Safenet Mobilepass+ for Ios CUSTOMER RELEASE NOTES

SafeNet MobilePASS+ for iOS CUSTOMER RELEASE NOTES

Version: 1.8.2 Build: 1.8.2 Issue Date: 28 February 2020 Document Number: 007-013373-001 Rev. N

Contents Product Description 2 Release Description 2 Advisory Notes 2 Apple Watch to be Supported in an Upcoming Release 2 Working with SafeNet MobilePASS and SafeNet MobilePASS+ 2 Push OTP 2 Configuring STA for QR Code Enrollment 4 Biometric PIN 4 Resolved and Known Issues 5 Compatibility Information 5 Operating System 5 Supported Authentication Servers 5 Product Documentation 5 Support Contacts 6

SafeNet MobilePASS+ for iOS is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for iOS is a cost-effective way for businesses to leverage the security of One Time Passwords (OTP) using mobile phones. Associated with SafeNet Trusted Access, the SafeNet MobilePASS+ for iOS application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.

Release Description

SafeNet MobilePASS+ for iOS v1.8.2 resolves the issues listed in "Resolved Issue" on page 5.

NOTE If you use an MDM to deploy MobilePASS+, once a user upgrades to v1.8.2 they will not be able to downgrade to v1.7.1 or lower.

Advisory Notes

Apple Watch to be Supported in an Upcoming Release SafeNet MobilePASS+ for iOS 1.8.2 does not support Apple Watch. Users who have experimented with this functionality currently find that they can see the notification on their watch but cannot complete the approval flow. Thales Group is working to enable full functionality in an upcoming release.

Working with SafeNet MobilePASS and SafeNet MobilePASS+ SafeNet SafeNet MobilePASS for iOS and SafeNet MobilePASS+ can be used on the same device and with the same virtual server. Token enrollments are for either SafeNet SafeNet MobilePASS for iOS or SafeNet MobilePASS+. This is controlled in SafeNet Trusted Access at the virtual server level.

Push OTP

Approving a Push OTP Login Request MobilePASS+ tokens that are not PIN protected or are configured to work with a server-side PIN can be configured to use the Enhanced Approval Workflow. The Enhanced Approval Workflow is not available for user-selected PIN protected tokens or for tokens that are not configured to support the workflow. When the Login request arrives on your mobile device, you can respond from the locked screen or from the MobilePASS+ application.

Token Configuration Notification Action to Approve the Push OTP Login Request Location

SafeNet MobilePASS+ for iOS Customer Release Notes 007-013373-001 Rev. N 28 February 2020 Copyright 2020 Thales Group 2 Approving a Push OTP Login iOS Locked Screen Do one of the following: Request with standard > Swipe the notification from right to left to expand it approval workflow and tap APPROVE. > Single tap on the notification to open the login request in SafeNet MobilePASS+, review the login request information, and tap APPROVE.

iOS Unlocked 1. Tap the Pending Notification bar. Screen or within 2. Tap APPROVE. another Application

Approving a Push OTP Login iOS Locked Screen 1. Tap the Login request notification. Request with Enhanced 2. Tap APPROVE. Approval Workflow 3. If your device is password protected, enter the passcode.

iOS Unlocked 1. Tap on the notification to open the login request in Screen or within SafeNet MobilePASS+. another Application 2. Review the login request information. 3. Tap APPROVE.

SafeNet In the Login Request Form window, tap Approve. MobilePASS+ Application

Configuring STA for Enhanced Approval Workflow

NOTE To maintain compatibility with MobilePASS+ Android and iOS versions earlier than 1.4, do not select Enhanced Approval Workflow.

To enable Enhanced Approval Workflow: 1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Software Token & Push OTP Settings. 2. Select Enhanced approval workflow and click Apply.

Conditions that will trigger Enhanced Approval Workflow on a mobile device: > Enhanced Approval Workflow must be enabled on the server

SafeNet MobilePASS+ for iOS Customer Release Notes 007-013373-001 Rev. N 28 February 2020 Copyright 2020 Thales Group 3 > The mobile device must be running iOS 10 or later > The mobile device must be provisioned with one token only on the server-side > The token must not have a user-PIN

Push OTP Troubleshooting If an expected push OTP request does not arrive on your mobile device, check that a network connection is present. Heavy traffic and/or service outages from the public push service provider (Apple) may result in delivery delays or disruptions. In such circumstances, use manual OTP generation to complete the authentication.

Configuring STA for QR Code Enrollment 1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Automation Policies > Self-Enrollment Policy. 2. Select Enable Multi-Device Instructions. 3. Select Display QR Code. 4. Click Apply. The enrollment email sent to the user will include a link to the page on the STA Self Service Module where the QR code is displayed. The QR code will display only if a supported device is selected in the device selection drop down menu.

Biometric PIN

Biometric PIN Prerequisites > iOS 7 or later > Token configured in STA for Biometric PIN

Activating Biometric PIN in Existing Tokens Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.

Configuring STA for Biometric PIN (Touch ID and Face ID) 1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates. 2. Select the SafeNet MobilePASS for iOS token type and click Edit. 3. In the Edit Token Template window, under PIN Policy, select User-selected PIN and then select Allow Biometric PIN. The SafeNet MobilePASS+ token can now, following enrollment, be activated to use Touch ID.

Resolved Issue

Issue Synopsis

N/A Uncommon enrollments proceed to completion correctly.

SASMOB-2109 The MobilePASS+ application functions correctly when scanning a deep link from the iOS camera application.

Known Issues

Issue Synopsis

SAS-21916 Summary: OCRA tokens prevent non-OCRA tokens from performing authentication. Workaround: None

SASMOB-1949 Summary: Changes to the security requirements for iOS 13 prevent MobilePASS+ from enrolling a token when using iOS 13.1.2. Workaround: None

SASMOB-954 Summary: On iOS 13, when Touch ID is triggered to unlock an OTP or to approve a push authentication request, the user interface for Touch ID remains hidden. This affects iPhone 5, 6, 7, and 8 devices. Workaround: Upgrade to the latest release: iOS 13.1.3 or later.

Compatibility Information

Operating System > iOS 10 and later

NOTE BETA releases of the operating system are not supported.

Supported Authentication Servers > SafeNet Authentication Service (Cloud Edition) > SafeNet Authentication Service PCE/SPE 3.5 or later The QR Code Enrollment and Biometric PIN (Touch ID) features require version 3.5.4 or later.

Product Documentation

The following product documentation is associated with this release:

SafeNet MobilePASS+ for iOS Customer Release Notes 007-013373-001 Rev. N 28 February 2020 Copyright 2020 Thales Group 5 > SafeNet MobilePASS+ for iOS User Guide > SafeNet Authentication Service (SAS) Push OTP Solution Guide We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product.

Support Contacts

If you encounter a problem while installing, registering, or operating this product, please refer to the documentation before contacting support. If you cannot resolve the issue, contact your supplier or Thales Group Customer Support. Thales Group Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between Thales Group and your organization. Please consult this support plan for further information about your entitlements, including the hours when telephone support is available to you.

Customer Support Portal The Customer Support Portal, at https://supportportal.gemalto.com, is where you can find solutions for most common problems. The Customer Support Portal is a comprehensive, fully searchable database of support resources, including software and firmware downloads, release notes listing known problems and workarounds, a knowledge base, FAQs, product documentation, technical notes, and more. You can also use the portal to create and manage support cases.

NOTE You require an account to access the Customer Support Portal. To create a new account, go to the portal and click on the REGISTER link.

Telephone Support If you have an urgent problem, or cannot access the Customer Support Portal, you can contact Thales Group Customer Support by telephone at +1 410-931-7520. Additional local telephone support numbers are listed on the support portal.

Email Support You can also contact technical support by email at [email protected].