To start the process in the SafeNet Trusted Access Platform, Navigate to;

Applications > Add Application

Graphical user interface, text, application, email 
Description automatically generated

Search for “Generic Template”, Click Add

Graphical user interface, application, Teams 
Description automatically generated

In the Template Configuration…

Change the Display Name to “SafeConsole”, and Select “SAML”, press “Add”.

Graphical user interface, text, application 
Description automatically generated

Once the application has been added, choose “Download Metadata File”.

This action will download an XML template file which contains the Entity ID, SSO URL, SAML Assertion Consumer URL, and SafeNet Trusted Access Digital certificate which can be used to configure SafeConsole SSO Settings. Save this file in a safe location for later use. 

*Note*  The SAML Cert needed is actually made with the device's CA certificate. This certificate is located in the safeconsole/cert/ca.p12 file. If this is a SafeConsole cloud customer, the customer will have to open a ticket with Datalocker Support/Cloud to request the certificate. 

Graphical user interface, text, application, email 
Description automatically generated

In SafeNet Trusted Access, press “STA Setup

Configure the required settings for SAML 2.0 Authentication

SAML Settings:

Entity ID = SafeConsole

Logout URL (Post Binding) = hxxps://

Assertion Consumer Service URL (Post Binding) = hxxps://

Request Signing Certificate = Upload the SafeConsole Provided Certificate

User Login ID Mapping = Email Address

Return Attributes = memberOf -> Custom #1

  • Return attributes for “memberOf” can be set to send the value of data stored in Custom #1 

  • Custom #1 value should be configured to store SafeConsole Role Membership information 

  • Example: super admin, admin, manager, support, etc.

*Please note the value is case sensitive so it must match what is listed in safeconsole*

*Please make sure custom role based security system is enabled*

Graphical user interface, table 
Description automatically generated with medium confidence

User Portal Settings:

Federation Mode = SP Initiated & IDP Initiated

Service Login URL = hxxps://

Name ID Format = Unspecified

Enforce User Name = Prompt User to enter user name

Signature Algorithm = RSA-SHA256

Authentication Request Signature Validation = Verify Request Signature

Assertion Encryption = Assertion not Encrypted

Response Signing = Sign Response

Binding Protocol = Unspecified

Group Return Attribute Format = SAML attribute/value pair

Logout Channel = Back

Graphical user interface, text, application, email 
Description automatically generated

Save these configurations.

Setting up SSO with SafeConsole

Login to SafeConsole and navigate to the SSO Configuration area

SafeConsole > Server Settings > Single Sign On >

Check “Enable Single Sign-on”

SSO Provider = SAML2

Upload the previously saved .XML File

Set the Entity ID to “SafeConsole”

Press Save.