To start the process in the SafeNet Trusted Access Platform, Navigate to;


Applications > Add Application


Graphical user interface, text, application, email Description automatically generated


Search for “Generic Template”, Click Add


Graphical user interface, application, Teams Description automatically generated


In the Template Configuration…

Change the Display Name to “SafeConsole”, and Select “SAML”, press “Add”.


Graphical user interface, text, application Description automatically generated


Once the application has been added, choose “Download Metadata File”.

This action will download an XML template file which contains the Entity ID, SSO URL, SAML Assertion Consumer URL, and SafeNet Trusted Access Digital certificate which can be used to configure SafeConsole SSO Settings. Save this file in a safe location for later use. 


*Note*  The SAML Cert needed is actually made with the device's CA certificate. This certificate is located in the safeconsole/cert/ca.p12 file. If this is a SafeConsole cloud customer, the customer will have to open a ticket with Datalocker Support/Cloud to request the certificate. 


Graphical user interface, text, application, email Description automatically generated



In SafeNet Trusted Access, press “STA Setup


Configure the required settings for SAML 2.0 Authentication


SAML Settings:

Entity ID = SafeConsole

Logout URL (Post Binding) = hxxps://CUSTOMERURL.safeconsolecloud.com/safeconsole/?logout

Assertion Consumer Service URL (Post Binding) = hxxps://CUSTOMERURL.safeconsolecloud.com/safeconsole/sso-login/acs

Request Signing Certificate = Upload the SafeConsole Provided Certificate

User Login ID Mapping = Email Address

Return Attributes = memberOf -> Custom #1

  • Return attributes for “memberOf” can be set to send the value of data stored in Custom #1 

  • Custom #1 value should be configured to store SafeConsole Role Membership information 

  • Example: super admin, admin, manager, support, etc.


*Please note the value is case sensitive so it must match what is listed in safeconsole*

*Please make sure custom role based security system is enabled*




Graphical user interface, table Description automatically generated with medium confidence



User Portal Settings:

Federation Mode = SP Initiated & IDP Initiated

Service Login URL = hxxps://CUSTOMERURL.safeconsolecloud.com/safeconsole/#/login

Name ID Format = Unspecified

Enforce User Name = Prompt User to enter user name

Signature Algorithm = RSA-SHA256

Authentication Request Signature Validation = Verify Request Signature

Assertion Encryption = Assertion not Encrypted

Response Signing = Sign Response

Binding Protocol = Unspecified

Group Return Attribute Format = SAML attribute/value pair

Logout Channel = Back


Graphical user interface, text, application, email Description automatically generated


Save these configurations.



Setting up SSO with SafeConsole


Login to SafeConsole and navigate to the SSO Configuration area


SafeConsole > Server Settings > Single Sign On >

Check “Enable Single Sign-on”

SSO Provider = SAML2

Upload the previously saved .XML File

Set the Entity ID to “SafeConsole”


Press Save.