Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All

SafeNet Agent for Password Self-Service

Solution Testing

Please Note:

SafeNet Agents
SafeNet Synchronization Agent
- Install SafeNet Synchronization Agent
- LDAP synchronization server
- SafeNet Synchronization Agent for LDAP
- Configure for SQL
- Synchronization groups
- AD password synchronization
- Grant synchronization permission
- Transaction and synchronization details
- View the LDAP schema
- Aliases 3 and 4
- Configuration options
- Event notifications
- Browse the user source
- Start and stop SafeNet Synchronization Agent
- Backup or restore configurations
- SafeNet Synchronization Agent log files
- Synchronize users from Microsoft Entra ID
- SafeNet Synchronization Agent - Frequently Asked Questions
- SafeNet Synchronization Agent Release Notes
SafeNet Logging Agent
- Log event types
- SafeNet Logging Agent Release Notes
SafeNet Agent for FreeRADIUS
- Setting up FreeRADIUS API for SAS PCE/SPE
- Download BSID and JWT Keys
- Install FreeRADIUS
- Upgrade FreeRADIUS
- Startup Script
- Manual Client Updater
- Troubleshoot SafeNet Agent for FreeRADIUS
- About Protected Extensible Authentication Protocol
SafeNet Agent for NPS
- Compatibility and Components
- NPS for RADIUS Clients
- SafeNet agent for NPS
- Install SafeNet Agent for NPS
- Uninstall SafeNet Agent for NPS
- Upgrade SafeNet Agent for NPS
- RADIUS return attributes
- Proxy server
- NPS settings
- NPS communication settings
- Authentication test
- NPS logging
- NPS localization
- PUSH notifications and NPS
- SafeNet Agent for NPS
SafeNet Agent for Windows Logon
- Installation and Configuration Overview
- System Requirements
- Windows Logon Agent - Authentication Methods
- Pre-installation
- Installing the agent
- Upgrading the agent
- Uninstalling the agent
- Deploying the agent via Group Policy Object
- Deploying the agent via Intune
- Deploying the agent via Microsoft Endpoint Configuration Manager
- Registry Settings
- Management
- Troubleshooting and Advanced Configurations
- Running the Solution
- Passwordless Windows Logon
- Passwordless Setup
- Customizing SafeNet Desktop Logon Application
- Annexure
SafeNet Agent for macOS Logon
- Pre-installation
- Installing, Configuring, Upgrading, and Uninstalling the agent
- Management
- Testing the Solution
SafeNet App Gateway
- System Requirements
- Security Recommendations
- Single Sign-On (SSO) Support for SafeNet App Gateway
- Pre-installation
- Generic Template for SafeNet App Gateway
- Oracle PeopleSoft
- Jenkins Application Configuration in SafeNet Trusted Access
- Deployment options
- Installing the Agent
- Configuring the Agent
- Upgrading and Uninstalling the Agent
- Plugin Model
- Troubleshooting
- Testing the Solution
SafeNet Agent for Password Self-Service
- Security Considerations
- Installation and Configuration
  - Application
  - Agent
  - Policy
- Solution Testing
- Troubleshooting

STA documentation
SafeNet Agents
SafeNet Agent for Password Self-Service
Solution Testing

Solution Testing

Tip

It is a good practice to test the agent before deployment. After the agent is fully configured, add a policy above the Password Self-Service blocking policy. The new policy can be dedicated to the Password Self-Service agent, but also to a small group of test users. You can then test the various conditions.

The flow of running the agent solution and verifying the authentication is based on the selected token type.

Password Reset Flow

Password reset can be performed by using either of the following ways:

Using STA protected application
Using password reset URL

Using STA protected application

Perform the following steps to test the Reset Password flow:

Navigate to the STA protected application.
On the STA sign-in page, enter your Username, and then click LOGIN.
Click Reset password link to reset the password.
Enter the Passcode and click LOGIN to complete the authentication.
After successful authentication, the Reset Domain Password page displays listing the Password Requirements.
In the New Password field, enter a new password, and then enter the new password again in the Confirm Password field. Once all the password requirements matches, the Reset Password button gets enabled. Click Reset Password.
- On the successful password reset, but if the user's domain password is not synced in STA, the following page is displayed:
  
  Click here to see details regarding the message customization.
- On the successful password reset in AD and sync with STA, the following success page is displayed:
- If there is a timeout of two minutes, the Password reset timeout message is displayed:
- If the user fails to reset the password on first attempt, then the following message is displayed:
  
  After exhausting all the attempts, the Unable to reset password message is displayed:

Using password reset URL

Copy and paste the following URL in a browser:

https://<FullyQualifiedDomainName>/passwordselfservice?userName=<username>

where,

FullyQualifiedDomainName is the FQDN of the agent-installed machine.
username is the username that must be mapped to User ID field in STA.

For example, the password reset URL for the user ID JohnDoe will be https://pssagent.azuredc.com/passwordselfservice?userName=JohnDoe

Now, perform step 4 to step 6 mentioned in the Using STA protected application section.

Password Change Flow

Perform the following steps to test the Change Password flow:

Navigate to the STA protected application.
On the STA sign-in page, enter your Username.
Enter Domain Password and click LOGIN.
The following page will be displayed if the password is expired. Click CONTINUE to change the password.
Enter the Passcode and click LOGIN to complete the authentication.
After successful authentication, the Change Domain Password page opens listing the Password Requirements.
On the Change Domain Password page, perform the following steps:

a. Enter your Current Password.

b. Enter the New Password.

c. Enter the new password again in the Confirm Password field.

d. Once all the password requirements matches, the Change Password button gets enabled. Click Change Password.
- On the successful password change and sync with STA, the following success page is displayed:
- On the successful password change, but if the user's domain password is not synced, the following page is displayed:
  
  Click here to see details regarding the message customization.
- If there is a timeout of two minutes, the following error message is displayed:
- If the user fails to change the password on first attempt, then the following message is displayed:
  
  After exhausting all the attempts, the Unable to change password message is displayed:

Customizing the Password Sync Time

The newly reset/changed password is immediately synced to STA. However, the user may get a different wait time message (Default: 20 minutes) in the following two scenarios:

If for any reason, for example, network latency, the new password is not synced to STA immediately. The new password will be effective in STA after the next sync agent runs.
When AD password validation is delegated to a third-party (like Azure AD). The new password will be effective after the password synchronization between AD and third-party.

Note

This wait time duration in the message can be customized by customers, depending upon the user password synchronization frequency between the AD and STA or third-party.

Perform the following steps to change the wait time in the message:

Open Windows Explorer on the agent installed machine and go to <InstallationDirectory>\Publish\wwwroot\Json.
Open the Json file Configurable.json in any text editor.
Modify the key logindelay and update its value as per your requirement. For example, 30.

Default: 20
Save the file.

The wait time duration in the message will be updated successfully.

On this page

SafeNet Trusted Access

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com