SafeNet MobilePASS+ for Windows
SafeNet Trusted Access (STA),SafeNet MobilePASS+,SafeNet MobilePASS+ for Windows,SafeNet Authentication Service Private Cloud Edition (SAS PCE)
Product Description
SafeNet MobilePASS+ for Windows is a Winodws client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for Windows is a cost-effective way for businesses to leverage the security of One Time Passwords (OTP) using Windows. Associated with SafeNet Trusted Access (STA), the SafeNet MobilePASS+ for Windows application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the push OTP mechanism.
For a list of existing issues as of the latest release, refer to Known Issues.
Release Description
02/28/2024
SafeNet MobilePASS+ for Windows v2.7.0 introduces the following features:
-
Third-party authenticator support with MobilePASS+: Allows users to enroll third-party authenticators for different web applications to protect their personal and professional accounts. Refer this section for more details.
-
Search authenticator: You can now search the added authenticator under Authenticators. Refer this section for more details.
11/27/2023
This service pack release of STA introduces the following feature:
-
Live location display in MobilePASS+ Push notifications: In MobilePASS+ version 2.4 and later, an advanced feature is introduced that improves security by incorporating a live map display within push notifications. This feature assists users in identifying potentially fraudulent authentication requests by showing the geographic location from which the attempt originated. The inclusion of map displays adds an extra layer of security and reassurance for users.
09/26/2023
SafeNet MobilePASS+ for Windows v2.6.0 introduces the following features:
-
Trusted Platform Module (TPM) support: SafeNet MobilePASS+ for Windows now provides enhanced security for authenticators within MobilePASS+ by using Trusted Platform Module on Windows desktops.
This feature is available only in Windows machines having Trusted Platform Module (TPM) security processor enabled. This feature has been tested in Discrete Trusted Platform Module (dTPM) security processor machines.
-
Authenticator sorting with shared authenticators: When using shared authenticators within MobilePASS+, authenticators are now by default sorted alphabetically when users launch the app.
-
System Center Configuration Manager (SCCM) deployment support: SafeNet MobilePASS+ for Windows MSI now supports deployment using Microsoft System Center Configuration Manager (SCCM).
07/19/2023
SafeNet MobilePASS+ for Windows v2.5.0 introduces the following features:
-
MobilePASS+ push with number matching: Number matching in MobilePASS+ secures push authentications to protect against MFA fatigue or push bombing attacks. Number matching gives control to the user for every login request, because they must select the number that appears during authentication. Refer to the documentation for details about how to enable this feature.
This feature is available only for MobilePASS+ v2.5.0 onwards.
-
Enhancements to Shared authenticators: Improved application performance and stability when using shared authenticators in SafeNet MobilePASS+ for Windows.
01/31/2023
SafeNet MobilePASS+ for Windows v2.4.0 introduces the following enhancement and some bug fixes:
- Enhanced Error Logging: Enhanced logging and error codes in MobilePASS+ for better troubleshooting and investigation.
06/23/2022
SafeNet MobilePASS+ for Windows v2.3.1 introduces the following features and resolves the issue listed below:
-
Standards-based accessibility support: Enhanced accessibility support provides full functionality of SafeNet MobilePASS+ via voiceover, narrator, or keyboard navigation based on WCAG standards.
-
Italian language support
Resolved Issue
| Issue | Synopsis |
|---|---|
| SASMOB-4603 | The toast message displays correctly after successful approval of a push request. |
With this release, hook detection as part of the risk detection feature is fully available.
02/01/2022
SafeNet MobilePASS+ for Windows v2.2.7 resolves the following issues:
Resolved Issues
| Issue | Synopsis |
|---|---|
| SASMOB-4547 | SafeNet MobilePASS+ for Windows now opens correctly on Windows 10 after the Windows security patches are installed. |
| SASMOB-4242 | SafeNet MobilePASS+ for Windows opens correctly after the operating system is upgraded to Windows 10 21H1. |
With this release, hook detection as part of the risk detection feature is temporarily disabled. Debug detection still works as expected.
01/04/2022
SafeNet MobilePASS+ for Windows v2.2 introduces the following features:
-
Support for Windows 11
-
Support for Windows Servers 2019 and 2022 - Available with exe- or msi- based installations of SafeNet MobilePASS+ for Windows.
11/02/2021
SafeNet MobilePASS+ for Windows v2.1 introduces the following feature:
- Dutch language support
09/23/2021
SafeNet MobilePASS+ for Windows v2.0.2 introduces the following features and resolves the issue listed below:
-
Enhanced user experience - Next generation mobile authenticator offering the best-in-class user-experience and native user interface for each platform.
-
German, Chinese, and simplified Chinese language support
-
Risk Detection - Monitors and displays risk parameters associated with SafeNet MobilePASS+ for Windows devices in the customer’s environment. These parameters include OS jailbreak and root status, OS versions in use, possible application tampering, and malware intrusion in order to detect potential risk to the authenticator's integrity. Refer to the documentation for further details.
-
Push Authentication History - Users can now access their push authentication history on SafeNet MobilePASS+ for Windows under the authenticator settings.
-
Support for Dark Mode - SafeNet MobilePASS+ for Windows now supports dark mode when it is enabled on the user’s mobile device.
-
Unlimited Authenticators - SafeNet MobilePASS+ for Windows no longer has the limit on the number of authenticators that can be enrolled.
-
Support for Shared Authenticators- SafeNet MobilePASS+ for Windows authenticators can be managed and accessed by multiple users in Windows. You control which authenticators can be accessed, and by whom, by setting permissions on the token files with windows file management.
This feature is applicable to new authenticators that are created in exe- or msi- based installations of SafeNet MobilePASS+ for Windows.
Resolved Issue
| Issue | Synopsis |
|---|---|
| SASMOB-4069 | SafeNet MobilePASS+ for Windows 10 installs correctly using MSI v2.0.2.1. |
Advisory Notes
SafeNet MobilePASS+ for Windows 10 and 11 is available in Windows Store.
Enable Downloaded Map Manager for Push Notification Maps
Map display in push notification uses the Downloaded Maps Manager service. This service is enabled by default, but it might be disabled by your IT department or by the system management tool. If this service is disabled, then maps are not displayed in login requests.
To enable this service and display the map in push login requests:
-
From the Windows menu, open the Services app.
-
Under Name, find Downloaded Maps Manager, and under Startup Type, see if it's set to Automatic (Delayed Start).
-
If the Startup Type is not set to Automatic (Delayed Start), right-click Downloaded Maps Manager, and select Properties.
-
Under the General tab, next to Startup Type, select Automatic (Delayed Start) and then select OK.
- Downloaded Map manager service will start automatically upon the receipt of push notification.
Installation
SafeNet MobilePASS+ for Windows v2.7 is available in Windows Store.
Installing Windows using an ISO image
When installing Windows using a downloaded ISO image, device drivers related to disk, memory, and processor may not be up-to-date. Updating these drivers may result in failures in the SafeNet MobilePASS+ application, if previously installed, and would require the user to re-enroll their authenticators.
Enterprise firewall and proxy configurations to enable push notifications
To enable push notifications when SafeNet MobilePASS+ for Windows is running on a desktop under a proxy, perform the necessary changes described at:
https://docs.microsoft.com/en-us/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config
Enabling Windows services to allow WNS traffic
To receive push notifications, ensure that the following Windows services are running on the Windows machine which is used to communicate between the device and the WNS Server:
-
Windows Push Notifications System Service
-
Windows Push Notifications User Service_XXXXXX
-
Network Connection Broker
Certificate required for SAS PCE
You require a valid certificate on your SAS PCE server with the following features:
-
trusted
-
not outdated
-
not self-signed
-
matching your domain URL
For security reasons, communications with the server will be interrupted if the certificate does not comply with the security checks.
Using SafeNet MobilePASS+ and SafeNet MobilePASS
SafeNet MobilePASS+ for Windows and SafeNet MobilePASS for Windows can be used on the same device. New token enrollments are for either SafeNet MobilePASS+ for Windows or SafeNet MobilePASS for Windows. This is controlled in SafeNet Trusted Access at the virtual server level.
Enabling the shared authenticator feature
SafeNet MobilePASS+ can be used to share tokens among users in the same machine. To enable Shared Local, enable the corresponding policy.
Alternatively, create a REG_DWORD, titled AllowSharedLocalAppData, with a value of 1 under:
HKEY_LOCALMACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager
Limitations
-
Push notification and risk detection features are not supported with shared authenticators.
-
Virtual Environments (including VDI) are supported only when the shared authenticator feature is enabled.
-
The shared authenticator feature is only supported in exe/msi. It is not supported in the store version of the app.
-
Map display in push request is not supported in Windows Server 2019 and Windows version 1903 and below.
-
Map display in push notification may not work if Downloaded Maps Manager service is disabled.
Known Issues
This table provides a list of the known issues as of the latest release.
| Synopsis |
|---|
Summary: After uninstalling MobilePASS+ MSI using SCCM, the MobilePASS+ app local data files are not removed completely. Workaround: MobilePASS+ app local data can be removed manually from the following folder: |
Summary: When SafeNet MobilePASS+ for Windows is removed using the exe or msi installer file, it is removed for all the users in the local machine. But, local data only is removed for the user whom is removing the app. Workaround: To remove SafeNet MobilePASS+ for Windows for all the users, manually remove the local data folder from all the users or uninstall SafeNet MobilePASS+ for Windows from the app list for all the users. |
Summary: Location in the map view may not be visible within a push notification when switching between multiple push notifications that maybe queued. Workaround: To see the location in the map close the queued push notification and re-open the push notification. This issue occurs only when multiple push notifications are queued in the app. |
Compatibility Information
Operating system
- Windows 10 and 11 Desktop/Tablet; minimum OS version 1809 (Build 17763)
BETA releases of the operating system are not supported.
- Windows 11
- Windows Server 2019 & above
Supported architecture
-
x64
-
x86
Supported authentication servers
-
SafeNet Trusted Access (STA)
-
SafeNet Trusted Access (SAS PCE) 3.12 or later