browse to the website of the application requiring authentication. The Authentication Portals User Identification window opens.
Enter your username.
10. Authentication Portal / Authenticating Via the Authentication Portal SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
217
NOTE
Select Remember my username to store your username for future authentication requests. The next time you authenticate through the Authentication Portal on this browser, your username will be remembered in this window.
Click OK. If more than one authentication method is enabled, the Authentication Method window opens.
218
Depending on your SafeNet Authentication Manager configuration, you may be able to select one of the following:

OTP Network password Automatic Windows authentication Certificate
Click OK. You may be authenticated to the application, or an Authentication window may open, displaying the username that was entered or stored.
219
Depending on the required authentication method, one of the following windows may open:
OTP
Generate an OTP value, enter it as part of the OTP Authentication Code.
220
NOTE
Users who have messaging tokens can request that a new OTP be sent to their mobile device or email by clicking Send me another OTP passcode in a message. Use this option if an OTP was not sent to your mobile device or email, or if a long interval has passed since you received the OTP.
Depending on your SafeNet Authentication Manager configuration, your Authentication Code may include your OTP PIN or Windows password together with the generated OTP value. ii Depending on your SafeNet Authentication Manager configuration, you may be able to select Register device to provide extra security during future authentication requests.
iii Click OK.
Network password
221
i ii
Enter your network password. Depending on your SafeNet Authentication Manager configuration, you may be able to select Register device to provide extra security during future authentication requests.
222
iii Click Log on.
Network password and OTP
223
i ii
Enter your network password. Generate an OTP value, and enter it as part of the OTP Authentication Code.
NOTE
Users who have messaging tokens can request that a new OTP be sent to their mobile device or email by clicking Send me another OTP passcode in a message. Use this option if an OTP was not sent to your mobile device or email, or if a long interval has passed since you received the OTP.
Depending on your SafeNet Authentication Manager configuration, your Authentication Code may include your OTP PIN or Windows password together with the generated OTP value. iii Depending on your SafeNet Authentication Manager configuration, you may be able to select Register device to provide extra security during future authentication requests. iv Click OK.
Certificate A list may be displayed of the available certificates on the connected token.
NOTE
The token containing the appropriate certificate must be connected.
Do the following: i ii Select the appropriate certificate located on the token. The Token Password window opens. Enter the Token Password, and click OK.
224
Depending on your SafeNet Authentication Manager configuration, the Device Registration window may open. The default value in the Device Name field is based on the name of your computers operating system.
225
Do the following:

Click Dont ask me again if you do not want this browser to automatically open the Device Registration window in the future. To provide extra security during future authentication requests, register the device. i ii You may change the Device Name field to indicate the type of device. Click Register.
NOTE
Registered Devices on page 118.
You can use SAM Self Service Center to the view information about a device that has been registered. See Managing
To go directly to the target application without registering the device, click Skip.
The target website opens.
226
Using the Application to Change Your OTP PIN

Depending on your SafeNet Authentication Manager configuration, your Authentication Code may include your OTP PIN or Windows password together with the generated OTP value. If your Authentication Code does not include an OTP PIN, there is no need to ever open your applications Change Password page. If your SafeNet Authentication Manager configuration requires you to include an OTP PIN in your Authentication Code, you can use your applications Change Password page to change your OTP PIN. To change your OTP PIN using the Authentication Portal: 1 Open the application requiring authentication. See Authenticating Via the Authentication Portal on page 217. The applications website opens. 2 Browse to the applications Change Password facility, and click the Change Password link. The Authentication Portals Change OTP PIN window opens.
10. Authentication Portal / Using the Application to Change Your OTP PIN SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
227
3 4 5
Enter your current OTP PIN. Enter and confirm a new OTP PIN. Click Change.
NOTE
228
The Your OTP PIN has been changed message is displayed. 6 Close the browser window to return to your application.
229
11

MobilePASS Enrollment Portal
Use the MobilePASS Enrollment Portal to enroll MobilePASS and MobilePASS Messaging tokens.
In this chapter:
MobilePASS Overview Enrolling a MobilePASS Token Enrolling a MobilePASS Messaging Token
11. MobilePASS Enrollment Portal / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
230
MobilePASS Overview
The MobilePASS Enrollment Portal can be used to enroll two types of tokens.

MobilePASS token: an application installed on your mobile device that generates an OTP passcode MobilePASS Messaging token: an application that generates an OTP passcode and then sends it, either as an SMS (Short Message Service) to your mobile device, or as a message to your email address
Both token types can be used to generate an OTP (One Time Password) passcode for you each time you need to authenticate yourself to your application.
11. MobilePASS Enrollment Portal / MobilePASS Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
231
Enrolling a MobilePASS Token

Load the MobilePASS application onto your mobile device, and then use the MobilePASS Enrollment Portal to enroll your MobilePASS token.
NOTE
To enroll a MobilePASS token using the MobilePASS Enrollment Portal: 1 On the SafeNet website, browse to the MobilePASS OTP Software Authenticators - Download Page, and click the link to download the appropriate MobilePASS application for your mobile device.
http://www.safenet-inc.com/Support_and_Downloads/MobilePASS_Download_page.aspx
Open your web browser, and go to http://<localhost>/SAMMobile where <localhost> is the name of your companys SafeNet Authentication Manager server.
11. MobilePASS Enrollment Portal / Enrolling a MobilePASS Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
232
The Logon Page opens.
3 4
Enter your Username and Password, and click Submit. The Token Type Selection Page opens. Select MobilePASS Messaging, and click Submit.
233
The Activation Code Page opens.
Open the MobilePASS application on your mobile device, and follow the instructions to activate your MobilePASS. An Activation Code is displayed on your mobile device. On the Activation Code Page, enter the Activation Code displayed on your mobile device, and click Enroll. Depending on your SafeNet Authentication Manager configuration, you may need to set a new OTP PIN.
6 7
234
The OTP PIN window opens. Enter and confirm an OTP PIN, and click Enroll.
TIP
It is your responsibility to remember your new OTP PIN. You must provide it to authenticate yourself when you use an OTP.
The Enrollment Completed Page opens.
To exit the portal, close the browser.
Your MobilePASS token is enrolled. Each time you need to authenticate yourself to your application, use the MobilePASS application on your mobile device to generate an OTP passcode value.
NOTE
Depending on your SafeNet Authentication Manager configuration, you may be required to enter the OTP passcode value together with your OTP PIN or Windows password.
235
Enrolling a MobilePASS Messaging Token

Use the MobilePASS Enrollment Portal to enroll a MobilePASS Messaging token. The token generates OTP passcodes and sends the generated values to you as messages.
NOTE
11. MobilePASS Enrollment Portal / Enrolling a MobilePASS Messaging Token SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
236
To enroll a MobilePASS Messaging token using the MobilePASS Enrollment Portal: 1 Open your web browser, and go to http://<localhost>/SAMMobile where <localhost> is the name of your companys SafeNet Authentication Manager server.
The Logon Page opens.
2 3
Enter your username and password, and click Submit. The Token Type Selection Page opens. Select MobilePASS Messaging, and click Submit.
237
The Mobile Phone Number Selection Window opens.
4 5
Select the required phone number and click Submit. Depending on your SafeNet Authentication Manager configuration, you may need to set a new OTP PIN. The OTP PIN window opens. Enter and confirm an OTP PIN, and click Enroll.
TIP
238
Depending on your SafeNet Authentication Manager configuration, an OTP value to use for verification may be sent as a message to your mobile device or email address, and the Verification Page opens. Enter the OTP value you received, together with any other information requested, and click Confirm.
NOTE
The Enrollment Completed Page opens.
10 To exit the portal, close the browser. Your MobilePASS Messaging token is enrolled. Each time you need to authenticate yourself to your application, use the MobilePASS Messaging Portal to request that an OTP passcode value be sent to you. For more information, see Chapter 12: MobilePASS Messaging Portal, on page 240.
239
12

MobilePASS Messaging Portal
Use the MobilePASS Messaging Portal to request that an OTP passcode be sent to you.
In this chapter:
MobilePASS Messaging Token Overview Using the MobilePASS Messaging Portal
12. MobilePASS Messaging Portal / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
240
MobilePASS Messaging Token Overview

Each user can have one MobilePASS Messaging token enrolled in the SafeNet Authentication Manager. The token does the following: 1 2 Generates an OTP (One-Time Password) passcode to use when you authenticate yourself to your application. Sends the generated passcode value as an SMS (Short Message Service) message to your mobile device, or as a message to your email address.
NOTE
Portal to generate an OTP.
If your enrolled MobilePASS Messaging token is temporarily replaced by a Temp OTP, do not use the MobilePASS Messaging
12. MobilePASS Messaging Portal / MobilePASS Messaging Token Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
241
Using the MobilePASS Messaging Portal

Use the MobilePASS Messaging Portal to request your MobilePASS Messaging token to generate and send an OTP passcode as a message. Use the OTP passcode to authenticate yourself to your application.
NOTE
Depending on your SafeNet Authentication Manager configuration, you may be required to enter the OTP passcode value together with your OTP PIN or Windows password. Depending on your SafeNet Authentication Manager configuration, the MobilePASS Messaging Portal may enroll a new MobilePASS Messaging token for you if you request an OTP passcode and you do not yet have an enrolled MobilePASS Messaging token.
To access the MobilePASS Messaging Portal: 1 Open your web browser, and go to http://<localhost>/SAMMessaging where <localhost> is the name of your companys SafeNet Authentication Manager server. The Passcode Request window opens.
12. MobilePASS Messaging Portal / Using the MobilePASS Messaging Portal SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
242
Enter your username, and click Submit.
243
Depending on your SafeNet Authentication Manager configuration, if you do not have an enrolled MobilePASS Messaging token, one of the following may happen:

The Request Completed Page opens, but an OTP passcode value is not sent to you. An OTP value to use for verification is sent as a message to your mobile device or email address, and the Mobile Selection Number Selection window opens.
4 5
Select the required phone number and click Submit. An OTP passcode value is sent as a message to your mobile device or email address, and the Request Completed page opens.
244
NOTE
Contact your administrator if you did not receive an OTP passcode value as an SMS message to your mobile device, or as a message sent to your email address.
Authenticate yourself to your application using the latest OTP passcode value you received.
NOTE
To exit the portal, close the browser.
245
13

Apple Mobile Device Enrollment
Use the SAM Mobile Device Enrollment Portal to enroll Apple mobile devices, enabling your device to access your enterprises network resources.
In this chapter:
Mobile Device Enrollment Overview Enrolling a Mobile Device Updating a Mobile Device
13. Apple Mobile Device Enrollment / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
246
Mobile Device Enrollment Overview

You can enroll any mobile device that runs Apples iOS mobile operating system. During the enrollment process, your companys policies that were set by the administrator are copied to your device. If your mobile device was already enrolled, the previous policies are replaced when the enrollment process completes.
13. Apple Mobile Device Enrollment / Mobile Device Enrollment Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
247
Enrolling a Mobile Device

Enroll your mobile device using the SAM Mobile Device Enrollment Portal.
NOTE
Each company has its own Mobile Device Enrollment Portal. Your system administrator should tell you how to access your companys website.
To enroll a mobile device using the Apple Mobile Device Enrollment: 1 Ensure that your mobile device has internet access, and follow your companys guidelines for browsing to the SAM Mobile Device Enrollment Portal website. Enter your username and password, and click Submit. The Mobile Device Enrollment Page opens. 3 Click Start.
NOTE
For security reasons, you must click Install within 120 seconds of opening the window. If more than 120 seconds has passed, close the Mobile Device Enrollment Portal webpage and return to step 1, on page 248.
The Logon Page opens. 2
If an error message appears, contact your administrator.
13. Apple Mobile Device Enrollment / Enrolling a Mobile Device SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
248
Depending on your SafeNet Authentication Manager configuration, you may be prompted to enter your personal information, such as:

Username Password Email address
When the enrollment process completes the Enrollment Completed Page opens. 5 Close the Apple Mobile Device Enrollment webpage. A SafeNet Mobile application icon is added to your mobile device Home screen.
13. Apple Mobile Device Enrollment / Enrolling a Mobile Device SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
249
Updating a Mobile Device

Update the content of your mobile device in a new internet session.
NOTE
You must enter your username and password each time you enroll a mobile device.
To update a mobile device: 1 Ensure that your mobile device has internet access, and from the Home screen, tap the SafeNet Mobile icon. The Logon Page opens. 2 Continue from step 2, on page 248.
13. Apple Mobile Device Enrollment / Updating a Mobile Device SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
250
14

eToken Anywhere Enrollment Portal
An eToken PRO Anywhere token is a certificate-based plug-and-play authenticator that requires no client-side installation. Use the eToken Anywhere Enrollment Portal to enroll your eToken PRO Anywhere token.
In this chapter:
eToken Anywhere Overview Using the eToken Anywhere Enrollment Portal Enrolling an eToken PRO Anywhere Device Updating an Enrolled eToken PRO Anywhere
14. eToken Anywhere Enrollment Portal / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
251
eToken Anywhere Overview

The eToken Anywhere solution uses an SSL client certificate to provide secure access to one or more specific websites, without requiring a client installation. To run the solution, connect your eToken PRO Anywhere device to the USB port of any computer with internet access. The required software is downloaded to the computer.
14. eToken Anywhere Enrollment Portal / eToken Anywhere Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
252
Using the eToken Anywhere Enrollment Portal

Use the eToken Anywhere Enrollment Portal to do the following:

Enroll your eToken PRO Anywhere device the first time you use it. Update the content of your enrolled eToken PRO Anywhere device.
14. eToken Anywhere Enrollment Portal / Using the eToken Anywhere Enrollment Portal SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
253
Enrolling an eToken PRO Anywhere Device

Enroll your eToken PRO Anywhere device to load it with certificates for authentication to protected websites. To enroll your eToken PRO Anywhere device: 1 2 Connect your eToken PRO Anywhere device to your computers USB port. Wait until Windows recognizes the device. Depending on your systems configuration, the Loading eToken PRO Anywhere process may begin automatically.
If the Loading eToken PRO Anywhere process does not begin automatically, do the following: a. a b c DoubleclicktheMyComputericononyourcomputer. In the section displaying the connected external devices, right-click ETANY. From the dropdown menu, select Open. Double-click launcher.exe.
The Loading eToken PRO Anywhere process begins. The required software is downloaded to your computer.
14. eToken Anywhere Enrollment Portal / Enrolling an eToken PRO Anywhere Device SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
254
4 5
If your eToken PRO Anywhere device has been enrolled, the protected website opens. Use the certificates enrolled on your token to authenticate yourself to the website. If your eToken PRO Anywhere device has not yet been enrolled, the eToken PRO Anywhere Token Enrollment page opens.
Enter your username and password, and click Submit. The Step 2 window opens.
255
Do not change the Current Token Password field. It contains your eToken PRO Anywhere devices initial Token Password.
NOTE
256
Enter a new Token Password and confirm it.

TIP
NOTE
Depending on your SafeNet Authentication Manager configuration, your Token Password may be required to comply with password quality settings, such as: minimum length inclusion or exclusion of lower-case letters, upper-case letters, numerals, and/or special characters
Click Submit. Your eToken PRO Anywhere device is enrolled with secure certificates for you to use when you authenticate to protected websites.
10 The Thank you window opens.
257
11 Close the browser, and disconnect the eToken PRO Anywhere device from the USB port. 12 To open the protected website, reconnect the device to the USB port.
258
Updating an Enrolled eToken PRO Anywhere

Update the content of your enrolled eToken PRO Anywhere device to ensure that it is loaded with upto-date certificates. To update an enrolled eToken PRO Anywhere using the eToken Anywhere Enrollment Portal: 1 Connect your eToken PRO Anywhere device to your computers USB port. The eToken PRO Anywhere icon is displayed in the toolbar.
Right-click the tray icon, and select Enroll. The Logon Page opens.
14. eToken Anywhere Enrollment Portal / Updating an Enrolled eToken PRO Anywhere SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
259
Enter your username and password, and click Submit. The Step 2 window opens.
260
Enter the Token Password that was set in Step 8 of on page 257, and click Submit. Your eToken PRO Anywhere is loaded with updated certificates, and the Thank you window opens.
261
5 6
Close the browser, and disconnect the eToken PRO Anywhere device from the USB port. To open the protected website, reconnect the device to the USB port.
262
15

Transaction Signing Portal
Use the Transaction Signing Portal to sign transactions using a SafeNet eToken 3500 (SafeSIGNATURE) token. If your companys portal is fully-functional, you can use the portal to transfer money to a bank account.
In this chapter:
SafeNet eToken 3500 Token Overview Using the Transaction Signing Portal
15. Transaction Signing Portal / SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
263
SafeNet eToken 3500 Token Overview

SafeNet eToken 3500 (SafeSIGNATURE) tokens can generate time-based passwords, and support transaction signing by reading transaction data from a blinking area on the PC screen, smartphone screen, or even a projection. The Transaction Signing Portal captures the operation data, offering security with usability. SafeNet eToken 3500 token includes the following features:

Only the token holder can finalize transactions The dynamic password is used only at the moment of the transaction If the token is tampered with, this is detected and the transaction is rejected Protection against trojan, phishing, Man-in-the-Middle and Man-in-the-Browser attacks Protection against blind signing of transactions; the user checks what is being signed and approved Transaction data is captured from the screen, avoiding the need to type in transaction data The customizable LCD messages are displayed automatically, so the user knows which transaction data is currently being validated
15. Transaction Signing Portal / SafeNet eToken 3500 Token Overview SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
264
Using the Transaction Signing Portal

The following process demonstrates how to enter the Transaction Signing Portal and perform a transaction signing procedure.
NOTE
Transaction Signing Portals are customized to each companys requirements. This document describes the demonstration Transaction Signing Portal supplied by SafeNet. Your actual portal will be different.
To perform a transaction signing procedure using the demonstration portal: 1 Launch the Transaction Signing Portal from your web browser. Ask your system administrator for the URL of the Transaction Signing Portal. The Transaction Signing Portal opens at Step 1.
15. Transaction Signing Portal / Using the Transaction Signing Portal SafeNet Authentication Manager Users Guide, Rev. Revision A, 2012 SafeNet, Inc.
265
2 3
Enter your username. Press the button on your SafeNet eToken 3500 token to generate a One-Time Password (OTP).
266
Enter the generated OTP in the OTP Authentication Code field.

NOTE
if you have an OTP PIN or network password, enter it before the OTP.
Click Submit. The Step 2 page opens.
Enter the Bank Branch number, the Account number and the amount to transfer.
267
For demonstration purposes, any numbers can be entered. 7 Click Submit. The Step 3 page opens.
268
8 9
Press the button on your SafeNet eToken 3500 token and hold for a few seconds to operate the tokens optical sensor. Click Start on the Transaction Signing Portal window. The area below the Start button starts blinking.
10 Hold the token close to the blinking area, with the barcode in the direction of the screen. Hold until the transaction information is displayed on the token. 11 Press the token button several times to display the transaction information that was entered in Step 2, and then press again to generate an eSignature number. 12 In the eSignature field, enter the eSignature number displayed on the token, and click Submit. A Transfer Completed message is displayed.
If your company's portal is fully-functional, the transfer is complete.
269

SAM 8.0 SP4 User Guide Rev A PDF

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

SAM 8.0 SP4 User Guide Rev A PDF

Hochgeladen von

Copyright:

Verfügbare Formate

SafeNet Authentication Manager (SAM)

Version 8.0 SP4 Revision A

SafeNet Authentication Manager Tasks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Token Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Chapter 2: Token Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Hardware Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Software Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Part II: Self Service Center. . . . . . . . . . . . . . . . . . . . . . . . . 33

Chapter 4: Self Service Center - Token Management . . . . . . . . . . . . . . . . . . . . . . . 67

Chapter 5: Self Service Center - User Activities . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Enrolling a New MobilePASS Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Part III: Rescue Service Center . . . . . . . . . . . . . . . . . . . . 156

Chapter 7: Rescue Service Center - Token Activities . . . . . . . . . . . . . . . . . . . . . . 164

Chapter 8: Rescue Service Center - Rescue Token Management . . . . . . . . . . . . . . 191

Part IV: SAM Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Part V: Portals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

Chapter 11: MobilePASS Enrollment Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

Chapter 12: MobilePASS Messaging Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Chapter 13: Apple Mobile Device Enrollment. . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Chapter 14: eToken Anywhere Enrollment Portal . . . . . . . . . . . . . . . . . . . . . . . . 251

Chapter 15: Transaction Signing Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

SafeNet Authentication Manager Overview

Extend Strong Authentication to Cloud Computing

Strong Authentication and Credential Management for Mobile Devices

SafeNet Authentication Manager Tasks

Self Service Center

eToken Anywhere Enrollment Portal

Self Service Center

Rescue Service Center

Self Service Center

Rescue Service Center

Enroll a MobilePASS token Enroll a MobilePASS Messaging token

Enroll an eToken PRO Anywhere token

Enroll an Apple mobile device

Maintaining Your Token

Setting Your Token Password or OTP PIN

Handling a Forgotten Token Password

Handling a Forgotten OTP PIN

Preparing to Take Your Token On-the-Road

Resolving a Lost Token Locally

Resolving a Lost Token On-the-Road

This chapter describes various types of tokens and their uses.

Certificate-Based Authentication OTP Generation Secure Data Storage

Secure Data Storage

Smartcards USB tokens OTP tokens

SafeNet eToken Virtual Products

SafeNet eToken Virtual

SafeNet eToken Virtual Temp

SafeNet eToken Rescue

MobilePASS Messaging Tokens

Self Service Center

. / SafeNet Authentication Manager Users Guide, Revision A, 2012 SafeNet, Inc.

Self Service Center

Self Service Center Overview

Before Any Tokens are Enrolled

You have no active tokens

Completing Your Authentication Questionnaire

After Tokens are Enrolled

Lost Damaged Disabled Revoked

Changing and Resetting Your Token Password

Validating Your OTP Token

Accessing the Self Service Center Main Menu

The Welcome to the Self Service Center window opens.

You have no active tokens