REVIEW

Thales SafeNet Trusted Access

SafeNet Trusted Access protects against credential-based threats via adaptive authentication and in-built single sign-on, based on granular customizable access policies.

Editor's Score
4.8/5

By Expert Insights
Updated Mar 28, 2023

Thales Logo

Expert Insights Verdict

4.8/5

SafeNet Trusted Access is a trusted enterprise identity and access management solution that enables highly secure, cloud-based single sign-on and multi-factor authentication. Granular, scenario-based access policies are the highlight of this solution, delivering advanced security while ensuring granular flexibility and control over authentication workflows.


Pros
  • Granular, flexible scenario-based access policies and workflows
  • MFA with a wide range of authentication methods supported
  • Secure single-sign on
  • Trusted authentication provider with decades of market leadership

Overview

SafeNet Trusted Access is a cloud-based identity and access management solution which enables organizations to manage access across all enterprise applications, services, and devices. This solution enables secure single sign-on and enforces multi-factor authentication with a wide range of supported methods and form factors.

The biggest strength of the SafeNet Trusted Access solution is the granular, highly customizable scenario-based access policies and controls. These enable admins to enforce flexible, secure authentication processes at all levels of the organization, and are enhanced with detailed reporting and analytics.

SafeNet Trusted Access is a mature solution, with a huge depth of functionality built up since the project’s first launch in 2007. We recommend SafeNet Trusted Access as a strong workforce IAM solution for organizations looking to secure access to applications and services, while ensuring convenience and compliance and reducing complexity for the end user.

Single Sign-On (SSO)

Thales Single-Sign On (SSO)

Thales Single-Sign On (SSO)

SafeNet Trusted Access single sign-on enables users to securely log into all of their cloud applications using one set of secure credentials (this can include FIDO-supported hardware such as TouchID on Mac or Windows Hello). This eliminates password risks and improves security for the user.

Users can access a self-service user portal, showing all connected applications and authentication methods they have enabled for SSO. This is secured via multi-factor authentication and can be configured via scenario-based access policies.

SafeNet Trusted Access delivers highly secure SSO, based on device health, user risk score, location, time of access attempt, user group and more. Admins can enforce extra security and authentication processes on a per-application basis.

Multi-Factor Authentication

Thales Multi-Factor Authentication (MFA)

Thales Multi-Factor Authentication (MFA)

SafeNet Trusted Access supports a wide range of authentication methods, and form factors, to match many different scenarios and use-cases. Customers can choose to use a specific authentication method or use multiple authentication methods. Authentication methods include:

  • OTP tokens using Thales’ own Gemalto hardware tokens
  • Push notifications and OTP codes using Thales’ dedicated mobile application
  • Pattern-based authentication, which also works as a backup authentication method
  • FIDO hardware tokens including Windows Hello, FaceID and TouchID
  • Third party software tokens, such as Google Authenticator
  • Existing domain passwords through AD sync

Combined with conditional access policies, SafeNet Trusted Access provides a highly robust and secure multi-factor authentication process.

Scenario-Based Access Policies

Thales Scenario-Based Access Policies

Thales Scenario-Based Access Policies

SafeNet Trusted Access enables highly granular and flexible scenario-based admin policies. The policy engine is very similar to the controls you would see in a network firewall solution, governing access for users, groups, devices, and applications. These policies are one of the solution’s key USPs, and a major strength over other providers in the identity space.

Within the management console, admins can control all users and applications, with granular policies and workflows for when extra authentication steps are enforced. These can be configured based on user group, location, device, IP address, employee risk score, regular working hours and more.

For example, admins can configure additional security steps for remote employees to connect to applications, while employees in the physical office would only need one authentication method. Admins could also enforce additional authentication checks outside of regular working hours – or even block access entirely.

Policies can also be configured for specific applications. A payroll system could have multiple levels of authentication applied, while less confidential systems may only need the traditional two-step authentication approach.

SafeNet Trusted Access provides one of the most granular and advanced set of conditional access policies out of all of the authentication solutions tested by Expert Insights. However, the process of configuring these scenarios can be complex, and a degree of experience is required by admins to effectively map out identity workflows and ensure the system is working as intended.

Deployment

Thales Deployment

Thales Deployment

There are multiple ways to deploy SafeNet Trusted Access. The most convenient method is agent-based deployment – this connects to user directories (such as Active Directory) to import existing credentials into the SafeNet Trusted Access system. In our testing this took some time to configure, but overall was a straightforward process.

SafeNet Trusted Access is highly scalable and supports multiple directories and multi-domain environments, with the option to build dedicated servers per domain if customer has multiple domains or multiple companies. Users can also self-enroll in the system where required.

There is an expansive list of over 1,000 out-of-the-box, pre-built integrations for connecting third-party applications with SafeNet Trusted Access. Custom integration methods are available for any non-supported or custom apps, whether cloud or on-premises.

Admin Console & Reports

Thales Admin Console & Reports

Thales Admin Console & Reports

SafeNet Trusted Access is managed via two connected admin consoles, one for legacy MFA connections, and one for modern. The legacy dashboard is used to manage legacy MFA connections for example, for running MFA on on-premises applications. The modern dashboard manages cloud-based MFA connections and SSO, for example using SAML and OAUTH. These two dashboards are completely integrated, and the same users can be managed across both systems. This enables legacy users to authenticate to cloud applications using legacy tokens.

At any time, admins can manage tokens, revoke access, or add new methods to groups or users across both of these dashboards. This is a necessary feature due to how technologies in the space have evolved, but adds some complexity to the admin console. Admins can also configure role-based access policies for the management console, and it can be secured with MFA.

Reporting

Thales Deployment

Thales Deployment

SafeNet Trusted Access provides detailed reporting, with granular customization for reports and audits. Admins can view a detailed breakdown of each user and group, including connected devices, authentication methods, successful login attempts, failed login attempts and more.

When logging into the dashboard, admins can view access activity and trends across the last thirty days. Admins can dig deeper into this data by going into the access logs - this will show successful and unsuccessful logins by policy type to help ensure processes are working effectively, and to flag any account compromise attempts.

There are also comprehensive audit logs that show all admin and policy changes, and granular auditing into device health. It will showcase where devices have been rooted or compromised.

Pricing & Plans

Pricing for SafeNet Trusted Access is provided via quotation. Please contact the vendor directly for more information.

Final Verdict

SafeNet Trusted Access is a highly secure, trusted identity and access management solution, designed for organizations of all sizes, but most suited to organizations requiring a high level of identity security. Healthcare, financial services, technologies, and government sectors will find this solution particularly useful.

The platform’s strength is in its scenario-based access control policies, which deliver a huge amount of granularity for admins to manage and configure access controls and procedures. Configuring these policies will require an experienced implementation team, but they ensure that accounts are properly secured with the right level of protection to meet your internal operational needs and compliance requirements.

SafeNet Trusted Access is an industry leading IAM solution, from a highly trusted brand, with functionality built up over more than three decades in the authentication space. We recommend this solution for organizations looking for a secure, granular access management solution that delivers secure single sign-on, multi-factor authentication, and granular scenario-based authentication policies.


Published by, Expert Insights

Expert Insights is an independent cybersecurity research and review website, reaching over one million readers per year. Run by a dedicated team of business IT experts, our number one goal is to help organizations research and find the right solutions to solve their business problems.

Company Information
Category Icon
Category

Identity And Access Management

Website Icon
Website

thalesgroup.com

Founded Icon
Founded

2000

Headquartered Icon
Headquartered

Paris, France

Deployment Icon
Deployment

Cloud

Thales SafeNet Trusted Access Awards
Product Award Product Award Product Award Product Award Product Award Product Award Product Award Product Award Product Award Product Award
Thales SafeNet Trusted Access Interviews
François Lasnier
VP of Identity and Access Management, Thales
Read Here