SafeNet Authentication Client User's Guide
Contents
1. Token with corrupted data Unknown token 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc QO M4 4 36 gt bb Simple View Functions In the right pane select an enabled button to perform the action described Function Rename Token Description Sets a new name for the token Change Token Password Changes the Token Password Unlock Token Unlocks the token and resets the Token Password Delete Token Content Removes deletable data from the token enabled by default View Token Info Provides detailed information about the token Disconnect SafeNet eToken Virtual Disconnects the SafeNet eToken Virtual or SafeNet eToken Rescue with an option to also delete it 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 37 gt bb Opening the Advanced View The SafeNet Authentication Client Tools Advanced view provides additional token management functions To open the SafeNet Authentication Client Tools Advanced view 1 Doone of the following Right click the SafeNet Authentication Client tray icon and from the shortcut menu select Tools On Windows From the Windows taskbar select Start gt Programs gt SafeNet gt2. NOTE It is not possible to import a certificate to a SafeNet eToken Rescue 3 Token Management Importing a Certificate to a Token a ae O Md 79 gt SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc To import a certificate 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Doone of the following e In the left pane select the node of the required token In the right pane click the Import Certificate icon Ka e In the left pane right click the node of the required token and select Import Certificate from the shortcut menu 3 The Token Logon window opens 4 Enter the Token Password and click OK The Import Certificate window opens i E Import Certificate My Token A nG SpfeNet SafeNet Authentication Client O impot a cettficate from my personal certficate store Impon a contficate from a tie 3 Token Management Importing a Certificate to a Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 80 Dd Dbl 5 Select one of the following Import a certificate from my personal certificate store Import a certificate from a file NOTE Importing a certificate from my personal certificate store is applicable only to Windows operating systems 6 If you select Import a certificate from my personal certificate store a list of available certificates is dis
3. E domain41CA CKA_P 4 F Ophan Objects CKA LA P e536a444ec046 CKAAP Kk Settings CKA VA 4 0 My Token CKA VA Settings CKA VA s Jane Parker eToken Virtual 4 Gf Data Objects Lt RE Settings 163 Chent Settings To delete a data object 1 Select the value to be deleted Value CKO_DATA TRUE FALSE 0 egGinaG 51 bytes 00 00 01 00 00 00 01 25 00 00 00 2F 2F 2B 2F 2F 2F 7E 2F 6C 2F 1A 2F 19 2F 2E 2 2 Click the Delete Data Object icon pi x 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 51 gt Dbl Orphan Objects Node An orphan object is a certificate without its key or a key without its certificate A token s Orphan Objects node displays these objects To view a token s orphan objects 1 In the left pane under the token s node expand the Orphan Objects node 2 Select an orphan object 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 52 gt gt The certificate data or the key data of the orphan object is displayed in the right pane SafeNet Authentication Client 60 170 2 9 SeNet Aahertcaton Cert Tools fe 8 45 Tokens 4 RB lane Seth Kk Settings a Salah eToken 52 JS le 5I6a4Ib4icc046 Kk Settings 4 G My Token 4 E3 Data Object po
4. SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 99 gt gt Reader Settings A token is connected to a reader when one of the following occurs A token is physically inserted into a USB port m A SafeNet eToken Virtual is connected A smartcard is physically inserted into a reader During the default installation of SafeNet Authentication Client the following numbers of virtual readers are installed on the computer 2 SafeNet eToken readers 2 iKey readers 1 virtual reader for SafeNet eToken Virtual smartcard emulation 2 SafeNet eToken Virtual slots The number of readers defined on the computer determines the maximum number of these types of tokens that can be recognized upon connection The number of virtual SafeNet eToken readers and eToken Virtual slots for a computer can be changed by a user with local administrator rights on that computer NOTE If SAC is already installed the number of iKey readers can be configured during installation via the command line 3 Token Management Reader Settings SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ MG 4 100 gt gt To change the number of readers 1 2 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 Do one of the following Inthe left pane select the Tokens node In the right pane click the Reader Settings icon e Inthe lef
5. SafeNet Authentication Client gt SafeNet Authentication Client Tools On Linux From the Windows taskbar select Applications gt SafeNet gt SafeNet Authentication Client gt SafeNet Authentication Client Tools On Mac From the Mac desktop select Go gt Applications gt SafeNet gt SafeNet Authentication Client gt SafeNet Authentication Client Tools The SafeNet Authentication Client Tools window opens in the Simp e view 2 Click the Advanced View icon The SafeNet Authentication Client Tools window opens in the Advanced view 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools J SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc M4 4 38 gt DDI SafeNet Authentication Client Oi A 4 SeNet Authentication Cert Toos jb CO bi N E Gi rf S MO 4 Tokens Joe Smith eToken 7300 Token name Joe Smith eToken 7300 a My Toner En kania a Ma name 8 ere Pater Token Vituel PE OxSSaac 7becbdd Total memory capacty 73728 Free space 55356 E Hardware version 90 Femware version 9 0 Card ID C7BECBDD Product name SafeNet eToken 7300 Model Token 9 0 0 0 9 0 41 Card type Java Card OS version eToken Java Applet 1 2 9 Mask version 9 18 9 12 Color Black Supported key size 2048 bts Token Password Present Token Password retres remaining 15 ba The left pane provides a tree view of the different objects to be managed The tree expands to show objects of
6. XE Settings 46 Cert Setings Private key Modius C9 B5 7C EB 4B SE 66 38 56 96 1F OC SA BS 11 AC 2E 58 3E 2C 58 Key specfication AT_KEYEXCHANGE Cryptographic Provider CSP Ocfaut key container Yes Audiary key container Yes Sign padding onboard No Token suthentication on No To delete an orphan object Right click the Orphan Object on the left and select Delete Click the Delete Orphan Object icon E 5 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 53 gt Db Client Settings Node Even when no tokens are connected the left pane includes a C ient Settings node Select it to view your computer s SafeNet Authentication Client Settings in the right pane The changes you make to the Client Settings window will affect all tokens that will be initialized using this computer after the changes have been saved Like the Settings window the Client Settings window contains two tabs m Password Quality m Advanced See Chapter 7 Client Settings on page 158 Using the Virtual Keyboard A virtual keyboard provides protection against kernel level key loggers It provides an additional layer of security by enabling you to enter passwords without using the physical keyboard 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B
7. 20 PM Folder o gt D Vintage music Dec 3 2013 5 44 AM Folder AirDrop Applications E Desktop T Documents Downloads H Movies J Music Pictures DEVICES O Remote Disc T ETOKEN 7300 a eToken 7300 2 Accessing a Protected Flash Partition on Mac If the SafeNet eToken 7300 device s flash partition is password protected the contents of the flash can be accessed only after logging on to the token 6 SafeNet eToken 7300 SafeNet eToken 7300 User Storage SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 154 gt Db To access a SafeNet eToken 7300 device s user storage that is password protected 1 Right click the SafeNet eToken 7300 flash tray icon and for the appropriate device select Log On to Token 2 Log on to the token See Chapter 3 Logging On to the Token as a User on page 61 NOTE If SafeNet Authentication Client is installed use the SafeNet Authentication Client tray menu to log on to your token See Chapter 2 SafeNet Authentication Client Tray Icon on page 26 If SafeNet Authentication Client is not installed use the SafeNet eToken 7300 flash tray menu to log on to your token See SafeNet eToken 7300 Launcher on page 144 The ETOKEN 7300 icon is displayed on the desktop NOTE If the SafeNet eToken 7300 device s flash partition is not password protected the contents can be accessed even if SafeNet Authentication Client
8. 2015 SafeNet Inc O M4 54 Dd Dbl El b3 b lzy ba 8 5 bs 2 a3 lo ko G b 0 628x022 a m Led 0 Ces God fod Ca Cos Ce Ge Ca canstodk 2 5 4 Le la Cr a Ce 1 Eis 2 bzs e ke ve 6 Go Om Gs Cao a If your installation has been configured for virtual keyboard use use it for the following functions Token Logon m Change Password NOTES The virtual keyboard is supported on Windows Operating Systems only The virtual keyboard supports English characters only To type an upper case character press Shift on your physical keyboard 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 55 gt Dp Token Management SafeNet Authentication Client Tools and the SafeNet Authentication Client tray menu enable you to control the use of your tokens When running a management task ensure that the appropriate token remains connected until the process completes NOTE If a customized version of SafeNet Authentication Client is installed the graphics you see may be different from those displayed in this guide In this chapter m Selecting the Active Token Viewing and Copying Token Information Logging On to the Token as a User Renaming a Token Changing the Token Password 3 Token Management SAC 9 0 GA User s Guide 007 012831 001 Re
9. 4 2 To use the Advanced view to unlock a token do the following a Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 3 Token Management Unlocking a Token by the Challenge Response Method SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 70 gt Dbl b Do one of the following e Inthe left pane select the node of the required token In the right pane click the Unlock icon e In the left pane right click the node of the required token and select Unlock from the shortcut menu c Continue with step 4 3 To use the tray menu to change the Token Password do the following a Right click the SafeNet Authentication Client tray icon b If more than one token is connected hover over the appropriate token c Select Unlock Token d Continue with step 4 4 The Unlock Token window opens displaying a value in the Challenge Code field The Challenge Code is 16 characters or if the token was initialized as Common Criteria 13 characters 3 Token Management Unlocking a Token by the Challenge Response Method SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 71 gt Dbl 404065 NOTE Gprenet SafeNet Authentication Client gt 7 Challenge Code SF 25 1727 04 75 60 40 E Response Code i COCO I Token Password must be changed on first logon New Password Carter Password The new password must comply wth the q
10. HP T310 T410 Wyse P Class Oracle SunRay DTU Dell Wyse C10LE 1 Introduction Supported Platforms SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 17 gt gt Supported Tokens SafeNet Authentication Client 9 0 supports the following tokens Certificate based USB tokens SafeNet eToken PRO Java 72K SafeNet eToken PRO Anywhere SafeNet eToken 5100 5105 SafeNet eToken 5200 5205 SafeNet eToken 5200 5205 HID Smart cards m SafeNet eToken PRO Smartcard 72K m SafeNet eToken 4100 Certificate based hybrid USB tokens m SafeNet eToken 7300 m SafeNet eToken 7300 HID m SafeNet eToken 7000 SafeNet eToken NG OTP Software tokens m SafeNet eToken Virtual m SafeNet eToken Rescue 1 Introduction Supported Tokens SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGa 18 gt Dbl End of Sale tokens smart cards SafeNet iKey 2032 2032u 2032i Windows and Mac only SafeNet Smartcard SC330 SC330u SC330i SafeNet eToken 7100 SafeNet eToken NG Flash SafeNet eToken 5000 iKey 4000 SafeNet eToken 4000 SC400 SafeNet eToken 4000 SC400 eToken PRO 32K v4 2B eToken PRO 64K v4 2B eToken Pro SC 32K v4 2B eToken Pro SC 64K v4 2B NOTE SafeNet Authentication Client 9 0 Linux supports only Smart Card manageability for SafeNet eToken 7300 Storage management functionality such as Partitioning Initialization Image burning etc will onl
11. Icon Right Click Cont Menu Item Disconnect SafeNet eToken Virtual Enabled for SafeNet eToken Virtual or SafeNet eToken Rescue only O Disconnect See Chapter 5 Disconnecting or Deleting a SafeNet eToken Virtual Producton page 134 Copy to Clipboard None See Chapter 3 Viewing and Copying Token Information on page 59 NOTE Depending on the token type additional options may be displayed in the dropdown menu Some administrator functions are available only if an Administrator Password has been set for the token The administrator icons are located on the right side of the window enclosed within a border BG MU See Chapter 3 Logging On to the Token as an Administrator on page 91 NOTE Administrator functions are not supported by iKey devices The unlock option is available on iKey devices that were initialized using BSec with the unlock keys After an iKey device is locked the unlock option becomes available 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 43 b Dbl Certificate Type Node If the selected token contains certificates one or two of the following Certificate Type nodes are displayed in the left pane under the token s node m User Certificates m Certificate Authority Certificates CA Common Criteria Certificates CC When you select a Certificate Type
12. Inc O 4 4 97 Dd Dbl Working with IdenTrust IdenTrust supports two modes m Token Password entered each time a certificate is used This is supported by all SafeNet eToken and iKey devices Identity PIN Legacy used as an Identity PIN and is entered each time an identity certificate is used This is supported by all SafeNet eToken and iKey devices Using the Identity PIN Legacy Changing the Identity PIN To change the Identity PIN 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Right click the token and select Change Identity PIN 3 The Change Identity PIN window opens 4 Enter the current PIN and enter and confirm the new PIN 3 Token Management Working with IdenTrust SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 98 gt Dbl Unblocking the Identity PIN If an incorrect Identity PIN is entered multiple times the PIN becomes blocked It must be unblocked to enable you to continue working with the token To unblock the Identity PIN 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Right click the token and select Unblock Identity The Unblock Identrust PIN window opens 3 Enter the unblocking code in the Enter Unblocking Code field 4 Enter a new password in the New Password and Confirm Password fields and click OK 3 Token Management Working with IdenTrust
13. Initialization Configuring Initialization Settings J SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc M4 4 115 gt DDI Certificates with 2048 bit To reserve adequate space on the token set the maximum number of Common keys Criteria certificates with 2048 bit keys that will be imported to the token Select a number within the range 1 16 17 Click Next 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 116 gt Dbl The Advanced Security Settings window opens Use this window to configure Cryptography and RSA Authentication Settings 204842 RSA key support Aways fastest RSA key secondary authentication Never Manually set the number of reserved RSA keys 10242 keys 4 Token Initialization Configuring Initialization Settings 7 b SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 117 gt 18 Under Optional cryptography mechanism complete the fields as follows Field Description OTP Support Default disabled Select to enable OTP support on compatible tokens Default enabled 2048 bit RSA key support VSEE Select to enable 2048 bit RSA key support on compatible tokens Default Always fastest To enhance performance SafeNet Authentication Client caches public information stored on the token This option defines
14. M4 4 135 gt Dbl Using a SafeNet eToken Virtual to Replace a Lost Token To use a SafeNet eToken Virtual or eToken Rescue to replace a lost token the SafeNet eToken Virtual or SafeNet eToken Rescue must be enrolled using SafeNet Authentication Manager For more information refer to the SafeNet Authentication Manager documentation 5 SafeNet eToken Virtual Using a SafeNet eToken Virtual to Replace a Lost Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 136 gt Dbl Unlocking a SafeNet eToken Virtual If you enter an incorrect password more than a pre defined number of times the SafeNet eToken Virtual becomes locked To unlock the token see Chapter 3 Unlocking a Token by the Challenge Response Method on page 69 or Unlocking a Token by an Administrator on page 94 NOTE The number of times that a SafeNet eToken Virtual can be unlocked can be limited to a specific amount If this number is exceeded the SafeNet eToken Virtual becomes unusable This function is not available for a SafeNet eToken Rescue 5 SafeNet eToken Virtual Unlocking a SafeNet eToken Virtual SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 137 gt Dd Generating a One Time Password OTP The Generate OTP function is available only if a SafeNet eToken Virtual or eToken Rescue with the OTP feature activated is stored on your computer To generate an OTP 1 Rig
15. M44 74 gt Dbl b Do one of the following e In the left pane select the node of the required token In the right pane click the Unlock icon e In the left pane right click the node of the required token and select Unlock from the shortcut menu c Continue with step 3 3 The Unlock Token window opens The new Password mat comply wth the quality settings defined on the token Aseoure Password has at least 8 characters Te AE lower case letters numersis and special characters uch as 7 Cumert Language EN Erter the Unblociung Code 4 Enter one of the unblocking codes in the Enter Unlocking Code field 3 Token Management Unlocking an iKey Token Initialized Using BSec Utilities SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 75 gt Dbl NOTE For iKey 4000 Up to six unblocking codes can be stored on each token and each unblocking code can be used only once The unblocking codes can be used in any order If only one unblocking code is configured it can be re used an unlimited number of times If more than one unblocking code is configured each unblocking code can be used only once 5 Enter a new password in the New Token Password and Confirm Password fields and click OK A message confirms that the token was unlocked successfully 6 Click OK 3 Token Management Unlocking an ikey Token Initialized Using BSec Utilities SAC 9 0 GA User s G
16. Virtual 1 0 0c ce ees 130 Overview of SafeNet eToken Virtual Products 0 cc cece eee eee ees 131 Connecting a SafeNet eToken Virtual 0 0 eee ees 132 Disconnecting or Deleting a SafeNet eToken Virtual Product 1 0 0000 cece eee eee eee 134 Using a SafeNet eToken Virtual to Replace a Lost Token 1 ce ees 136 Unlocking a SafeNet eToken Virtual 1 0 ccc eee ees 137 Generating a One Time Password OTP 00 ccc cee eee eee ee eee eee eee 138 Using a SafeNet eToken Virtual on an External Storage Device n s cc ee 140 Using an Emulated SafeNet eToken Virtual 1 0 0 ee ee eens 141 Chapter 6 SafeNet eToken 7300 0 cc ee ees 142 Introduction to SafeNet eToken 7300 0 6 cs cccaos dice sai ar ee Ge retGe dwt eavaw hee cee e Pee ea 143 SafeNet eToken 7300 Launcher 1 0 0 cc ee ees 144 Running the Launcher to Open the Tray Icon on Windows sssaaa saasaa ees 144 Running the Launcher to Open the Tray Icon ON MaC sssusa sanaaa 146 SareNet eToken 7300 Tray Menu ss civ AK AG KA KG BALAG KG a ek ke eR a eae 148 SafeNet eToken 7300 Tray Menu Functions 0 00 ccc ee ee eee 148 Using the SafeNet eToken 7300 Tray ICON ee ee eens 149 Selecting the Token from the SafeNet eToken 7300 Tray Menu ce ces 150 Closing SafeNet eToken 7300 vererien rapin peana a oa es 150 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 7 gt SafeNet eToken 7300
17. a settings recommended token When selected all options in the window become available Minimum length charac Default 6 characters ters Maximum length charac Default 16 characters ters The minimum period before the password can be changed Default 0 none Minimum usage period For iKey devices the periods are rounded up to periods of weeks 7 days even though days the period is displayed in days For example if the period is displayed as less than a week say 6 days iKey regards it as a week If the period is more than two weeks say 15 days iKey regards it as three weeks Maximum usage period The maximum period in days before which the password must be changed days Default 0 none For iKey devices the periods are rounded up to periods of weeks See row above for more information Expiration warning period Defines the number of days before the password expires that a warning message is days shown Default 0 none 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 112 gt gt Field Cont Description Cont History size Defines how many previous passwords must not be repeated Default For eToken devices 10 For iKey devices 6 Maximum consecutive The maximum number of repeated characters that is permitted in the password repetitions Default 3 This fea
18. as Auxiliary See Setting a Certificate as Default or Auxiliary Windows only on None page 87 Set as Auxiliary Windows only Copy to Clipboard a See Viewing and Copying Token Information on page 59 None Set as KSP Set as CSP See Setting a Certificate as KSP or CSP Windows only on None page 85 Set as KSP Set as CSP Windows only 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 47 Dd Dbl Settings Node Each connected token has a Settings node Select it to see the settings in the right pane SafeNet Authentication Client Gi a 48 SateNet Authentication Gient Tools Password Quality Advanced 4 45 Tokens 4 Joe Smah eToken 7300 x Minimum length characters 8 ee Maxamum length characters 16 o Settings Minimum la 2 Jane Parker eToken Vitual usage period days 0 a Data Objects Maximum usage period days 0 a Settings Expiration waming period days 0 Ka 7 i 3 Md Mat ment only maana Manual Complexty Rules sme 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 48 gt h The settings are in two tabs m Password Quality See Chapter 8 Setting Token Password Quality on page 172 m Ad
19. eToken Virtual from the shortcut menu 3 Navigate to the SafeNet eToken Virtual file etvp or eToken Rescue file etv and double click it The SafeNet eToken Virtual product is connected 5 SafeNet eToken Virtual Connecting a SafeNet eToken Virtual SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 133 gt gt Disconnecting or Deleting a SafeNet eToken Virtual Product For security purposes disconnect your SafeNet eToken Virtual or SafeNet eToken Rescue from its connected reader when you are not using it Under certain conditions the token is disconnected automatically See Using a SafeNet eToken Virtual on an External Storage Device on page 140 When your SafeNet eToken Virtual product is no longer required disconnect and also delete it For example if your SafeNet eToken Rescue temporarily replaced a lost token disconnect and delete it when you receive a permanent replacement token To disconnect or delete a SafeNet eToken Virtual 1 To use the Simple view to disconnect do the following a Open SafeNet Authentication Client Tools Simple view See Opening the Simple View on page 33 b In the left pane select the required SafeNet eToken Virtual or eToken Rescue token In the right pane select Disconnect SafeNet eToken Virtual or Disconnect SafeNet eToken Rescue d Continue with step 2 To use the Advanced view to disconnect do the following a Open SafeNet Authenticat
20. gt DDI 5 Select Create Token Password to initialize the token with a Token Password If the token is initialized without a Token Password it will not be usable for token applications 6 Enter a new Token Password in the New Token Password and Confirm fields NOTE The default Token Password is 1234567890 If the token is initialized with the default Token Password and standard password quality requirements are in effect the user must select the Token Password must be changed on first logon option Otherwise the initialization will fail because the default password does not meet the password quality requirements If the Token Password must be changed on first logon option is selected the initialization will succeed and the user will be prompted to create a new password when next logging on with the token The user will be required to set a Token Password that meets the Password Quality requirements configured in the Settings window See Chapter 8 Setting Token Password Quality on page 172 7 To initialize an Administrator Password select Create Administrator Password and enter a password in the New Administrator Password and Confirm fields The minimum password length is 4 characters NOTE Setting an Administrator Password enables certain functions to be performed on the token such as setting a new Token Password to unlock a token iKey tokens do not support Administrator Passwords 4 Token Initiali
21. must be initialized If it is not a physical token it must be replaced When the administrator has access to the user s token the administrator can unlock the token using the Set Token Password feature See Chapter 3 Unlocking a Token by an Administrator on page 94 Another way to unlock the token and set a new Token Password is to use the Challenge Response authentication method The user sends the administrator the Challenge Code supplied by SafeNet Authentication Client Tools and then enters the Response Code provided by the administrator The token becomes unlocked and the new Token Password set by the user replaces the previous password 3 Token Management Unlocking a Token by the Challenge Response Method SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 69 gt gt This method requires a management system such as SafeNet Authentication Manager that can generate Response Codes NOTE In SafeNet Authentication Client version 8 2 standard mode and later the Challenge Response unlock method supports both SafeNet eTokens and SafeNet iKey devices To unlock a token using the Challenge Response method 1 To use the Simple view to unlock a token do the following a Open SafeNet Authentication Client Tools Simple view See Opening the Simple View on page 33 b In the left pane select the required token c Inthe right pane select Unlock Token d Continue with step
22. node a list of the appropriate certificates on the token is displayed in the right pane SafeNet Authentication Client 0174 SateNet Authentication Client Tools HE pr Tokens n A Sic issued To Issued By Expiration Purposes Ej eToken PRO Anywhere EEjleToken PRO VeriSign Class 1 Individual Subs 28 Sep 2 Secure Email Client Aut Ft Settings Q RIM BlackBery Smart Card Reader 0 163 Cient Settings 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O Wa 4 44 bh Depending on the certificate type the following functions may be available User Function Icon Right Click Menu Item Import Certificate See Chapter 3 Importing a Certificate to a Token on A Import Certificate page 79 Reset Default Certificate Selection See Chapter 3 Clearing a Default Certificate Windows El Nae Default Certificate Selection saba Windows only only on page 89 A node for each certificate is displayed in the left pane under the Certificate Type node ECC Certificates ECC certificates are supported when using ECC tokens only 4 S SafeNet Authentication Client Tools 4 43 Tokens 4 eToken PRO Java ECC 4 GE User certificates E Administrator Kb Settings 0 Client Settings 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 00
23. occurs because the Windows logon process cannot deal with multiple smartcard readers However if you want to work with the SafeNet eToken Virtual located on the hard drive the administrator can configure SafeNet Authentication Client to support this It is important to disconnect the emulated SafeNet eToken Virtual when you have finished the session so that the computer reverts to working with the default reader 5 SafeNet eToken Virtual Using an Emulated SafeNet eToken Virtual SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 141 gt gt SafeNet eToken 7300 SafeNet eToken 7300 devices combine a certificate based authentication solution with password protected data and application storage on up to 64GB of encrypted flash memory In this chapter Introduction to SafeNet eToken 7300 SafeNet eToken 7300 Launcher SafeNet eToken 7300 Tray Menu SafeNet eToken 7300 User Storage Partitioning the SafeNet eToken 7300 6 SafeNet eToken 7300 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 142 gt gt Introduction to SafeNet eToken 7300 The SafeNet eToken 7300 device is a hybrid certificate based authentication token and a flash token on a single device SafeNet eToken 7300 addresses the following needs m Portable secure applications Secure access to online resources with the ability to store portable applications on the token that are accessible when t
24. retries 15 FIPS FIPS 140 2 L2 compatible Common Criteria N A Sign padding on board Yes RSM N A ECC N A CSP eToken Base Cryptographic Provider KSP SafeNet Smart Card Key Storage Provider 3 Token Management Viewing Supported Cryptographic Providers SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 84 Dd Dbl Setting a Certificate as KSP or CSP Windows only When you select a certificate node in the SafeNet Authentication Client Tools Advanced view the cryptographic provider supported by the specific certificate is displayed under Private Key Data You can set a certificate type as Key Storage Provider KSP or Cryptographic Service Provider CSP This is typically required when you have a token enrolled with a legacy CSP that you want to convert to KSP to enable support for the Suite B set of cryptographic algorithms such as SHA 2 To set the certificate as KSP or CSP 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane expand the node of the required token 3 Token Management Setting a Certificate as KSP or CSP Windows only J SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc M4 4 85 gt Dl SafeNet Authentication Client 6i12 7 8a PAA GG PG NN BGM M IPO ag Tokens a Wig kba Mask version 9 18 9 12 a a Settings Color Black 19 Pena Supported key size 2048 bes Token Password
25. secondary password for accessing the key If the user clicks OK the RSA key is generated and the If the user clicks Cancel RSA key password entered becomes the new key s secondary generation fails password When using the certificate the user must authenticate once using the Token Password For each operation that requires the RSA key the user must authenticate using the secondary password 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 126 gt Dbl RSA Key Secondary Authentication settings Setting Always prompt user Description Every time an RSA key is generated the user is prompted to create a secondary password for accessing the key If the user clicks OK the RSA key is generated and the password entered becomes the new key s secondary password When using the certificate the user must authenticate once using the Token Password For each operation that requires the RSA key the user must authenticate using the secondary password If the user clicks Cancel the RSA key is generated without a secondary password When using the certificate the user must authenticate once using the Token Password No additional authentication is required for opera tions that require the RSA key 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 0128
26. the connected tokens 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 39 gt IN Advanced View Functions You can access the advanced functions by selecting the required object from the left pane in the Tools Advanced View window To access the Advanced functions 1 Inthe SafeNet Authentication Client Tools Advanced view window expand the tree in the left pane to display the required object The relevant functions are displayed in the right pane 2 Doone of the following e In the left pane right click the object and select the required function from the shortcut menu e Inthe left pane select the object In the right pane click the appropriate icon or select the required tab Tokens Node When you select the 7okens node in the left pane the list of connected tokens is displayed in the right pane and icons are displayed above them 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 40 Dd gt SafeNet Authentication Client 6124 4S SakeNet Authentication Client Tools BO 4145 Tokens 4 Joe Smith eToken 7300 RE Settings gt My Token ED Jane Parker eToken Virtual 163 Client Settings gt My Token The following functions are available Joe Smith eToken 7
27. the following Preserve the token settings and policies Select to keep current token policies and settings Selecting this option will allow you to Create a Token Password Create an Administrator Password Set One factor Logon Repartition the token s flash drive Configure all initialization settings and policies Select to change all token policies and settings 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 107 gt DDI The Password Settings window opens ssivOs os TER 1 prenet SafeNet Authentication Client Token Name Create Token Password VI New Token Password Corfm Password Logon metnes before token is locked 15 2 J Token password must be changed on first logon Creste Administrator Password Y Crome Admirina Password Cortiom Password Logon metnes before token is locked 15 a Curert Language EN Onetocter legen 4 Enter a name for the token in the Token Name field If no name is entered a default name is used In many organizations the default token name is My Token The token name does not affect the token contents It is used solely to identify the token 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 108
28. to logon to domain B If your In most Microsoft applications smart card logon previous logon was to domain A it means that the is used certificate used to logon to domain A is now the Default If you need to log on to domain B from another computer the following happens If you first set the domain B certificate as Default the logon uses the correct certificate and the logon succeeds If you do not set the domain B certificate as Default the domain A certificate is used and logon fails 3 Token Management Setting a Certificate as Default or Auxiliary Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 4 87 gt Dbl Setting Auxiliary Description Cont Some applications use Client Authentication and not smart card logon Client Authentication provides access to fewer system resources than smart card logon SafeNet Authentication Client enables a Client Authentication logon process for these applications such as VPN If more than one certificate on the token includes Client Authentication as an Intended Purpose define which certificate to use by setting it as Auxiliary Scenario Cont Your token contains a certificate intended for VPN connection but there is another certificate that also includes Client Authentication as its Intended Purpose The certificate for the VPN connection must be set as Auxiliary to ensure that it is use
29. when private information excluding private keys on the token can be cached outside the token Select one of the following options Private data caching Always fastest Private information is always cached in the application memory This enables fast performance as certain information is cached on the host machine However this option is less secure than if no cache is allowed While user is logged on Private information is cached outside the token as long as the user is logged on to the token Once the user logs out all the private data in the cache is erased Never Private information is not cached 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 118 gt gt RSA key secondary authen Default Never tication An authentication password may be set for an RSA key Depending on how this option is set in addition to having the token and knowing its Token Password accessing the RSA key may require knowing the password set for that particular key Having a password for the key is known as secondary authentication Select one of the following Always Always prompt user Prompt user on application request Never Token authentication on application request For an explanation of these options see Setting the RSA Key Secondary Authenti cation Field on page 126 If the token was initialized as Common C
30. 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 8 Dd Dbl Chapter 9 LICENSING 2 22220 ececadcade age se Ge PAGA Sesh oe Pee 94 Hee AO 181 Viewing and Importing Licenses a cede eee ee ee EM BANG 182 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 9 Dd Dbl Introduction SafeNet Authentication Client enables token operations and the implementation of token PKI based solutions In this chapter Overview SafeNet Authentication Client Main Features What s New Supported Browsers Supported Platforms Supported Tokens Supported Localizations 1 Introduction SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc QO MEG 10 gt gt Overview SafeNet Authentication Client is Public Key Infrastructure PKI middleware that provides a secure method for exchanging information based on public key cryptography enabling trusted third party verification of user identities It utilizes a system of digital certificates Certificate Authorities and other registration authorities that verify and authenticate the validity of each party involved in an internet transaction SafeNet Authentication Client provides easy to use configuration tools for users and administrators 1 Introduction Overview SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 11 gt gt SafeNet Authentication Client Main Features
31. 00 initialization process always initializes the smartcard and partitions the flash drive If partitioning settings are not set before the initialization proceeds the default partitioning settings are used iKey tokens do not support advanced initialization settings 22 Under DVD Partition complete the fields as follows 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 123 gt gt Field Description DVD Source Select one of the following None DVD is not partitioned options are disabled Burn SafeNet default ISO file burns the SafeNet default ISO file located in the SAC folder Burn ISO file burns an ISO file located elsewhere on the computer Copy from folder copies an entire folder from the computer Copy from ROM drive copies files from the selected CD ROM drive 23 Under Protection complete the fields as follows The Protection area determines the token content s security level Field Description Repartitioning Password protection requirements for future partitioning User Storage Select the password requirements for accessing the user storage NOTE For future partitioning without initialization to be password protected the token must be initialized with an Administrator Password 4 Token Initialization Configuring Initialization Settings wees E O Md
32. 01 Revision B 2015 SafeNet Inc O M4 4 103 gt Dbl Overview of Token Initialization The token initialization process removes all objects stored on the token since manufacture frees up memory and resets the Token Password Then the token is initialized with specific settings according to the organizational requirements or security modes Typically initialization is carried out on a token when an employee leaves the company enabling the token to be issued to another employee It completely removes the employee s individual certificates and other personal data from the token preparing it to be used by another employee The following data is initialized Token name Token Password Administrator Password optional not supported by iKey devices Maximum number of logon failures allowed Requirement to change the Token Password on the first logon Initialization key All user generated data such as certificates and profiles Using customizable parameters you may be able to select specific parameters that will apply to certain tokens These parameters may be necessary if you wish to use a token for specific applications or if you require a specific Token Password or Administrator Password on multiple tokens in the organization 4 Token Initialization Overview of Token Initialization SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 104 bA Configuring Initialization Settings NOTE De
33. 300 Jane Parker eToken Vitual Function Reader Settings See Chapter 3 Reader Settings on page 100 Icon Right Click Menu Item Reader Settings Connect SafeNet eToken Virtual See Chapter 5 Connecting a SafeNet eToken Virtualon page 132 Connect SafeNet eToken Virtual 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc OG M 4 41 gt bb Selected Token Node The token names are displayed in the left pane When you select a token name the following occurs Information about the token is displayed in the right pane and function icons are displayed above it m The name of the token reader is displayed in the tool tip Right click a token name to open a drop down menu of the functions available for that token The following user functions are available User Function Icon Right Click Menu Item eo Token Initialization on page 103 a mig ING nid Aa BAS On to the Token as a User on page 61 A TR A o oe a Certificate to a Token on page 79 ra pears se a eee the Token Password on page 65 Suge KONG Saye Renaming a Token on page 63 N ka 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 42 Dd Dbl User Function Cont
34. 31 001 Revision B 2015 SafeNet Inc gt M 4 127 gt DN RSA Key Secondary Authentication settings Setting Prompt user on applica tion request Description When using an RSA key generation application that requires secondary passwords for strong private key protection such as Crypto API with a user protected flag or the PKCS 11 CKA_ALWAYS_AUTHENTICATE attribute the user is prompted to create a secondary password for accessing the RSA key If the user clicks OK the RSA key is gen erated and the password entered becomes the new key s secondary password When using the certificate the user must authenticate once using the Token Password For each operation that requires the RSA key the user must authenticate using the secondary password If the user clicks Cancel RSA key generation fails When using applications that do not require secondary passwords for strong private key protection the RSA key is generated without a secondary password When using the certificate the user must authenticate once using the Token Password No additional authentication is required for opera tions that require the RSA key Never Secondary passwords are not created for new RSA keys When using the certificate the user must authenticate once using the Token Password No additional authentication is required for operations that require the RSA key 4 Token Initialization Configur
35. 4 124 gt SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc 24 Under Size the following fields are displayed and may not be edited Field Description Total flash Total size of the flash memory DVD user storage 25 Under A low Boot complete the fields as follows Field Description From DVD partition Select to load contents from DVD partition when the SafeNet eToken 7300 device is connected From user storage Select to load contents from user storage partition when the SafeNet eToken 7300 partition device is connected 26 Click Finish The Initialize Token Notification window opens NOTE The partitioning process can take several minutes Do not disconnect the token until a confirmation message is displayed 27 Click OK NOTE If a Microsoft Windows message opens prompting you to format the disk click Cancel 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 125 gt Dbl When the partitioning process is complete a confirmation message is displayed Setting the RSA Key Secondary Authentication Field The following table explains the options for the RSA key secondary authentication setting RSA Key Secondary Authentication settings Setting Description Always Every time an RSA key is generated the user is prompted to create a
36. 5 SafeNet Inc O MG 15 gt gt Supported Platforms SafeNet Authentication Client 9 0 Windows supports the following operating systems Windows Vista SP2 32 bit 64 bit Windows Server 2008 R2 SP1 32 bit 64 bit Windows Server 2008 SP2 32 bit 64 bit Windows Server 2012 64 bit Windows Server 2012 R2 64 bit Windows 7 SP1 32 bit 64 bit Windows 8 32 bit 64 bit Windows 8 1 32 bit 64 bit NOTE In Windows 8 1 environments SafeNet eToken 7300 devices earlier than version 9 0 35 can be used only when SafeNet Authentication Client is installed SafeNet Authentication Client 9 0 Linux supports the following operating systems Red Hat 6 6 7 0 32 bit and 64 bit Ubuntu 13 10 14 04 32 bit and 64 bit Debian 7 7 32 bit and 64 bit SUSE Enterprise Desktop 11 3 32 bit and 64 bit 12 0 64 bit CentOS 6 6 32 bit and 64 bit 7 0 64 bit 1 Introduction Supported Platforms SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 16 gt gt m Fedora 20 32 bit and 64 bit SafeNet Authentication Client 9 0 Mac supports the following operating systems m Mac OS X 10 9 Mavericks m Mac OS X 10 10 Yosemite Tablets SafeNet Authentication Client 9 0 supports the following Tablets m Lenovo ThinkPad Tablet running Windows 8 m Microsoft Surface Pro running Windows 8 1 Thin Clients SafeNet Authentication Client 9 0 supports the following Thin Clients
37. 7 012831 001 Revision B 2015 SafeNet Inc O MGA 45 gt bb Selected Certificate Node When you select a certificate under the User certificates CA certificates or CC certificates node information about the certificate is displayed in the right pane SafeNet Authentication Client AO A 4 8 SateNet Authentication Cent Tools HAB 4 45 Tokens 4 Joe Smith eToken 7300 Cerificate Settings Serial number SA 58 48 CA 54 IF C8 BA 49 E8 15 D1 71C9 1532 a 4 9f Hany Potter eToken 5200 maa domains ICA 4 E CA cetficates parapa Issued by domain41CA p E domains CA le 4 Ophan Objects Vald from 2Nan 2006 leS atDtiocdag Vdto 2en 2011 x Settings Intended puposes All application policies 4D My Token Friend nama SAC Nono gt Settings J 4 Jane Parker eToken Virtual Data Objects Settings 46 Chert Settings 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools f O M 4 46 gt P SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc Some or all of the following functions are available User Function Icon Right Click Menu Item Delete Certificate A Delete Certificate See Deleting a Certificate on page 90 Export Certificate FA E See Exporting a Certificate from a Token on page 82 Export Certiricate Set as Default See Setting a Certificate as Default or Auxiliary Windows only on None page 87 Set as Default Windows only Set
38. CB Documents Downloads H Movies J Music CJ Pictures DEVICES O Remote Disc ETOKEN 7 2 eToken 7 5 eToken 7300 S SafeNet Authentication Client 3 Click the SafeNet Authentication Client icon In the menu bar the SafeNet eToken 7300 flash tray icon is displayed 6 SafeNet eToken 7300 SafeNet eToken 7300 Launcher SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 147 gt Dbl SafeNet eToken 7300 Tray Menu The SafeNet eToken 7300 flash tray icon offers the same shortcut menu to token functions as the SafeNet Authentication Client tray icon If SafeNet Authentication Client is not installed use the SafeNet eToken 7300 tray menu for token management SafeNet eToken 7300 Tray Menu Functions The following functions can be accessed quickly by right clicking the SafeNet eToken 7300 tray menu About displays product version information and license information Token selection allows you to select one of the connected tokens to be the active token This function is available only when more than one SafeNet eToken 7300 device is connected Change Token Password opens the Change Password window for the selected token See Chapter 3 Changing the Token Password on page 65 Unlock Token opens the Unlock Token window for the selected token See Chapter 3 Unlocking a Token by the Challenge Response Method on page 69 Certificate Information opens the 7oken Certificate Informatio
39. Certificate Type Nod s s tosa 8446 0ee BRING ea ee ER eae eee a ee A we ew hw a 44 ECE CeMntifiGates a5 5 aa evn maa Gere Je genie aNG ka AA AA a eae ag gen eal a 45 Selected Certificate Node 1 ee ee eee eee eens 46 Settings NOd carar hat pete daa OMe alee eae eae aa ee ee Eee NA Dh oe eae ee eee Oe 48 Data Objects Nod cracas aw eee eee eee ee na Rw Oe ee ee we de ne 50 Orphan Objects N de sss ae sree ha eee a hea ee Mies gad OS EE wale ead pale eee ee We Bele 52 Client Settings Noder a once ee aed ts ee Bad eee ee ea KG ee eae ea ee hae eae es 54 Using the Virtual Keyboard 2 0 00 c cc ee 54 Chapter 3 Token Management sasaaa aaan e eee ees 56 Selecting the Active TOKEN 3 4a ak eke Ghana aww eee GRE KKA eee ana a owes Seaweed eos 58 Viewing and Copying Token Information 0 cc ee ees 59 Logging On to the Token aS a User 1 cc eee ee eee 61 Renaming a TOKEN cc caca crasa Bee ee REGS ee ee ee ER SEE ee eR ORE SOR ae ew 63 Changing the Token Passwords essais ewes anaana WG EA ee we Re ee A 65 Unlocking a Token by the Challenge Response Method 0 00 cece eee eee ee eee 69 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 5 gt Unlocking an iKey Token Initialized Using BSec Utilities n 0 a 74 Deleting Token Content aa a he ia ayn Ss oe AE ob aaa mh oa 77 Importing a Certificate to a Tokens paaa Si cane cede dwadeekee Per eee bes vias eee ee wee eee T
40. Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 22 gt SafeNet Authentication Client User Interfaces This section describes the SafeNet Authentication Client user interfaces NOTE If a customized version of SafeNet Authentication Client is installed the graphics you see may be different from those displayed in this guide In some installations the word Password is replaced by PIN or Passcode The screens displayed in this section have been taken from a Windows operating system Linux and Mac operating system screens differ slightly from the Windows screens In this chapter m Overview of SafeNet Authentication Client User Interfaces m SafeNet Authentication Client Tray Icon m SafeNet Authentication Client Tools 2 SafeNet Authentication Client User Interfaces SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 23 gt gt Overview of SafeNet Authentication Client User Interfaces Administrators use SafeNet Authentication Client Tools to set token policies Users use SAC Tools to perform basic token management functions such as changing passwords and viewing certificates on the tokens In addition SAC Tools provides users and administrators with a quick and easy way to import digital certificates and keys between a computer and a token SAC Tools includes an initialization feature allowing administrators to initialize tokens according to specific organiza
41. Present Q Parker eToken Virtual E si pitera Token Password retries remaining 15 Settings Maximum Token Password retnes 15 48 Cent Settings Token Password expiration No expiration Administrator Password retries remaining 15 Madmum administrator Password retries 15 FIPS FIPS 140 2 L2 compatible Common Criteria N A l RSM N A Ecc N A CSP eToken Base Cryptographic Provider KSP SafeNet Smart Card Key Storage Provider 3 Right click the required certificate and from the shortcut menu select Set as CSP or Set as KSP The Token Logon window opens 4 Enter the Token Password and click OK The supported cryptographic provider is set 3 Token Management Setting a Certificate as KSP or CSP Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 86 Dd gt Setting a Certificate as Default or Auxiliary Windows only If there are multiple certificates on the token you can determine which one is set as Defau t and which is set as Auxiliary Each option is enabled only if the action can be performed on that particular certificate or key The following table describes the use of these settings NOTE iKey does not support Auxiliary certificates It treats an Auxiliary certificate as a Default certificate Setting Description Scenario Default Smart card logon uses the certificate defined as Your token contains two certificates One is to logon to the Default domain A and the other
42. SafeNet Authentication Client Version 9 0 GA Windows Linux and Mac OG M4 1 Dd vp Copyright 2015 SafeNet Inc All rights reserved All attempts have been made to make the information in this document complete and accurate SafeNet Inc is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions The specifications contained in this document are subject to change without notice SafeNet and SafeNet Authentication Client are either registered with the U S Patent and Trademark Office or are trademarks of SafeNet Inc and its subsidiaries and affiliates in the United States and other countries All other trademarks referenced in this Manual are trademarks of their respective owners SafeNet Hardware and or Software products described in this document may be protected by one or more U S Patents foreign patents or pending patent applications Please contact SafeNet Support for details of FCC Compliance CE Compliance and UL Notification Document Name SAC 9 0 GA User s Guide Windows Linux and Mac Document Part Number 007 012831 001 Revision B Date of publication February 2015 Last update Sunday February 08 2015 8 58 am O MG 2 gt gt Support We work closely with our reseller partners to offer the best worldwide technical support services Your reseller is the first line of support when you have questions about products and services However if you requ
43. SafeNet Authentication Client incorporates features that were supported by previous releases of eToken PKI Client and SafeNet Borderless Security BSec It provides a unified middleware client for a variety of SafeNet smartcards SafeNet iKey tokens and SafeNet eToken devices SafeNet Authentication Client offers full backward compatibility so that customers who have been using eToken PKI Client or SafeNet Borderless Security Client BSec can continue to use deployed eToken and iKey devices 1 Introduction SafeNet Authentication Client Main Features SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 12 bh What s New SafeNet Authentication Client 9 0 offers the following new features eToken 7300 Flash usage procedures are now supported on Windows Linux and Mac Usage operations performed via all operating systems include Log On to Flash Log Off from Flash CD ROM update Firmware update Windows only eToken 7300 unified bundle is now supported on Mac operating system New Linux operating systems are now supported New and enhanced UI across all platforms Previous versions of SAC supported the QT cross platform framework SAC 9 0 now supports an innovative technology that maintains the unique look and feel of each underlying native platform Windows Linux and Mac Additional custom installation options The installation of SAC 9 0 enables selecting specific customized features t
44. User Storage 1 ce ee eee eee 151 Accessing an Unprotected Flash Partition on Windows 1 0 ccc ees 151 Accessing a Protected Flash Partition on WiNdOWS 1 kc ee es 152 Accessing an Unprotected Flash Partition on Mac a s ees 153 Accessing a Protected Flash Partition on Mac aaaea ees 154 Partitioning the SafeNet eToken 7300 2 2am BAKS EK BER EWE Re Ree 157 Chapter 7 Client Settings cee es 158 Setting Password Quality 4s seu che ewe eek ee Oda ORE bee eee O 159 Copying User Certificates to a Local Store 1 eee ees 161 Copying CA Certificates to a Local Store Windows only 1 0 cece eee 162 Enabling Single LOGON a ks be chee toe DERE RRO Ae ek ee ek ee 163 Allowing Password Quality Configuration on Token after Initialization 1 0 0 0 00 cee eee eee 164 Allowing Only an Administrator to Configure Password Quality on Token 0 0000 cece eee eee 165 Showing the SafeNet Authentication Client Tray Icon s eee 166 Defining Automatic Logoff a a a ae a we ahem Sv ae Gi Mk an oh ah hh ns ow ew hs a 167 Enabling LOGGING Fis te teeta ceoe ede pei beheaded Centers tak ba NLA ANGKAN ERA NAGO GL 168 Chapter 8 Token Settings 000 cee es 171 Setting Token Password Quality na waa aa vo DE hace dvs eee eon boo e Seba be twas Rohe ee Hedeee en 172 Setting Private Data Caching Mode ccc ce eee eee tees 176 Setting RSA Key Secondary Authentication 10 00 0 ce eee 179 SAC 9
45. cation Client Tools Simp e view See Opening the Simple View on page 33 b In the left pane select the required token c Inthe right pane select Change Token Password d Continue with step 4 2 To use the Advanced view to change the Token Password do the following a Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 b Do one of the following e In the left pane select the node of the required token In the right pane click the Change Token Password icon e In the left pane right click the node of the required token and select Change Token Password from the shortcut menu c Continue with step 4 3 To use the tray menu to change the Token Password do the following a Right click the SafeNet Authentication Client tray icon 3 Token Management Changing the Token Password SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 66 Dd Dbl b If more than one token is connected hover over the appropriate token c Select Change Token Password d Continue with step 4 4 The Change Password window opens sues sis Cument Token Password Now Token Patiwod Cortem Password The new Password must comply with the quality settings defined on the token A sonso Password has a least 8 characters oes upper care letters lower case letters numawaki and special characters puch as xi Cunent Language EN Enter a Pasaword 5 Enter th
46. ching field select one of the following options Option Description Always fastest Always caches private information in the application memory This enables fast performance as certain information is cached on the host machine However this option is less secure than if no cache is allowed While user is logged on Caches private data outside the token as long as the user is logged on to the token Once the user logs off all the private data in the cache is erased Never Does not cache private data 8 Token Settings Setting Private Data Caching Mode a ara 3 O Kd 4 177 bh SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc 5 Do one of the following e To save your changes click Save e To ignore your changes click Discard 8 Token Settings Setting Private Data Caching Mode SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 178 gt Dbl Setting RSA Key Secondary Authentication An authentication password may be set for an RSA key In addition to having the token and knowing its Token Password accessing the RSA key may require knowing the password for that particular key This setting defines the policy for using this secondary authentication of RSA keys NOTE This feature is not supported by iKey devices To set RSA key secondary authentication 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advance
47. click OK NOTE The certificate file must be DER encoded or Base64 and not PKCS 7 3 Token Management Exporting a Certificate from a Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 82 gt gt Viewing Supported Cryptographic Providers When you select a token node in the SafeNet Authentication Client Tools Advanced view the cryptographic providers supported by the token KSP or CSP are displayed To see which Cryptographic Providers are supported on the token 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane select the node of the required token 3 Token Management Viewing Supported Cryptographic Providers SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 83 gt Dbl Token data including the supported cryptographic providers is displayed in the right pane SafeNet Authentication Client 6i1 a 49 Satelit Authentication Gert Toos G E CO Gi N B Gr S moO 449 Tokens ae a Mask version 918 012 a Pm Settings Color Black ri LA Saan Supported key size 2048 bas 4 Jane Parker eToken Vituat Token Password hawa Data Objects Token Password retries remaining 15 Settings Maxdmum Token Password retries 15 48 Ghent Settings Token Password expiration No expiration Admeustrator Password Present a Administrator Password retries remaining 15 Mawamum administrator Password
48. click the Set Token Password icon e In the left pane right click the node of the required token and select Set Token Password from the shortcut menu The Administrator Logon window opens 3 Enter the Administrator Password and click OK The Set Token Password Window opens 4 Enter a new Token Password in the Mew Password and Confirm Password fields NOTE The new Token Password must meet Password Quality settings defined for the token 3 Token Management Unlocking a Token by an Administrator SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 94 Dd Dbl 5 Set the Logon retries before token is locked field to the required number NOTE The Logon retries before token is locked feature is available only on CardOS tokens Java card tokens are not supported 6 Click OK A message confirms that the Token Password was changed successfully 7 Click OK The token is unlocked and the user can now log on with the new Token Password 3 Token Management Unlocking a Token by an Administrator J SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc M4 4 95 bd Synchronizing Passwords Windows only NOTE Password synchronization is implemented only in specific installations of SafeNet Authentication Client SafeNet Authentication Client supports synchronization between Token Passwords and domain logon passwords The synchronization process e
49. d SafeNet eToken Virtual token This function is available only if the selected SafeNet eToken Virtual is configured to support this function Synchronize Password Windows Synchronizes your Token Password with your domain password Use this feature only when requested by your administrator 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tray Icon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 4 28 gt Dbl Opening the SafeNet Authentication Client Tray Menu from Windows Linux and Mac To access the shortcut menu from the SafeNet Authentication Client tray icon m Right click the SafeNet Authentication Client tray icon Selecting the Token from the SAC Tray Menu If more than one token is connected select which token to work with To select from multiple tokens in the tray menu 1 Right click the SafeNet Authentication Client tray icon The SafeNet Authentication Client tray menu opens Among the options a list is displayed of the names and serial numbers of the connected tokens Tools About Sarah Adams 00000001 Jane Austin Olde4a2a Exit 2 Hover the mouse over the required token 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tray Icon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 29 gt Dbl Options for the selected token are displayed Tools About Change Token Pa
50. d View on page 38 2 Inthe left pane expand the node of the required token and select Settings 3 In the right pane select the Advanced tab 4 In the RSA key secondary authentication field select one of the following Always Always prompt user Prompt user on application request Never Token authentication on application request 8 Token Settings Setting RSA Key Secondary Authentication SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M44 179 gt Dbl NOTE For an explanation of these options see Chapter 4 Setting the RSA Key Secondary Authentication Field on page 126 5 Do one of the following e To save your changes click Save e To ignore your changes click Discard 8 Token Settings Setting RSA Key Secondary Authentication SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 180 gt gt Licensing Import a SafeNet license for your SafeNet Authentication Client installation In this chapter m Viewing and Importing Licenses 9 Licensing SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 181 gt Db Viewing and Importing Licenses SafeNet Authentication Client installations that do not have a SafeNet license can be used for evaluation only and a message is displayed on all logon windows NOTE After you have copied and saved the license file to the license dialog a
51. d as the default for VPN logon To set a certificate as Default or Auxiliary 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane expand the node of the required token and right click the required certificate 3 From the shortcut menu select Set as Default or Set as Auxiliary The Token Logon window opens 4 Enter the Token Password and click OK The certificate is set as Default or Auxiliary 3 Token Management Setting a Certificate as Default or Auxiliary Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 4 88 gt Dbl Clearing a Default Certificate Windows only If you have set a certificate as Default you can clear the setting and revert to using the previous Default certificate To clear a Default certificate 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane expand the node of the required token 3 Doone of the following Inthe left pane select User Certificates In the right pane click the Reset Default Certificate Selection icon e In the left pane right click User Certificates and select Reset Default Certificate Selection from the shortcut menu 4 The Reset Default Certificate Selection window opens confirming that the Default certificate has been reset 5 Click OK 3 Token Management Clearing a Defaul
52. device is removed from the computer the operating system automatically disconnects the SafeNet eToken Virtual that was automatically connected If the SafeNet eToken Virtual is located on an external storage device in a location other than the eTokenVirtual folder you must connect the SafeNet eToken Virtual manually See Connecting a SafeNet eToken Virtual on page 132 Before removing the storage device you must disconnect the SafeNet eToken Virtual manually See Disconnecting or Deleting a SafeNet eToken Virtual Product on page 134 Otherwise the SafeNet eToken Virtual will be displayed in SafeNet Authentication Client as a token with corrupted data For more information about token icons see Chapter 2 7oken Icons on page 35 5 SafeNet eToken Virtual Using a SafeNet eToken Virtual on an External Storage Device SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 140 gt gt Using an Emulated SafeNet eToken Virtual Certain applications that work with smartcard readers require the SafeNet eToken Virtual to emulate the action of the smartcard reader To use a SafeNet eToken Virtual product with such applications you must use an emulated SafeNet eToken Virtual Typically the emulated SafeNet eToken Virtual is locked to an external storage device By default the emulated SafeNet eToken Virtual cannot be locked to your computer s hard drive as this can cause a malfunction of the Windows logon This
53. dows only Enabling Single Logon Allowing Password Quality Configuration on Token after Initialization Windows and Linux Allowing Only an Administrator to Configure Password Quality on Token Windows and Linux Showing the SafeNet Authentication Client Tray Icon Defining Automatic Logoff Enabling Logging Windows and Linux 7 Client Settings SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 158 gt gt Setting Password Quality The Password Quality feature enables the administrator to set certain complexity and usage requirements for Token Passwords NOTE The Token Password is an important security measure in safeguarding your company s private information The best passwords are at least eight characters long and include upper case and lower case letters punctuation marks and numerals appearing in a random order To set the Password Quality 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane select Client Settings 3 In the right pane select the Password Quality tab The Password Quality tab opens 4 Do one of the following Change the Password Quality settings and click Save 7 Client Settings Setting Password Quality SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ MG 4 159 gt gt TIP The Password Quality settings are configured the same way as the T
54. e current Token Password in the Current Token Password field NOTE If an incorrect password is entered more than a pre defined number of times the token becomes locked 3 Token Management Changing the Token Password SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 67 gt Dbl 6 Enter a new Token Password in the New Token Password and Confirm Password fields NOTE As you type a new password the password quality indicator on the right displays a percentage score of how well the new password matches the password quality requirements 7 Click OK A message confirms that the Token Password was changed successfully 8 Click OK 3 Token Management Changing the Token Password O M4 68 D gt DDI SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc Unlocking a Token by the Challenge Response Method If an incorrect Token Password is entered more than a pre defined number of times the token becomes locked Tokens including SafeNet eToken Virtual tokens can be unlocked if and only if an Administrator Password was set during initialization NOTE iKey devices cannot be unlocked by the Challenge Response method SafeNet eToken Rescue tokens cannot be unlocked CAUTION The administrator can limit the number of times that a token can be unlocked If this number is exceeded the token becomes unusable If the token is a physical token it
55. e data on the token or smartcard SafeNet Authentication Client Tools includes two viewing options Simple view to perform common tasks See Opening the Simple View on page 33 Advanced view for extensive control over SafeNet Authentication Client and your connected tokens See Opening the Advanced View on page 38 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 31 gt Dbl Each view displays two panes m The left pane indicates which token S mp e view or which object Advanced view is to be managed m The right pane enables the user to perform specific actions to the selected token or object A toolbar at the top of the window enables certain actions to be initiated in both views SafeNet Authentication Client Tools Toolbar A toolbar is displayed at the top of the SafeNet Authentication Client Tools window in both Simp e and Advanced views The toolbar contains the following icons Icon Action Advanced View switches from the Simple to the Advanced view Simple View switches from the Advanced to the Simple view Refresh refreshes the data for all connected tokens 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 32 g
56. e device on which it was enrolled SafeNet eToken Virtual Temp identical to a SafeNet eToken Virtual but its certificates become invalid after a pre defined time period 5 SafeNet eToken Virtual Overview of SafeNet eToken Virtual Products SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 131 gt gt Connecting a SafeNet eToken Virtual To use your SafeNet eToken Virtual product as a token connect its file to SafeNet Authentication Client Under certain conditions the token is connected automatically See Using a SafeNet eToken Virtual on an External Storage Device on page 140 To connect a SafeNet eToken Virtual token from the file 1 Double click the SafeNet eToken Virtual etvp or eToken Rescue etv file The SafeNet eToken Virtual or eToken Rescue connects to the computer and displays a confirmation message 2 Click OK 5 SafeNet eToken Virtual Connecting a SafeNet eToken Virtual SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 132 gt gt To use SafeNet Authentication Client Tools to connect a SafeNet eToken Virtual 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Do one of the following In the left pane select the Tokens node In the right pane click the Connect SafeNet eToken Virtual icon O e Inthe left pane right click the Tokens node and select Connect SafeNet
57. e right pane select the Password Quality tab The Password Quality tab opens 4 Enter the password quality parameters as follows Password Quality Parameter Description Minimum length characters Default 6 characters 8 Token Settings Setting Token Password Quality SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 172 gt Dbl Password Quality Parameter Description Cont Maximum length characters Default 16 characters Maximum usage period days The maximum period in days before which the password must be changed Default 0 none For iKey devices the periods are rounded up to periods of weeks 7 days even though the period is displayed in days For example if the period is displayed as less than a week say 6 days iKey regards it as a week If the period is more than two weeks say 15 days iKey regards it as three weeks Minimum usage period days The minimum period before the password can be changed Default 0 none For iKey devices the periods are rounded up to periods of weeks See row above for more information Expiration warning period days Defines the number of days before the password expires that a warning message is shown Default 0 none History size Defines how many previous passwords must not be repeated Default For eToken devices 10 For iKey devices 6 8 Token Settings Setting Token Password Q
58. eNet eToken 7300 device connecting the device to your computer initiates a launcher application that enables the SafeNet eToken 7300 flash tray icon to be displayed Running the Launcher to Open the Tray Icon on Windows After connecting the SafeNet eToken 7300 device you can run the launcher application from the eToken 7300 s AutoPlay window or from the eToken 7300 gt SafeNet Authentication Client folder To run the launcher from the eToken 7300 s AutoPlay window 1 If the SafeNet eToken 7300 device is not connected connect it and wait until the operating system recognizes it NOTE If your operating system does not recognize your token a message may be displayed instructing you to restart your computer To prevent this message from being displayed in the future when this token is connected restart your computer The eToken 7300 s AutoPlay window opens 6 SafeNet eToken 7300 SafeNet eToken 7300 Launcher SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 144 gt Dbl Continue with step 3 NOTE If the device s user storage is not password protected the ETOKEN 7300 s AutoPlay window opens also 2 If the eToken 7300 s AutoPlay window is not open from the computer directory window right click the SafeNet drive s eToken 7300 icon and from the drop down menu select Open AutoPlay 3 Select Run Launcher exe In the menu bar the SafeNet eToken 7300 flash tray icon i
59. eToken Virtual Product Using a SafeNet eToken Virtual to Replace a Lost Token Unlocking a SafeNet eToken Virtual Generating a One Time Password OTP Using a SafeNet eToken Virtual on an External Storage Device Using an Emulated SafeNet eToken Virtual Windows only 5 SafeNet eToken Virtual SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc QO M4 4 130 gt D Overview of SafeNet eToken Virtual Products SafeNet Authentication Client supports tokens from the SafeNet eToken Virtual family These tokens are stored as files on your computer or on an external storage device The following types of software tokens are available SafeNet eToken Rescue provides a solution when a staff member loses or damages their token when away from the office A SafeNet eToken Rescue is a read only token which functions for a limited period of time You cannot import certificates to it NOTE On a Mac System SafeNet eToken Rescue must be run from a folder where the user has read write permissions If not it will not be recognized by Mac Keychain Access SafeNet eToken Virtual performs all the functions of an eToken NG OTP It can store the same data including key pairs and certificates Its configuration may enable it to support OTP generation A SafeNet eToken Virtual is locked to a particular computer or storage device such as a flash drive This means that it can be used only on the computer or storag
60. ed tab opens 4 Select Copy user certificates to a local store 5 Do one of the following e To save your changes click Save e To ignore your changes click Discard 7 Client Settings Copying User Certificates to a Local Store SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 161 gt gt Copying CA Certificates to a Local Store Windows only When a token is connected to a computer the system may detect that one or more CA certificates that are installed on the token are not installed on the computer Use the Copy CA certificates to a local store option to control the automatic installation of the token s CA certificates to the local certificate store upon token connection NOTE Microsoft displays a security warning when it detects that CA certificates are be installed to the local store To permit the certificates to be installed from the token the user must click Yes This option is selected by default To automatically install the token s CA certificates to the local store 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane select Client Settings In the right pane select the Advanced tab Select Copy CA certificates to a local store u amp WN Do one of the following e To save your changes click Save e To ignore your changes click Discard 7 Client Settings Copying CA Certificates to a L
61. ees a s 79 Exporting a Certificate from a Token cscs cee eee ee eee ee ee ee eS eS 82 Viewing Supported Cryptographic Providers 00 cece eee es 83 Setting a Certificate as KSP or CSP Windows Only 0 ccc ees 85 Setting a Certificate as Default or Auxiliary Windows only 0 0 cece ees 87 Clearing a Default Certificate Windows Only 1 cc ee eee 89 Deleting a Certificate AG a a aa sv a 90 Logging On to the Token as an Administrator 0 ce ees 91 Changing the Administrator Password 0 cc eee 93 Unlocking a Token by an Administrator wick ade che SWE a ee RR de eee Re NG 94 Synchronizing Passwords Windows Only sasssa saaa eaaa 96 Working with IdenTr St icc NGA KARD PADRE KAL a KAG BADA e DD DAD ae ERROR ERD howe 98 Using the Identity PIN Legacy eee eee eee ens 98 Changing the Identity PIN ssia 6 6 a4 sadaa are ae eda DI RG Re eRe Eee KURA LAGA 98 Unblocking the Identity PIN 0 0 es 99 Reader Settings ise raat hh st AA i atest fhe sn av ap Se che st ta 100 Chapter 4 Token Initialization 0 0 00 es 103 Overview of Token Initialization 6 00 sama NG KIES Kawa eek oP HO sO be be Sas ECS OE STOR OSS aS 104 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 6 Dd Dbl Configuring Initialization SETTINGS 0a 2a 6 Gece eee ee REE ee KS 105 Setting the RSA Key Secondary Authentication Field 0 0 0 ccc eee eens 126 Chapter 5 SafeNet eToken
62. ent Settings Enabling Logging SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 170 gt Dbl Token Settings Configurations set in the selected token s Settings tab determine behavior that applies to the specific token For configurations set in C ient Settings that apply the settings to all tokens that are initialized after the settings have been configured see Chapter 7 Client Settings on page 158 In this chapter m Setting Token Password Quality m Setting Private Data Caching Mode m Setting RSA Key Secondary Authentication Windows only 8 Token Settings SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 171 gt gt Setting Token Password Quality If a token is initialized after Token Password quality parameters are set for the token all future Token Passwords are automatically checked against these parameters to determine the password s level of acceptability If a token was initialized in early eToken PKI Client versions RTE no password policy is stored on the token If an iKey token was initialized in BSec Utilities its password quality parameters will continue to be supported by SafeNet Authentication Client To set password quality for a token 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Inthe left pane expand the node of the required token and select Settings 3 In th
63. ermissions on a token No changes to any user information can be made by the administrator nor can the user s security be affected The administrator can change only specific data stored on the token only by using the following functions Changing the Administrator Password not supported by iKey devices Unlocking a Token by an Administrator Unlocking a Token by the Challenge Response Method Setting Token Password Quality Setting Private Data Caching Mode Setting RSA Key Secondary Authentication To log on to a token as an administrator 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 3 Token Management Logging On to the Token as an Administrator SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 91 gt gt 2 Do one of the following Inthe left pane select the node of the required token In the right pane click the Log On as Administrator icon e In the left pane right click the node of the required token and select Log On as Administrator from the shortcut menu 3 The Administrator Logon window opens 4 Enter the token s Administrator Password and click OK You are logged on as an administrator 3 Token Management Logging On to the Token as an Administrator SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 92 gt gt Changing the Administrator Password If you are logged on to a token as a
64. guration by the user also clear Allow only an administrator to configure password quality on token Do one of the following e To save your changes click Save e To ignore your changes click Discard 7 Client Settings Al owing Only an Administrator to Configure Password Quality on Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 165 gt Dbl Showing the SafeNet Authentication Client Tray Icon You can determine whether the SafeNet Authentication Client tray icon is displayed To show the SafeNet Authentication Client tray icon 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Inthe left pane select Client Settings 3 In the right pane select the Advanced tab 4 In the Show application tray icon drop domn list select one of the following Never The tray icon is never displayed e Always The tray icon is always displayed 5 Do one of the following e To save your changes click Save e To ignore your changes click Discard 7 Client Settings Showing the SafeNet Authentication Client Tray Icon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 166 gt Dbl Defining Automatic Logoff You can determine whether tokens are automatically logged off following a period of token inactivity even if the tokens are still connected After a token is logged off the user must enter the Token Password agai
65. he SafeNet eToken 7300 Tray Menu If more than one token is connected select which token to work with To select from multiple tokens in the SafeNet eToken 7300 tray menu 1 Right click the SafeNet eToken 7300 flash tray icon 2 The SafeNet eToken 7300 shortcut menu opens Among the options a list is displayed of the names and serial numbers of the connected SafeNet eToken 7300 tokens 3 Hover the mouse over the required token Options for the selected token are displayed 4 Select the required option Closing SafeNet eToken 7300 The SafeNet eToken 7300 flash tray icon closes automatically when all connected SafeNet eToken 7300 devices are disconnected To close the SafeNet eToken 7300 tray icon manually 1 Right click the SafeNet eToken 7300 flash tray icon and from the shortcut menu select Exit A warning message is displayed 2 Click OK 6 SafeNet eToken 7300 SafeNet eToken 7300 Tray Menu SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 150 gt Dbl SafeNet eToken 7300 User Storage The SafeNet eToken 7300 device includes a flash partition for the storage of user data The flash partition can be password protected Accessing an Unprotected Flash Partition on Windows To access a SafeNet eToken 7300 device s user storage that is not password protected 1 Connect the SafeNet eToken 7300 device and wait until the operating system recognizes it The ETOKEN 7300 s AutoPlay window o
66. he user enters the Token Password Portable office secure remote access to corporate resources combined with a fully bootable secure portable office environment that is stored on the token m Secure documents and data Secure access combined with encrypted storage for sensitive documents and data SafeNet eToken 7300 devices that have been initialized using SafeNet Authentication Client 9 0 work seamlessly on computers running either Windows or Mac operating systems If SafeNet Authentication Client is not installed on your computer connect your SafeNet eToken 7300 device and run the built in launcher application This application temporarily installs the SafeNet eToken 7300 tray menu for token management If the token s user storage has been password protected you must log on to your token to access its contents NOTE The SafeNet eToken 7300 initialization process always initializes the smartcard and partitions the flash drive If partitioning settings are not set before the initialization proceeds the default partitioning settings are used In Windows 8 1 environments SafeNet eToken 7300 devices earlier than version 9 0 35 can be used only when SafeNet Authentication Client is installed 6 SafeNet eToken 7300 Introduction to SafeNet eToken 7300 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 143 gt Dbl SafeNet eToken 7300 Launcher Depending on the configuration of your Saf
67. ht click the SafeNet Authentication Client tray icon The SafeNet Authentication Client tray menu opens Select Generate OTP The Generate OTP window opens z Spfenet SafeNet Authentication Client Genero ore ose Click Generate OTP The Token Logon window opens Enter the Token Password and click OK 5 SafeNet eToken Virtual Generating a One Time Password OTP SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc QO MG 4 138 gt IN A unique OTP is generated and it is displayed in the Generate OTP window 5 Copy the OTP to authenticate yourself to your application NOTE Depending on your SafeNet Authentication Client configuration you may need to include other secure information such as your OTP PIN or Windows password 6 Click Close to close the Generate OTP window 5 SafeNet eToken Virtual Generating a One Time Password OTP SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 139 gt gt Using a SafeNet eToken Virtual on an External Storage Device The operating system automatically connects a SafeNet eToken Virtual product when all of the following conditions are met m The SafeNet eToken Virtual file is locked to an external storage device such as a flash drive m The file is located in the eTokenvirtual folder on the storage device m The storage device is connected to the computer When the storage
68. ing Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O Kd 4 128 gt IN RSA Key Secondary Authentication settings Setting Description Token Secondary passwords are not created for new RSA keys a When using the certificate the user must authenticate once using the Token Password ion on application When using an RSA key generated by an application that When using an RSA key that was not request requires secondary passwords for strong private key protec generated by an application that tion such as Crypto API with a user protected flag or the PKCS 11 CKA_ALWAYS_AUTHENTICATE attribute the user must authenticate using the Token Password for each operation that requires the RSA key requires secondary passwords for strong private key protection no additional authentication is required for operations that require the RSA key 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M 4 129 gt Dp SafeNet eToken Virtual SafeNet Authentication Client supports the SafeNet eToken Virtual line of products This includes SafeNet eToken Virtual and eToken Rescue tokens To obtain a SafeNet eToken Virtual file contact your administrator In this chapter Overview of SafeNet eToken Virtual Products Connecting a SafeNet eToken Virtual Disconnecting or Deleting a SafeNet
69. ion Client Tools Advanced view See Opening the Advanced View on page 38 5 SafeNet eToken Virtual Disconnecting or Deleting a SafeNet eToken Virtual Product SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 134 gt Dbl b Do one of the following e In the left pane select the node of the required SafeNet eToken Virtual or eToken Rescue token In the right pane click the Disconnect SafeNet eToken Virtual icon O e In the left pane right click the node of the required SafeNet eToken Virtual or eToken Rescue token and select Disconnect from the shortcut menu c Continue with step The Disconnect SafeNet eToken Virtual window opens 3 Do one of the following e To keep the SafeNet eToken Virtual or eToken Rescue file on the computer or device for later use click Disconnect Only the token connection to SafeNet Authentication Client is disconnected It can be reconnected later See Connecting a SafeNet eToken Virtual on page 132 e To disconnect the token from SafeNet Authentication Client and also remove the SafeNet eToken Virtual or eToken Rescue file from the computer click Delete After a SafeNet eToken Virtual or eToken Rescue is deleted it cannot be reconnected later A new file must be installed before it can be connected 5 SafeNet eToken Virtual Disconnecting or Deleting a SafeNet eToken Virtual Product SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O
70. ion box 9 Licensing Viewing and Importing Licenses SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 183 gt Dbl
71. ire additional assistance you can contact us directly at Telephone You can call our help desk 24 hours a day seven days a week USA 1 800 545 6608 International 1 410 931 7520 Email You can send a question to the technical support team at the following email address support safenet inc com Website You can submit a question through the SafeNet Support portal https serviceportal safenet inc com Additional Documentation The following SafeNet publications are available m SafeNet Authentication Client 9 0 GA Administrator s Guide m SafeNet Authentication Client 9 0 GA Customer Release Notes CRN O MG 3 gt gt Table of Contents Chapter 1 Introduction cat ws te Ria wet wh Sw A a wa ee KA wel ame ese este ewe 10 OVETVIEW bch het sarin cm eres peony st he ssh is MAR atc Pom leaf A Go a Ae nS yd a AG ae che mh tape 11 SafeNet Authentication Client Main FeatureS 0 ee ees 12 What s NEW vic dada cack ea a ae cua tadi nomai ale KAB ee A a eee OE Oa ee a 13 Supported BrOwWSeFS s cia tee hth EEE ee eee OR Eee a ee we IG HAAN WA 15 Supported Platforms cn aan kA KN wale ed Oak ace Ree ele wee Goad aa wk ek Swe Mere ee he 16 Tableta so seks 2 2 8 506 a anton ate ee HAG ADA NAL aes SB KALABAN ewer Ba SMe eee kee Beak ae ets 17 Thin Cents vi 3 a hic t02 god daed ABR DULA Gis da doesw Dace w ieee bad owed haw PRRD oa ga ed hat NG 17 Supported TOKENS sctetvsciaSooee 9 he Hake keane CSRS Oho 8 be bv bee eS ESSES S
72. is not installed and the launcher application is not run 3 Click the icon NOTE If the Log On to Token window opens re enter the Token Password 6 SafeNet eToken 7300 SafeNet eToken 7300 User Storage SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 155 gt Dbl The user storage contents are displayed S gt Gl Music for listening Dec 16 2013 6 20 PM ID Ali My Files gt i Vintage music Dec 3 2013 5 44 AM Remote Disc ETOKEN 7300 eToken 7300 6 SafeNet eToken 7300 SafeNet eToken 7300 User Storage SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M 4 156 gt IN Partitioning the SafeNet eToken 7300 For details on how to partition the eToken 7300 see Chapter 4 Token Initialization 6 SafeNet eToken 7300 Partitioning the SafeNet eToken 7300 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 157 gt Db Client Settings Client Settings are parameters that are saved to the computer and apply to all tokens that are initialized on the computer after the settings have been configured Use token settings to determine behavior that applies to a specific token See Chapter 8 Token Settings on page 171 In this chapter Setting Password Quality Windows and Linux Copying User Certificates to a Local Store Copying CA Certificates to a Local Store Win
73. lely to identify the token TIP If you have more than one token we recommend assigning each one a unique token name To rename a token 1 To use the Simple view to rename a token do the following a Open SafeNet Authentication Client Tools Simp e view See Opening the Simple View on page 33 b In the left pane select the required token c Inthe right pane select Rename Token d Continue with step 2 To use the Advanced view to rename a token do the following a Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 3 Token Management Renaming a Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 63 gt Dbl b Do one of the following e Inthe left pane select the node of the required token In the right pane click the Rename Token icon N e Inthe left pane right click the node of the required token and select Rename Token from the shortcut menu c Continue with step The Token Logon window opens 3 Enter the Token Password and click OK The Token Rename window opens 4 Enter the new name in the New token name field and click OK The new token name is displayed in the SafeNet Authentication Client Tools window 3 Token Management Renaming a Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 64 Dd Dbl Changing the Token Password TIP The term 7oken Password may be re
74. lic file is generated in your home directory You can view your licenses and import new ones using the SafeNet Authentication Client About window To view and import licenses 1 Do one of the following Right click the SafeNet Authentication Client tray icon and from the shortcut menu select About Open SafeNet Authentication Client Tools See Opening the Advanced View on page 38 On the toolbar click the About icon i The About window opens displaying your license information in the License Information box 9 Licensing Viewing and Importing Licenses SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 182 gt gt Eeoa A SpfeNet SafeNet Authentication Client Satehet Athertication Cert 9 0 9 0 36 0 Copynght 2015 Safetiet Inc bitte nnnw safenet ine com Al nts reserved License nfomution License date Sun An 12 16 10 47 2011 Licensed to Dean Test 22562 2 To import a new license select Import New License The Jmport License window opens 3 Do one of the following e If the SafeNet license box is automatically filled click OK Copy your new SafeNet license string to the license box and click OK e Click Import from File browse to the file containing your license open it to copy its contents to the license box and click OK The About window opens displaying your updated license information in the License Informat
75. log To activate the logging function on a Windows System 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane select Client Settings 3 In the right pane select the Advanced tab and click Enable Logging NOTE You must restart your machine for the settings to take effect 7 Client Settings Enabling Logging SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ MG 4 168 gt gt To disable the logging feature on a Windows System 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 In the left pane select Client Settings 3 Inthe right pane select the Advanced tab and click Disable Logging To activate the logging feature manually on a Linux System 1 Edit the following file etc eToken cont file 2 Add the following LOG Enabled 1 To disable the logging feature manually on a Linux System 1 Edit the following file etc eToken conf file 2 Add the following LOG Enabled 0 7 Client Settings Enabling Logging SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 169 bA To activate the logging feature manually on a Mac system NOTE The file must be opened using Administrator write privileges only 1 Edit the following file etc eToken conf file 2 Add the following LOG Enabled 0 7 Cli
76. mation and license information and enables license import m Token selection allows you to select one of the connected tokens to be the active token This function is available only when more than one token is connected m Change Token Password opens the Change Password window for the selected token See Chapter 3 Changing the Token Password on page 65 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tray Icon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 4 27 gt Dbl m Unlock Token opens the Unlock Token window for the selected token See Chapter 3 Unlocking a Token by the Challenge Response Method on page 69 m Certificate Information opens the 7oken Certificate Information window for the selected token m Log On to Flash Log Off from Flash displayed when a SafeNet eToken 7300 having a password protected flash partition is connected Opens the Log On to Token window for the selected token See Chapter 3 Logging On to the Token as a User on page 61 m Exit closes SafeNet Authentication Client and the tray icon The following functions may be displayed depending on the configuration of your system SAM Agent Windows launches the SAM Desktop Agent application For more information see the SafeNet Authentication Manager User s Guide m Delete Token Content removes the deletable data from the selected token Generate OTP generates an OTP on the selecte
77. n administrator you can change the token s Administrator Password To change the Administrator Password 1 2 Open SafeNet Authentication Client Tools Advanced view Do one of the following e Inthe left pane select the node of the required token In the right pane click the Change Administrator Password icon e In the left pane right click the node of the required token and select Change Administrator Password from the shortcut menu The Change Administrator Password window opens Enter the current Administrator Password in the Current Administrator Password field NOTE If an incorrect Administrator Password is entered more than a pre defined number of times the token becomes locked Enter the new password in the New Administrator Password and Confirm Password fields Click OK A message confirms that the password was changed successfully Click OK 3 Token Management Changing the Administrator Password SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 93 Dd gt Unlocking a Token by an Administrator If you are logged on to a token as an administrator you can unlock the token by setting a new Token Password To unlock a token by setting a new Token Password 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Doone of the following e In the left pane select the node of the required token In the right pane
78. n before the token contents can be accessed To define the automatic logoff setting 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane select Client Settings In the right pane select the Advanced tab In the Automatic logoff after token inactivity drop down list select one of the following Never The Token Password must be entered once and the token remains logged on as long as it remains connected Always The Token Password must be entered each time the token contents are accessed After The Token Password must be entered if the number of minutes set in the text box has passed since the last token activity Set the number of minutes in the text box 1 254 Do one of the following e To save your changes click Save e To ignore your changes click Discard 7 Client Settings Defining Automatic Logoff SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 167 gt Dbl Enabling Logging The logging function creates a log of SafeNet Authentication Client activities NOTE You must have administrator privileges to use the logging function Ona Linux operating system the Enable Logging feature is activated only if the eToken conf file is configured with write privileges For Windows The log files are located in c WINDOWS Temp eToken log For Linux The log files are located in tmp eToken 1
79. n of the token 20 Under Default Initialization Key complete the fields as follows Field Description Use default initialization Select this option if the Initialization Key was not changed from its default during key the previous token initialization The factory set default is used as the key for the current token initialization Use this initialization key Enter the Initialization Key configured in the 7his Va ue field during the previous token initialization Change the key for the Default Revert to the factory set default so that the user is not required to next initialization to enter an Initialization Key during subsequent token initializations Random If selected it will never be possible to re initialize the token This Value Select and confirm a unique key During subsequent token initializations the user must enter this key in the Use this Initialization Key field NOTE The initialization key minimum length is 4 21 Click Next 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 121 gt gt The eToken 7300 Partitioning Settings window opens Indialize Token eToken 7300 Partitioning Setting Paman eeeuesoyred ot prenet SafeNet Authentication Client aisa Use this tool to divide the takan s flash deve nto a DVD patton and a user storage patton OVO Pa
80. n window for the selected token Log On to Flash Log Off from Flash displayed when a SafeNet eToken 7300 having a password protected flash partition is connected Opens the Log On to Token window for the selected token See Chapter 3 Logging On to the Token as a User on page 61 6 SafeNet eToken 7300 SafeNet eToken 7300 Tray Menu SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 148 gt Dbl Explore Flash this option opens Windows explorer and becomes available only when you have selected the Log On to Flash option m Exit closes the SafeNet eToken 7300 flash tray icon NOTE The SafeNet eToken 7300 shortcut menu options are identical to the SafeNet Authentication Client tray menu options for the connected token Using the SafeNet eToken 7300 Tray Icon After the launcher application is run the SafeNet eToken 7300 flash tray icon is displayed in the menu bar The SafeNet eToken 7300 flash tray icon offers a shortcut menu to the application s functions NOTE When using a Mac operating system click the SafeNet eToken 7300 icon do not right click it To open the SafeNet eToken 7300 tray menu m Right click the SafeNet eToken 7300 icon The SafeNet eToken 7300 shortcut menu opens 6 SafeNet eToken 7300 SafeNet eToken 7300 Tray Menu SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 149 gt Dbl Selecting the Token from t
81. nformation click the cursor in the target application and paste the information 6 Click OK 3 Token Management Viewing and Copying Token Information SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 60 Dd Dbl Logging On to the Token as a User You must log on to the token before you can use or change its token content To log on as a user 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 NOTE If the Log Off from Token icon or the Log Off option is displayed you are already logged on to the token 2 Do one of the following e Inthe left pane select the node of the required token In the right pane click the Log On to Token icon e In the left pane right click the node of the required token and select Log On from the shortcut menu 3 The Token Logon window opens 3 Token Management Logging On to the Token as a User SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 61 Dd gt j See4UGS SVE CASS 60600 0TH o KI Noe Smith eToken 7300 Current Language EN 4 Enter the Token Password and click OK You are logged on to the token 3 Token Management Logging On to the Token as a User SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 62 gt gt Renaming a Token The token name does not affect the token contents It is used so
82. nsures that a single password is used for logging on to both the token and the Windows domain The process enforces the password complexity requirements that were set for the token and SafeNet Authentication Client NOTE The new password must meet the complexity requirements for the token and the domain You must have access to the domain when changing the password Password Synchronization is not set by default and therefore requires specific configuration by an administrator For more information on how to Synchronize Passwords see the SafeNet Authentication Manager Administrator s Guide To synchronize passwords 1 Right click the SafeNet Authentication Client tray icon The SafeNet Authentication Client tray menu opens 2 Select Synchronize Password 3 Token Management Synchronizing Passwords Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 96 Dd Dbl The Synchronize Passwords window opens 3 Enter the current Token Password and the current domain password 4 Enter the new Token Password and confirm it 5 Click OK You now have a single password for logging on to your token and Windows domain Every time you change your Token Password using SafeNet Authentication Client your domain logon password is changed to the same value 3 Token Management Synchronizing Passwords Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet
83. o be installed For example BSec compatibility mode is now available through the custom installation options Installation file size reduced The Windows and Linux installation file size has been reduced significantly Mac Yosemite support SAC 9 0 now supports the MAC Yosemite operating system 1 Introduction Whats New SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 13 gt Dbl m Sac Mac custom installation and configuration installation file This is a separate custom installation file which enables administrators to distribute the SAC license and configuration installation file SafeNet Authentication Client Customization 9 0 mpkg to the organization For details on how the administrator creates this file see the SAC Administrator s Guide 1 Introduction Whats New SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 14 gt Dbl Supported Browsers SafeNet Authentication Client 9 0 Windows supports the following browsers m Firefox m Internet Explorer 7 8 9 10 11 Metro m Chrome version 14 and later for authentication only does not support enrollment SafeNet Authentication Client 9 0 Linux supports the following browsers m Firefox SafeNet Authentication Client 9 0 Mac supports the following browsers m Safari m Firefox Chrome 1 Introduction Supported Browsers SAC 9 0 GA User s Guide 007 012831 001 Revision B 201
84. o several token operations The SafeNet Authentication Client tray icon is displayed in the Windows taskbar as follows No Tokens Connected One Token Connected Multiple Tokens Connected 9 9 Running the SafeNet Authentication Client Monitor The SafeNet Authentication Client tray icon is displayed only when the SafeNet Authentication Client Monitor is running NOTE If SafeNet Authentication Client is open and the tray icon is not displayed in the Windows taskbar see Chapter 7 Showing the SafeNet Authentication Client Tray Icon on page 166 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tray Icon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 26 gt dpi To open SafeNet Authentication Client on Windows m From the Windows taskbar select Start gt Programs gt SafeNet gt SafeNet Authentication Client gt SafeNet Authentication Client To open SafeNet Authentication Client on Linux m Select Applications gt SafeNet gt SafeNet Authentication Client To open SafeNet Authentication Client on Mac m From the Mac desktop select Go gt Applications gt SafeNet gt SafeNet Authentication Client gt SafeNet Authentication Client SAC Tray Menu Functions The following functions can be accessed quickly by right clicking the tray menu m Tools opens SafeNet Authentication Client Tools About displays product version infor
85. ocal Store Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ M4 4 162 gt gt Enabling Single Logon When single logon is enabled users can access multiple applications with only one request for the Token Password during each computer session This alleviates the need for the user to log on to each application separately This option is disabled by default NOTE When single logon is set using SafeNet Authentication Client Tools Windows Logon is not included in the single logon process Only an administrator can configure Windows Logon as single logon To enable single logon 1 ue amp WN Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane select Client Settings In the right pane select the Advanced tab Select Enable Single Logon Do one of the following To save your changes click Save e To ignore your changes click Discard To activate the single logon feature log off from the computer and log on again 7 Client Settings Enabling Single Logon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 163 gt Dbl Allowing Password Quality Configuration on Token after Initialization The A low password quality configuration on token after initialization option determines whether the password quality parameters on the token can be changed after initializa
86. of Common Catena comficates to be stored 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 114 gt bl 14 Select the certification type for formatting the token Field Description Enforce FIPS settings FIPS Federal Information Processing Standards is a U S government approved set of standards designed to improve the utilization and management of computer and related telecommunication systems Enforce Common Criteria Common Criteria an international standard for computer security certification settings When the selected certification type is Common Criteria set the Certificate Import Password and maximum number of certificates for which to reserve space on the token 15 Enter a New Import Password in the New Import Password and Confirm Password fields Define and confirm a Password that must be entered when a Common Criteria certificate is imported to the token The minimum Password length is 4 characters The default value is 1234567890 16 Under Set the maximum number of Common Criteria certificates to be stored complete the fields as follows Field Description Certificates with 1024 bit To reserve adequate space on the token set the maximum number of Common keys Criteria certificates with 1024 bit keys that will be imported to the token Select a number within the range 0 16 4 Token
87. of tasks that can be performed on the active token 3 Select the relevant option from the sub menu 3 Token Management Selecting the Active Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 58 gt gt Viewing and Copying Token Information To view and copy token information 1 To use the Simple view to view token information do the following a Open SafeNet Authentication Client Tools Simple view See Opening the Simple View on page 33 b In the left pane select the required token c In the right pane select View Token Info d Continue with step 3 2 To use the Advanced view to view token information do the following a Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 b In the left pane select the node of the required token c Continue with step 3 3 The Token Information is displayed The information displayed varies according to the type of token NOTE The Unblocking Codes retries remaining field for iKey devices is displayed only when the token is locked 3 Token Management Viewing and Copying Token Information SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 59 gt gt 4 To copy the token information to the clipboard do one of the following Inthe Token Information window click Copy In Advanced view click the Copy to Clipboard icon 5 To paste the copied token i
88. oken Logon window opens 4 Enter the Token Password and click OK The Delete Token Content window opens prompting you to confirm the delete action 5 To continue with the delete process click OK The Delete Token Content window opens confirming that the token content was deleted successfully 6 Click OK to finish 3 Token Management Deleting Token Content SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 78 gt Importing a Certificate to a Token The following certificate types are supported m pfx m pl2 m cer When importing PFX files the private key and corresponding certificate are imported to the token The user is asked if the CA certificates should be imported to the token and the password if it exists that protects the PFX file must be entered For Linux In the case of a CER file which contains only X 509 certificates the program checks if a private key exists on the token If the private key is found the certificate is stored with it If no private key is found you are asked if you want to store the certificate as a CA certificate When downloading a certificate to the computer and then importing the certificate to the token ensure that the certificate is removed from the local store Then reconnect the token before using the certificate to sign and encrypt mail This ensures that the certificate and keys used are those stored on the token and not on the computer
89. oken Password quality settings See Chapter 8 Setting Token Password Quality on page 172 e To ignore your changes click Discard To apply SafeNet Authentication Client s default settings click Set to Default NOTE When entering a value in the Expiry warning period field you must make sure that a value is also entered in the Maximum usage period field If no value is entered in the Maximum usage period field an error message appears 7 Client Settings Setting Password Quality SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 160 gt Db Copying User Certificates to a Local Store SafeNet Authentication Client operations often require certificates private keys and public keys Private keys should always be stored securely on the token Certificates should also be stored on the token ensuring that the certificates are readily available when using the token on a different computer Use the Copy user certificates to a local store option to control the automatic installation of the token s user certificates to the local certificate store upon token connection This option is selected by default To automatically install the token s user certificates to the local store 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Inthe left pane select Client Settings 3 In the right pane select the Advanced tab The Advanc
90. pending on the type of token being initialized certain settings may not be enabled e If a customized version of SafeNet Authentication Client is installed the graphics you see may be different from those displayed in this guide To initialize a token 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Doone of the following e In the left pane select the node of the required token In the right pane click the Initialize Token icon Inthe left pane right click the node of the required token and select Initialize Token from the shortcut menu 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 105 gt Dbl The Initialization Options window opens allowing you to select how to initialize the token NOTE Initializing a token deletes all objects that were created on the Smart Card while the token was in use wl eeewes sired Or prenet SafeNet Authentication Client NG Warming This operation wil delete all token content Pinasa choose the way you wart to ntulize the token Preserve the token settings and policies Cortigure al inibalkzabon setings and polices 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O Ka 4 106 gt dbl 3 Select either one of
91. pens NOTE If the SafeNet eToken 7300 device s flash partition is not password protected the contents can be accessed even if SafeNet Authentication Client is not installed and the launcher application is not run 2 Doone of the following Inthe ETOKEN 7300 s AutoPlay window select Open folder to view files From the computer directory window open the SafeNet eToken 7300 device s folder ETOKEN 7300 The user storage contents are displayed 6 SafeNet eToken 7300 SafeNet eToken 7300 User Storage SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 151 gt gt Accessing a Protected Flash Partition on Windows If the SafeNet eToken 7300 device s flash partition is password protected the contents of the flash can be accessed only after logging on to the token To access a SafeNet eToken 7300 device s user storage that is password protected 1 Click the SafeNet eToken 7300 flash tray icon and for the appropriate device select Log On to Token 2 Log on to the token NOTE If SafeNet Authentication Client is installed you can use the SafeNet Authentication Client tray menu to log on to your token See Chapter 2 SafeNet Authentication Client Tray Icon on page 26 6 Ona Linux operating system only the SAC Tray icon can be used to log onto an eToken 7300 If SafeNet Authentication Client is not installed use the SafeNet eToken 7300 flash tray menu to log on to yo
92. placed by another term for example 7oken PIN depending on your SafeNet Authentication Client configuration SafeNet eTokens are supplied with an initial default Token Password In most organizations the initial Token Password is 1234567890 To ensure strong two factor security it is important for the user to change the initial Token Password to a private password as soon as the new token is received When a Token Password has been changed the new password is used for all token applications involving the token It is the user s responsibility to remember the Token Password Without it the token cannot be used The administrator can set a token s Password Quality settings to certain password complexity and usage requirements NOTE The Token Password is an important security measure in safeguarding your company s private information The best passwords are at least eight characters long and include upper and lower case letters special characters such as punctuation marks and numbers appearing in a random order We recommend against using passwords that can be easily discovered such as names or birth dates of family members 3 Token Management Changing the Token Password SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 65 gt Dbl To change a token s Token Password 1 To use the Simple view to change the Token Password do the following a Open SafeNet Authenti
93. played Only certificates that can be imported on to the token are listed These are Certificates with a private key already on the token Certificates that can be imported from the computer together with their private key 7 If you select Import a certificate from a file the Certificate Selection window opens Select the certificate to import and click Open 8 Ifthe certificate requires a password the Password window opens Enter the certificate password and click OK 9 If the certificate is a Common Criteria certificate the Import PIN window opens Enter the token s Import PIN defined during token initialization and click OK The default value is 1234567890 10 All requested certificates are imported and a message confirms that the import was successful 3 Token Management Importing a Certificate to a Token SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 81 gt Dbl Exporting a Certificate from a Token To export a certificate 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane expand the node of the required token Do one of the following Select the required certificate and click the Export Certificate icon Fl Right click the required certificate and select Export Certificate from the shortcut menu The Save As window opens Select the location to store the certificate enter a file name and
94. played in this guide 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 34 gt Dp When at least one token is connected an icon representing each connected token is displayed in the left pane The selected token is marked by a shaded rectangle Token Icons The icon displayed indicates the type of token that is connected Icon Token Type SafeNet eToken 7100 SafeNet eToken NG Flash SafeNet eToken 7300 SafeNet eToken 5100 5105 SafeNet eToken PRO SafeNet eToken Virtual without OTP support SafeNet eToken 5200 5205 HID SafeNet iKey 2032 2032u 2032i SafeNet iKey 4000 SafeNet eToken 5200 5205 SafeNet eToken PRO Anywhere SafeNet eToken 7200 SafeNet eToken NG Flash Anywhere SafeNet eToken 7000 SafeNet eToken NG OTP SafeNet eToken Virtual with OTP support c w E EE SafeNet eToken Virtual Temp 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 35 gt gt Icon Cont Token Type Cont SafeNet eToken Rescue Smartcard reader no card connected Smartcard reader card connected SafeNet eToken 4100 SafeNet eToken PRO Smartcard SafeNet SC330 SafeNet SC400 3 WV VY A
95. rd and Confirm Password fields 8 If the new password is known to others and must be changed select Token Password must be changed on first logon 9 Click OK A message confirms that the token was unlocked successfully 10 Click OK 3 Token Management Unlocking a Token by the Challenge Response Method SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 73 gt Dbl Unlocking an iKey Token Initialized Using BSec Utilities An iKey token that was initialized using BSec Utilities can be unlocked if it was configured with unblocking codes Linux doesn t support ikey tokens but ikey smart cards are supported Windows and Mac supports all tokens NOTE iKey Smart Cards are supported by Linux but iKey tokens are not Windows and Mac Operating System support all tokens To unlock an iKey token 1 To use the Simple view to unlock an iKey token do the following a Open SafeNet Authentication Client Tools Simple view See Opening the Simple View on page 33 b In the left pane select the required token c In the right pane select Unlock Token d Continue with step 3 2 To use the Advanced view to unlock an iKey token do the following a Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 3 Token Management Unlocking an iKey Token Initialized Using BSec Utilities SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O
96. riteria and the secondary authentication Always Always prompt user or Prompt upon application request then the secondary authentication setting cannot be changed to Never or Token authentica tion on application request This limitation applies to Common Criteria certificates only Manually set the number of Default disabled reserved RSA keys Set the number of reserved RSA keys to reserve space in the token memory This ensures that there will always be memory available for keys 19 Click Next 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 119 gt gt The Initialization Key Settings window opens Gprenet SafeNet Authentication Client Defat inibalkrabon Key Use Delak intivization Key Use ths mbalzaton key Net Inbabzaten Key E Change the key for the nent intialization to D Dedak Random Use this window to configure Default and Next Initialization Settings 4 Token Initialization Configuring Initialization Settings Ha b SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 120 gt Change the Initialization Key to protect against accidental token re initialization in the future If the Initialization Key is changed from the factory set default value the user will be required to open the Jnitialization Key window and enter the correct key during future initializatio
97. s displayed To run the launcher from the SafeNet Authentication Client folder 1 From the computer directory window open the folder eToken 7300 gt SafeNet Authentication Client 2 Double click Launcher In the menu bar the SafeNet eToken 7300 flash tray icon is displayed 6 SafeNet eToken 7300 SafeNet eToken 7300 Launcher SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 145 gt Dbl Running the Launcher to Open the Tray Icon on Mac Before running the launcher application on a Mac operating system ensure that the appropriate reader slots have been allocated To run the launcher on a Mac operating system 1 Connect the SafeNet eToken 7300 device and wait until the operating system recognizes it NOTE If the device s user storage is not password protected the ETOKEN 7300 icon is displayed 2 Do one of the following If the eToken 7300 icon is displayed on the desktop click it e If the eToken 7300 icon is not displayed on the desktop click the Findericon and under DEVICES select eToken 7300 6 SafeNet eToken 7300 SafeNet eToken 7300 Launcher SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ MG 4 146 gt Dbl The e7oken 7300 folder contents are displayed 4 A m m l mm gt FAVORITES D All My Files M i S AirDrop KA autorun inf SafeNet Authentication SafeNet Authentication A Applications Client Client L Desktop
98. save your changes click Save e To ignore your changes click Discard To apply SafeNet Authentication Client s default settings click Set to Default 8 Token Settings Setting Token Password Quality SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 175 gt Dbl Setting Private Data Caching Mode NOTE This feature is not supported by iKey devices In SafeNet Authentication Client public information stored on the token is cached to enhance performance This setting defines when private information excluding private keys on the eToken PRO NG OTP smart card can be cached outside the token To set private data caching mode 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 2 Inthe left pane expand the node of the required token and select Settings 3 In the right pane select the Advanced tab 8 Token Settings Setting Private Data Caching Mode SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 176 gt The Advanced tab opens SafeNet Authentication Client ROl A 4S SateNet Authentication Cent Tools Password Qualty Advanced a Pr Tokens i 4 9 My Token Private data caching Aways fastest sO wy Satanas RSA key secondary authentcabon Never KE Settings 4 gt Jane Parker eToken Virtual 8H Data Objects Setungs 163 Ciert Settings 4 In the Private data ca
99. se SOS5 50 18 External Smart Card Readers naasna aaaea ee eee eens 19 Supported LocalizationS n ca aw ew Sade eee DD KG Ree ee a goes dared a Ne ee ee 21 Chapter 2 SafeNet Authentication Client User Interfaces 23 Overview of SafeNet Authentication Client User Interfaces ees 24 SafeNet Authentication Client Tray Icon sssusa sanaaa ee ees 26 Running the SafeNet Authentication Client Monitor sssaaa saaa cc ee 26 SAC Tray Menu Functions 2 sci KOK ee inden AnG bad base a Se BAe eek ed ada G 27 Opening the SafeNet Authentication Client Tray Menu from Windows Linux and Mac 1 cee ee 29 Selecting the Token from the SAC Tray MenU 1 eee ees 29 Closing SafeNet Authentication Client Monitor from Windows Linux and Mac es 30 SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O Mad 4 Dd Dbl SafeNet Authentication Client ToolS 0c ce ee eee ee ee eee eee eens 31 SafeNet Authentication Client Tools Toolbar ccc ees 32 Opening the Simple View 0 eee eee eee eee eee eens 33 Token ICONS 24444 4ntanduananaw bata taat one tentavebeabhatae wae ARBEL ha hoes AA mh 35 Simple View Functions 0 00 ee eee ee eee 37 Opening the Advanced View 2 0 es 38 Advanced View Functions 0 cc a 40 Tokens NOE nk a cnet bab ed bow ANG tea aw enka te aas ee ee ed sho tae ase hea we Kwok 40 Selected Token Nod cece ee eee eee eee eee eee eens 42
100. ssword Sarah Adams 00000001 d Unlock Token Jane Austin Olde4a2a Certificate Information Exit 3 Select the required option Closing SafeNet Authentication Client Monitor from Windows Linux and Mac To close SafeNet Authentication Client 1 Right click the SafeNet Authentication Client tray icon and from the shortcut menu select Exit A warning message is displayed 2 Click OK 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tray Icon SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MAG 30 gt Db SafeNet Authentication Client Tools Administrators use SafeNet Authentication Client Tools to set token policies Users use SafeNet Authentication Client Tools to perform basic token management functions such as changing passwords and viewing certificates on a connected token In addition SafeNet Authentication Client Tools provides users and administrators with a quick and easy way to import keys from a computer to a token and to transfer digital certificates between a computer and a token SafeNet Authentication Client Tools allows administrators to initialize tokens according to specific organizational requirements or security modes It includes a password quality feature that sets parameters to calculate a Token Password quality rating CAUTION Do not disconnect a token from the USB port or a smartcard from the reader during an operation This can corrupt th
101. t bb Icon Cont i Action Cont About displays product version information and license information and enables license import Help opens the Hep feature Home opens the company website Opening the Simple View When SafeNet Authentication Client Tools is opened the Simp e view is displayed To open SafeNet Authentication Client Tools Do one of the following m Right click the SafeNet Authentication Client tray icon and from the shortcut menu select Tools m From the Windows taskbar select Start 5 Programs 5 SafeNet 5 SafeNet Authentication Client 5 SafeNet Authentication Client Tools The SafeNet Authentication Client Tools window opens in the Simp e view 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 33 gt Dbl CI T eo l 3 19464005 5M441I Saf t SOSAKASS KOK ONG eNe 5 H SafeNet Authentication Client 20i Q Joe Sth fe Token 7300 Rename Token cA My Token kK Change Token Password Unlock Token dane Pader le Token Virtual Delete Token Cortert O View Token info Daconnedt Satehet eToken Virtual t 3 Sees A 3 Beene seas www safenet inc com NOTE If a customized version of SafeNet Authentication Client is installed the graphics you see may be different from those dis
102. t Certificate Windows only SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 89 gt Dbl Deleting a Certificate You can remove a certificate from a token To delete a certificate from a token 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane expand the node of the required token Do one of the following Inthe left pane select the required certificate and click the Delete Certificate icon In the left pane right click the required certificate and select Delete Certificate from the shortcut menu The Delete Certificate window opens To delete the certificate click Yes The 7oken Logon window opens Enter the Token Password and click OK The Delete Certificate window opens confirming that the certificate was deleted successfully Click OK 3 Token Management Deleting a Certificate SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 90 Dd gt Logging On to the Token as an Administrator If an Administrator Password was set on the token during token initialization and the user forgets the Token Password use the Administrator Password to unlock the token by setting a new Token Password We recommend initializing all supported tokens with an Administrator Password NOTE Administrator functions are not supported by iKey devices An administrator has limited p
103. t pane right click the Tokens node and select Reader Settings from the shortcut menu The Reader Settings window opens NE Reader Settings prenet SafeNet Authentication Client Number of virtual readers for tokens p Number of virtual readers for SafeNet eToken Virtual tokens 2 Caneel 3 Set the required number of virtual hardware or software readers in the appropriate field 3 Token Management Reader Settings SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 101 gt gt The default numbers of available readers are 4 SafeNet eToken readers 2 SafeNet eToken Virtual slots 2 4 Click OK to close the window The number of available readers is changed 5 Restart SafeNet Authentication Client Tools to make the changes effective 3 Token Management Reader Settings SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 102 gt gt Token Initialization The token initialization process restores a token to its initial state NOTE You cannot use SafeNet Authentication Client to initialize a SafeNet eToken Virtual product In this chapter m Overview of Token Initialization Configuring Initialization Settings Under Optional cryptography mechanism complete the fields as follows Changing the Token Initialization Key Configuring Common Criteria Settings 4 Token Initialization SAC 9 0 User s Guide 007 012831 0
104. tion NOTE This feature is not supported by iKey tokens To enable password quality configuration after initialization 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane select Client Settings In the right pane select the Advanced tab Select Allow password quality configuration on token after initialization uo Bb UU N Do one of the following e To save your changes click Save e To ignore your changes click Discard 7 Client Settings Allowing Password Quality Configuration on Token after Initialization SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 164 gt Dbl Allowing Only an Administrator to Configure Password Quality on Token The Allow only an administrator to configure password quality on token option determines whether the password quality parameters on the token can be changed after initialization by the administrator only and not by the user This option is selected by default To define who can configure password quality on token 1 Open SafeNet Authentication Client Tools Advanced view See Opening the Advanced View on page 38 In the left pane select Client Settings In the right pane select the Advanced tab Do one of the following e To enable configuration by the administrator only select Allow only an administrator to configure password quality on token To enable confi
105. tional requirements or security modes and a password quality feature which sets parameters to calculate a token password quality rating SAC Tools provides information about the token including its identification and capabilities It has access to information stored on the token such as keys and certificates and enables management of content such as password profiles NOTE Do not remove the token from the USB port during an operation This may cause corruption of data on the token SafeNet Authentication Client provides two user interfaces m SafeNet Authentication Client Tray Icon e for quick access to several token operations 2 SafeNet Authentication Client User Interfaces Overview of SafeNet Authentication Client User Interfaces SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 24 gt Dbl m SafeNet Authentication Client Tools provides information about each connected token including its identification and capabilities e can access information stored on each connected token such as keys and certificates enables management of token content such as password policy 2 SafeNet Authentication Client User Interfaces Overview of SafeNet Authentication Client User Interfaces SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 25 gt Dbl SafeNet Authentication Client Tray Icon The SafeNet Authentication Client tray icon offers a shortcut menu t
106. tton DVD Source Bum SateNet defaut ISO fie Path C Program Files SafeNet Authertcaton SAC Browse Protection Sze Repattonng Ainaa Password Total fush 1865 MB User Storage Token Pasmo a Ot From OVD patton From user storage patton lt Back few Cna Use this window to partition your SafeNet eToken 7300 device s flash storage area The partitioning process allows you to do the following Divide the flash drive into a DVD partition and a user storage partition Configure the flash drive partitioning settings 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 122 gt gt The partitioning process can take several minutes After entering your token s Administrator Password to begin the partitioning process do not disconnect your token until a confirmation message is displayed NOTE To enable the use of the SafeNet eToken 7300 flash tray icon ensure that the ISO file or other content written to the DVD partition includes the contents of the SafeNet default ISO file Either one of the following can be performed on the SafeNet eToken 7300 Partition without initialization Replace the flash drive s DVD partition and user storage partition Initialize and partition Before the partition process is run the data is deleted from the smartcard and new data is written to it NOTE The SafeNet eToken 73
107. ture is not supported by iKey devices Must meet complexity Determines the complexity requirements that are required in the Token Password requirements At least 2 types a minimum of 2 complexity rules out of the 4 shown in the Manual Complexity fields are enforced Atleast 3 types a minimum of 3 complexity rules out of the 4 shown in the Manual Complexity fields are enforced Default None Complexity requirements are not enforced Manual Complexity requirements as set manually in the Manual Complexity settings are enforced Manual Complexity Rules For each of the character types Upper case letters Lower case letters Numerals and Special characters select one of the following options Permitted Can be included in the password but is not mandatory Default Mandatory Must be included in the password Forbidden Must not be included in the password Note The Forbidden option is not supported by iKey devices 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 113 gt Dbl 13 Click Next The FIPS and Common Criteria Settings window opens Use this window to configure certification and common criteria settings Gpfenee SafeNet Authentication Client y F Erforce FIPS settings kecommanded Ertorce Common Catena setings Curert Language EN Set the maparaan number
108. uality SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 173 gt Dbl Password Quality Parameter Description Cont Maximum consecutive repetitions The maximum number of repeated characters that is permitted in the password Default 3 This feature is not supported by iKey devices Must meet complexity requirements Determines the complexity requirements that are required in the Token Password At least 2 types a minimum of 2 complexity rules out of the 4 shown in the Manual Complexity fields are enforced At least 3 types a minimum of 3 complexity rules out of the 4 shown in the Manual Complexity fields are enforced Default None Complexity requirements are not enforced Manual Complexity requirements as set manually in the Manual Complexity settings are enforced Manual complexity rules For each of the character types Numerals Upper case letters Lower case letters and Special characters select one of the following options Permitted Can be included in the password but is not mandatory Default Mandatory Must be included in the password Forbidden Must not be included in the password Note The Forbidden option is not supported by iKey devices 8 Token Settings Setting Token Password Quality SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 174 gt Dbl 5 Do one of the following e To
109. uality settings defined on the token A secure password has at leas 3 characters and cortains upper case laters lower case bettors numerals and special characters such as 5S EN Current Language EN Erter the Response Code provided by your administrator 5 Contact your administrator and provide the administrator with the Challenge Code value displayed NOTE To copy the Challenge Code to the clipboard click the Copy to Clipboard icon 3 Token Management Unlocking a Token by the Challenge Response Method SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc M4 72 gt gt CAUTION After providing the Challenge Code to the administrator do not undertake any activities that use the token until you receive the Response Code and complete the unlocking procedure If any other token activity occurs during this process it will affect the context of the Challenge Response process and invalidate the procedure 6 The administrator provides you with the Response Code to be entered The Response Code is 16 characters or if the token was initialized as Common Criteria 39 characters NOTE Response Code creation depends on the back end application being used by the organization Administrators should refer to the relevant documentation for information on how to generate the Response Code 7 Enter a new Token Password in the New Token Passwo
110. uide 007 012831 001 Revision B 2015 SafeNet Inc O M4 76 gt Deleting Token Content Objects on your token can include data objects profiles keys and CA or user certificates Your system configuration determines which objects are deletable The Delete Token Content function deletes all deletable objects on your token Non deletable objects are not removed from the token The function does not change settings on the token such as password quality requirements The Delete Token Content function is less comprehensive than the Jn tia ize function which restores a token to its initial state removing all objects stored on the token since manufacture and resetting the Token Password See Chapter 4 7oken Initialization on page 103 To delete the token content 1 To use the Simple view do the following a Open SafeNet Authentication Client Tools Simple view See Opening the Simple View on page 33 b In the left pane select the required token c Inthe right pane select Delete Token Content d Continue with step 3 2 Depending on the configuration of your system you can use the tray menu a Right click the SafeNet Authentication Client tray icon 3 Token Management Deleting Token Content SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O 4 4 77 Dd Dbl b If more than one token is connected hover over the appropriate token c Select Delete Token Content d Continue with step 3 3 The T
111. ur token See SafeNet eToken 7300 Launcher on page 144 Windows and Mac only The ETOKEN 7300 s AutoPlay window opens 3 Do one of the following Inthe ETOKEN 7300 s AutoPlay window select Open folder to view files From the computer directory window open the SafeNet eToken 7300 device s folder ETOKEN 7300 6 SafeNet eToken 7300 SafeNet eToken 7300 User Storage SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 152 gt Dbl NOTE If the Log On to Token window opens re enter the Token Password The user storage contents are displayed Accessing an Unprotected Flash Partition on Mac To access a SafeNet eToken 7300 device s user storage that is not password protected 1 Connect the SafeNet eToken 7300 device and wait until the operating system recognizes it The ETOKEN 7300 icon is displayed on the desktop ETOKEN 7300 NOTE If the SafeNet eToken 7300 device s flash partition is not password protected the contents can be accessed even if SafeNet Authentication Client is not installed and the launcher application is not run 2 Click the icon 6 SafeNet eToken 7300 SafeNet eToken 7300 User Storage SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 4 153 gt gt The user storage contents are displayed FAVORITES amann 5D All My Files gt Gil Music for listening Dec 16 2013 6
112. vanced See Chapter 8 Setting Private Data Caching Mode on page 176 and Setting RSA Key Secondary Authentication on page 179 NOTE The Advanced tab is not used for iKey devices 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 49 gt Dbl Data Objects Node Tokens used with Entrust applications have a Data Objects node which contains PKCS 11 data objects SafeNet Authentication Client 20i A S Data Object Name Data Object Type Data Object Size 4 9 Hany Potter eToken 5200 E0 CKO_DATA 142 bytes HER Settings gt Jane Parker eToken Vitual if Data Objects i Settings 40 Chert Settings To view the contents of a data object 1 Inthe left pane under the token s node expand the Data Objects node Details of all the data objects Name Type and Size are displayed in the right pane 2 SafeNet Authentication Client User Interfaces SafeNet Authentication Client Tools SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MEG 50 gt gt 2 Select a data object The contents of the data object Value Name and Value Type are displayed in the right pane SafeNet Authentication Client ODi 4a 4 4S SafeNet Authentication Chent Tools gp A 4 43 Tokens 4 Joe Smith eToken 7300 Ti 4M Hany Potter eToken 5200 CKA CL 4 A CA certficates CKA T
113. vision B 2015 SafeNet Inc O MEG 56 gt D Unlocking a Token by the Challenge Response Method Unlocking an iKey Token Initialized Using BSec Utilities Deleting Token Content Importing a Certificate to a Token Exporting a Certificate from a Token Viewing Supported Cryptographic Providers Setting a Certificate as KSP or CSP Windows only Setting a Certificate as Default or Auxiliary Windows only Clearing a Default Certificate Windows only Deleting a Certificate Logging On to the Token as an Administrator Changing the Administrator Password Unlocking a Token by an Administrator Synchronizing Passwords Windows only Working with IdenTrust Reader Settings 3 Token Management SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MGA 57 gt Dbl Selecting the Active Token If more than one token is connected select which token to work with To set a token as the active token from the SafeNet Authentication Tools window 1 Open SafeNet Authentication Client Tools See Chapter 2 Opening the Simple View on page 33 or Opening the Advanced View on page 38 2 In the left pane select the required token To set a token as the active token from the tray icon 1 Right click the SafeNet Authentication Client tray icon The SafeNet Authentication Client tray menu opens 2 Select the required token from the tray menu by hovering over the relevant token name A sub menu appears displaying a list
114. y be available in SAC 8 2 for Windows and up External Smart Card Readers SafeNet Authentication Client 9 0 GA supports the following smart card readers m SCR 3310 v2 Reader 1 Introduction Supported Tokens Sia O Kad 19 gt Dl SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc Athena AESDrive IIe USB v2 and v3 ACR Athena Keyboard GemPC CCID Omnikey 3121 Dell Broadcom Unotron NOTE Reader drivers must be compatible with the extended APDU format in order to be used with RSA 2048 The latest CCID Driver must be installed when using Athena v3 1 Introduction Supported Tokens SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M4 20 Dd gt Supported Localizations NOTE Linux and Mac SafeNet Authentication Client 9 0 supports all languages for Windows and only English for SafeNet Authentication Client 9 0 Windows supports the following languages Chinese Simplified Chinese Traditional Czech English French Canadian French European German Hungarian Italian Japanese Korean Lithuanian Polish 1 Introduction Supported Localizations SAC 9 0 GA User s Guide 007 012831 001 Revision B 2015 SafeNet Inc QO M4 4 21 gt bb Portuguese Brazilian Romanian Russian Spanish Thai Vietnamese 1 Introduction Supported Localizations SAC 9 0 GA User s
115. zation Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc GQ MG 4 109 gt gt 8 Inthe Logon retries before token is locked field enter a numeric value This counter specifies the number of times the user or administrator can attempt to log on to the token with an incorrect password before the token is locked The default setting for the maximum number of incorrect logon attempts is 15 9 If required select Token Password must be changed on first logon This is selected by default 10 Select One factor logon only if the presence of the token is required to log on to applications The Token Password will not be required The default value for this setting is disabled NOTE Selecting the One factor logon option disables the Create Token Password and Create Administrator Password fields 11 Click Next 4 Token Initialization Configuring Initialization Settings SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O M44 110 gt gt The Password Quality Settings window opens Seeeuesogyied sabi bbe et lt 3 4 Token Initialization Configuring Initialization Settings P NG SAC 9 0 User s Guide 007 012831 001 Revision B 2015 SafeNet Inc O MG 4 111 gt 12 Complete the fields as follows Field Description Enforce password quality Select this option if you want to define password quality settings when initializing
Download Pdf Manuals
Related Search