Select the targets (operating system and device type combinations) where users can self-enroll MobilePASS+ and MobilePASS8 tokens. Enrolled and active tokens cannot be transferred between the two MobilePASS apps. The settings apply to the current virtual server.

You can also select which type of software token is available on the allowed targets, to ensure consistent behavior across multiple targets.

You can control the availability of push based on the target. For example, you can enable push on mobile devices but not on desktop devices, such as Windows 10, due to the complexity of push in a desktop environment.

Configure targets and push notifications for MobilePASS tokens

1. On the STA Token Management console, select Policy > Token Policies > Software Token & Push OTP Setting.

   

2. Each row represents a target. Configure the settings for each target:

   Setting	Description
   Allowed	Indicates whether an operating system and device type is available for enrollment. For example, if Android is not allowed, enrollment fails on all mobile devices and tablets running any version of the Android™ platform. If an operating system and device type is not allowed, the row is inactive. When you select Allowed, the default token for that target is enabled.
   MobilePASS+ MobilePASS8	You can select only one MobilePASS application per operating system and device type. For Android, iOS, and Windows 10, select either MobilePASS+ or MobilePASS8. For Windows 10 Mobile, only MobilePASS+ is available. For all other systems, MobilePASS 8 is available. If neither the MobilePASS+ nor the MobilePASS8 check box is selected, the corresponding Allowed check box is also not selected, and the row is inactive.
   Push Notifications	Determines whether a push message is triggered, based on the operating system and the push capability of the user's enrolled tokens.

   The following are the default settings for new virtual servers:

   Operating System	Device Type	Allowed	Token	Push Notifications
   Android	Mobile/Tablet	Enabled	MobilePASS+	Enabled
   Chrome OS	Mobile/Tablet	Enabled	MobilePASS+	Enabled
   iOS	Mobile/Tablet	Enabled	MobilePASS+	Enabled
   macOS	Mobile/Tablet	Enabled	MobilePASS+	Enabled
   Windows 10 Mobile	Mobile	Disabled	MobilePASS+	Enabled
   Windows 10	Desktop/Tablet	Enabled	MobilePASS8	Disabled
   Windows	Desktop	Enabled	MobilePASS8	Unavailable
   Mac OS X	Desktop	Enabled	MobilePASS8	Unavailable
   BlackBerry 10	Mobile/Tablet	Disabled	MobilePASS8	Unavailable
   BlackBerry Java	Mobile/Tablet	Disabled	MobilePASS8	Unavailable
   Windows Phone	Mobile/Tablet	Disabled	MobilePASS8	Unavailable
   Windows RT	Mobile/Tablet	Disabled	MobilePASS8	Unavailable

3. Select Apply.

For a list of supported operating systems and devices, see the MobilePASS+ and MobilePASS 8 Release Notes.

Accelerate push OTP approval for MobilePASS+

The enhanced approval workflow significantly accelerates the authentication process for MobilePASS+ tokens, and enables users to manage push login requests without unlocking their mobile device.

It is highly recommended that you either enforce a device PIN or enable a PIN setting in the MobilePASS token template, so that only the device owner or token assignee can approve a push request.

If the enhanced approval workflow is enabled, users with incompatible versions of MobilePASS+ receive an error message when the application opens. The enhanced approval workflow can be disabled at any time, restoring full functionality with earlier MobilePASS+ versions.

1. On the STA Token Management console, select Policy > Token Policies > Software Token & Push OTP Setting.

   

2. Select the Enhanced approval workflow check box.

3. Select Apply.

Push with number matching

Number matching makes push notifications more secure. Adding number matching to push notifications can protect against push fatigue or push bombing attacks, where the user is spammed with multiple push notifications until they eventually approve a notification just to make them stop. Number matching also prevents users from approving push notifications by mistake.

Number matching forces the user to match the number on the login screen with the number in their SafeNet MobilePASS+ authenticator push notification.

1. On the STA Token Management console, select Policy > Token Policies > Software Token & Push OTP Settings.

2. Select the Secure Push authentication with numerical challenge check box.

   

3. Select Apply.

   Users must match a two-digit number on their push notification with the number that is displayed on the application login screen.