Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 5 subscribers
  • Views 2967 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Etoken TMS management

Typhoon87

Hello,

We just did the upgrade from Safeguard Easy 4.50 to Entrpise 5.50. So far it has gone okay with one moderate exception. We use the Aladdin Etoken and all of our users already have tokens and understand the basics of how to use them. Whcihc brings us to the problem. The Etokens we have curretnly distributed are formatted by the Aladdin TMS (Token Management Services). I spent an afternoon on the phone with Support only to learn that enterprise writes to the tokens in a diffrent way and every token must be reissued.

I was just wondering if anyone has any kind of connector or brige application that allows Entrpise to read Etokens formatted in the TMS management center. This would reduce the need to look for tokens in two places and the TMS has more options to see when and how tokens are used (more reports and better databse views of who has tokens ect.)

If not can a feature request be made to allow this?

:5459


This thread was automatically locked due to age.
Parents
  • 0

    Hi Typhoon87,

    the credentials stored by SafeGuard Easy (SGE) and SafeGuard Enterprise (SGN) are completely different. SGE had SGE userID+password, which is normally different to Windows userID+domain+password. So normally they don't match, and therefore there is no migration provided from our side.

    (Besides that the credentials are encrypted differently, they are stored on different places, and the used libraries are different, too. Unfortunately, in SGE we used a library from Aladdin for which we don't have the sources.)

    If users know their Windows userID and password (which I hope they do), they should be able to logon to the Power-on Authentation without the eToken first, and then in Windows insert the eToken. SGN should write the Windows credentials to the eToken without reformatting. This might be inconvenient, I agree, but less than reformatting. (The eTokens would have old and new credentials afterwards, but does this matter?)

    I did not test this situation, but it should work. I also don't know if TMS can backup the Windows credentials (likely not). If you want to have provisioning from TMS, I recommend to use certificate-based logon, or maybe license software from NetFox who did a TMS connector for SGN.

    Hope this helps you.

    :5556
Reply
  • 0

    Hi Typhoon87,

    the credentials stored by SafeGuard Easy (SGE) and SafeGuard Enterprise (SGN) are completely different. SGE had SGE userID+password, which is normally different to Windows userID+domain+password. So normally they don't match, and therefore there is no migration provided from our side.

    (Besides that the credentials are encrypted differently, they are stored on different places, and the used libraries are different, too. Unfortunately, in SGE we used a library from Aladdin for which we don't have the sources.)

    If users know their Windows userID and password (which I hope they do), they should be able to logon to the Power-on Authentation without the eToken first, and then in Windows insert the eToken. SGN should write the Windows credentials to the eToken without reformatting. This might be inconvenient, I agree, but less than reformatting. (The eTokens would have old and new credentials afterwards, but does this matter?)

    I did not test this situation, but it should work. I also don't know if TMS can backup the Windows credentials (likely not). If you want to have provisioning from TMS, I recommend to use certificate-based logon, or maybe license software from NetFox who did a TMS connector for SGN.

    Hope this helps you.

    :5556
Children
No Data
Unfiltered HTML