SafeNet Token Management System product provide a high-value of protection via secure tokens which makes it a perfect tool of second level authentication in Parallels 2X Parallels Application Server.
To get started, open the Parallels 2X Parallels Application Server console and click on Connection module in the navigation panel. Then click on the Second Level Authentication tab as shown below.
Figure 1: Safenet Management Console
Choose your provider which is SafeNet. Click on Settings.
Ensure that the OTP Service URL is properly configured. Click on ‘Check connection’ button to verify that the connection is valid.
Figure 2: Connection Server settings
The 2X Publishing Agent communicates with the SafeNet Token Management System Server. It is highly recommended to have this behind a Firewall for security reasons. Make sure that the ‘OTP Service URL’ is set correctly.
Modes - Select how you want your users to be authenticated.
Mandatory for all users: Every user using the system must login using two-factor authentication.
Create token for Domain Authenticated Users: Allows Parallels 2X Parallels Application Server to automatically create software tokens for Domain Authenticated Users. Choose a token type from the drop down list. Note that this option only works with software tokens.
Use only for users with a SafeNet account: Allows users that do not have a SafeNet account to use the system without having to login using two-factor authentication.
TMS Web API URL - In this field enter the location of the SafeNet API URL.
User Repository – Enter the user repository destination.
Exclusion rules from second level authentication may be configured using the panel shown below.
User/Group exclude list:
To exclude a User or Group from second level authentication, enable ‘User/Group exclude list’ and press configure.
User / Group Exclude List
Press add to exclude a user or group from second level authentication.
Client IP exclude list:
To exclude clients from a specific IP or a range of IPs from second level authentication, enable ‘Client IP exclude list’ and press configure.
Client IP Exclude List
Then press add to select a client IP or range of IPs as shown below.
IP Address range
Client Mac Exclude list:
To exclude clients from a specific MAC address from second level authentication, enable ‘Client MAC Exclude list’ and press configure.
Client MAC Exclude List
Then press add to select a client MAC address from the range shown below.
Client MAC address List for second authentication exclusion
Connection to the following Gateway IPs
Enter the Gateway IP address to exclude from SafeNet.
Parallels 2X RDP Client
- Enter any four digits in the OTP Pin number field (these digits will be required further on in the process).
- Enter your email address and then click on OK.
- Log onto your email account and retrieve the email containing the information you will need to activate your SafeNet authentication. An example of this email is shown below.
Activation Key: YZQHoczZWw3cBCNo
Token Serial: 4F214C507612A26A
Download MobilePASS client from: http://localhost:80/TMSService/ClientDownload/MobilePASSWin.exe
*Login with domain credentials.
*Place the attached seed file in the same folder as the MobilePASS client.
Enter the One-Time Password to log into the Terminal Server Connection.
Application PIN: 4089
- Download the MobilePASS client from the URL provided in the email.
- Enter the Activation Key found in the SafeNet email.
- Next, input the application PIN found in the email to the “MobilePASS PIN:” textfield.
- Click Generate the eToken number and subsequently “Copy”.
- Combine the OTP PIN and eToken and in this order: OTP + eToken.
- Enter this value into the Parallels 2X RDP Client to and click “OK” to log in.