Etoken Anywhere 8.1 Admin Guide Rev A

eToken Pro Anywhere
Version 8.1 Revision A
Administrator Guide
Table of Contents
Chapter 1: Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2: Anywhere Operational Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Setup Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Using the eToken Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Working with eToken PRO Anywhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 3: eToken PRO Anywhere Token Preparation . . . . . . . . . . . . . . . . . . . . . . 15

Initialize the Token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Enroll Certificates to the Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 4: Installing and Configuring Anywhere Application . . . . . . . . . . . . . . . . . . 22

Step 1: Securing the Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Configure SSL Client Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Configure Proxy Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Step 2: Enable eToken Pro Anywhere Profile Access on the Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Step 3: Install the eToken Anywhere Configuration Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
Step 4: Create the Bundle Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Displaying eToken PRO Anywhere Configuration Tool Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 Managing with Previous Version Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Additional Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Chapter 5: Preparing and Working with the Token . . . . . . . . . . . . . . . . . . . . . . . . 58

Token Password Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Preparing the eToken PRO Anywhere Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Connect the eToken PRO Anywhere Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Using the eToken PRO Anywhere Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Viewing a Different Configured Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Setting Default URL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Enroll Token. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . View Certificate Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Unblock Token (Administrators) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Change Token Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . View Token Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exit Anywhere and Remove Token . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 73 74 75 78 80 83 85
Chapter 6: Configuring eToken Pro Anywhere Extended . . . . . . . . . . . . . . . . . . . . 87

Step 1: Configuring eToken PRO Anywhere Extended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Step 2: Preparing the eToken PRO Anywhere Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Copy Extended Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Displaying eToken PRO Anywhere Extended Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Appendix A: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate. SafeNet, Inc. is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions. The specifications contained in this document are subject to change without notice. SafeNet and SafeNet Authentication Manager are either registered with the U.S. Patent and Trademark Office or are trademarks of SafeNet, Inc., and its subsidiaries and affiliates, in the United States and other countries. All other trademarks referenced in this Manual are trademarks of their respective owners. SafeNet Hardware and/or Software products described in this document may be protected by one or more U.S. Patents, foreign patents, or pending patent applications. Please contact SafeNet Support for details of FCC Compliance, CE Compliance, and UL Notification. Date of publication: December 2011 Last update: Tuesday, January 10, 2012 6:17 pm
Support
We work closely with our reseller partners to offer the best worldwide technical support services. Your reseller is the first line of support when you have questions about products and services. However, if you require additional assistance you can contact us directly at:
Telephone
You can call our help-desk 24 hours a day, seven days a week: USA: 1-800-545-6608 International: +1-410-931-7520
Email
You can send a question to the technical support team at the following email address: support@safenet-inc.com
Website
You can submit a question through the SafeNet Support portal: http://c3.safenet-inc.com/secure.asp
Additional Documentation
eToken Anywhere - Version 8.1 - Readme- Revision A
Introduction
A true "Plug and Play" solution, eToken PRO Anywhere eliminates the need for pre-installation of desktop client software, enabling online service providers and organizations to offer customers, partners, and employees secure remote access to online services and business portals, with the added benefit of digital signing capabilities. eToken PRO Anywhere is a strong two-factor USB authentication device that does not require client software. With eToken PRO Anywhere, users can access Web-based applications and corporate networks to carry out online transactions easily, conveniently, and, most of all, securely - from just about anywhere. eToken PRO Anywhere is ideal for corporate and Internet security needs, enabling organizations to expand their range of online business services while providing end users with full roaming capabilities. For consumers, the convenience of a robust and yet simple Plug and Play solution is unbeatable. Application examples include enterprise solutions for remote access such as partner portals and extranets, SSL VPN, Uncontrolled access points (customers, employees), digital signatures, etc. It also provides expanded online services such as online banking, online brokerage, e-Commerce (B2B/B2C), health care, higher education, etc.
1. Introduction / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
The eToken PRO Anywhere browser being opened is not in fact the browser running on the users computer, it is an emulated browser which is removed, along with all trace of the application once the token is removed. An added advantage to the eToken PRO Anywhere solution is that multiple eToken PRO Anywhere tokens can be used simultaneously on the same computer. This enables users to achieve multiple secure access to remote authorization specific sites. eToken PRO Anywhere works with or without existing SafeNet Authentication Client (SAC) technology. Where SAC is already installed eToken PRO Anywhere is seamlessly integrated to work with SAC, retaining the security benefits inherent in SAC.
Features
eToken PRO Anywhere features include the following:

PKI certificate-based strong authentication ensures protection from phishing and man-in-themiddle attacks On-board security algorithms including RSA 1024-bit and 2048-bit key generation, DES, 3DES (Triple DES) authentication, SHA1 digital signature standard API & standards supporting PKCS#11 v2.2, Microsoft CAPI, PC/SC, X.509 v3 certificate storage, SSL v3, IPSec/IKE No battery required, ensuring device durability and extended lifetime FIPS 140-2 Levels 2 and 3
Highly secure smart card chip; Common Criteria certified Hardened tamper-evident and water-resistant shell Full compatibility with standard USB interface Fully portable no client software required Integrated secure logical and physical access option Even though eToken PRO Anywhere is windows product, the configured bundle can be download through any web server.
New Features
Since the previous eToken PRO Anywhere there are new features added to enhance functionality and improve user options. The new features are as follows:
Virtual Application AccessThe token can be configured for either web access to secure environments, or the token can be configured to download a SAC installation or secure portable browser application on the client machine. Identrust CertificationFor specific environments, such as banking institutions, the standard Identrust certification is required to enable access to protected sites, for example bank account pages. Native x64 bit SupportThe previous version enabled eToken PRO Anywhere to be usable on x64 platforms but only with x32 applications (IE or other browsers). The new eToken PRO Anywhere environment supports 3rd party native x64 applications using Public-Key Cryptography Standards (PKCS#11).
Common Criteria SupportIncludes support for a Common Criteria (CC) area on the token. SAC supports locating signing certificates in this area and using the certificates for signing operations. This support is provided using the same PKCS#11 and Cryptographic Service Provider (CSP) implementation as the keys stored on a standard applet. Added Certificate List WindowOn the tray UI access to the computers SAC certificate list window is provided. Password or Certificate Expiration NotificationIncludes a notification function where a password or certificate is nearing expiration. Initial token password configuration is through SafeNets SAC, which provides the complete security feature set including password and certificate notifications provided by SAC. Where there is a configuration conflict between SAC and the Anywhere, such as the number of password attempts, the Anywhere application takes priority. Multiple TokensThe new version enables multiple eToken PRO Anywhere tokens to run concurrently on the same computer. This functionality is for systems not running SAC enabling the eToken PRO Anywhere to run as a standard Human Interface Device (HID) CD drive on the computer. Adobe Acrobat SupportSupports using the token and the certificates on it for certificate signing in Adobe Acrobat reader X. The support is for when the reader is used either as an IE browser plug-in or for when the reader is executed as a standalone application. The anywhere application automatically registers the PKCS#11 module with the Acrobat Reader to have the certificates available in the reader.
Support Hierarchical Storage Management (HSM) for Bundle SignaturesThe key pair used for signing the bundle is PFX based, that is, it is a soft key protected by a password. To strengthen the security of handling the bundle support, the bundle signing key of the located on HSM. During bundle generation the administrator is prompted to select a certificate from certificate store to sign the bundle. IE 9 supporteToken Pro Anywhere supports IE9 browsers. Additional Configuration optionseToken settings can be configured using a setting file located within the bundle.
System Requirements
The integration described in this guide supports the following operating systems and components:
Server
Microsoft

Windows Server 2003 SP2 Windows Server 2008 R2 SP1 Windows Server 2008 SP2 IIS 6.0 IIS 7.0
Proxy

ISA 2006 (Installed on 2003 Server) Proxy settings

Basic Authentication Integrated
1. Introduction / System Requirements eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
Client (32 and 64 bit for all platforms)
Windows

Windows XP Home Windows XP SP3 Windows Vista SP2 Windows 7 Home SP1 Windows 7 SP1
Tokens

eToken PRO Anywhere SafeNet eToken 5200 SafeNet eToken 5205
1. Introduction / System Requirements eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
10
2
In this section:

Anywhere Operational Overview
This section describes the configuration process, burning the token and using the token processes.
Setup Process Using the eToken Process Working with eToken PRO Anywhere
2. Anywhere Operational Overview / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
11
Setup Process
The setup workflow stages are as follows: 1 2 Ensure that SAC 8.0 or later is installed on the system. Install the eToken PRO Anywhere Configuration application.
12
3 4
Prepare a Profile and save it to the system. This Profile includes all browsing and security details. Burn an .iso file to the token. The .iso file contains the instructions to connect the user computer to the configured site where the bundle is stored, and download the Profile to the user computer.
Using the eToken Process

The process for using the eToken is as follows: 1 Insert the token into the computer. The .iso file is opened requesting the Profile to be downloaded and installed on the users computer. 2 3 4 The files required to run the emulated browser on the computer are temporarily downloaded and installed on the users computer, along with all the security configurations. The selected default browser configured by eToken PRO Anywhere Configuration application is opened for secure browsing. When removing the token, unless it has been configured for off-line browsing, all browsing history as well as all the Profile files are automatically deleted on the users computer.
13
Working with eToken PRO Anywhere

For the user, if eToken PRO Anywhere is used on a system with SAC already installed, the Vendor Specific Request (VSR) protocol is invoked. Where SAC is not installed, eToken PRO Anywhere is automatically displayed to the user as a CD while the bundle is downloaded and run, then it is switched to a Human Interface Device (HID) on the computer.
2. Anywhere Operational Overview / Working with eToken PRO Anywhere eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
14
eToken PRO Anywhere Token Preparation
This section describes how to set up the eToken PRO Anywhere server. In this chapter: Initialize the Token Enroll Certificates to the Token
3. eToken PRO Anywhere Token Preparation / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
15
Initialize the Token

To use an eToken PRO Anywhere token, first the token must be initialized and a password set on the token. Initialize the eToken and set the token password using SAC. If the token is for an administrator, the administrator password must also be set. If a token is set for an administrator and user, an option to use either is displayed upon image store on token operation. Once selected, the selection remains with no option to change to the other one without reinitializing the token. To initialize the token: 1 2 3 4 5 Insert the eToken PRO Anywhere into the computer. In the notification area click the SAC icon On the toolbar double-click . The SAC Tools window opens.
. The Advanced mode is displayed
Click Tokens, and then click My Token. The token details are displayed. On the toolbar, on the left side click The Token Initialization window opens. .
3. eToken PRO Anywhere Token Preparation / Initialize the Token eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
16
6 7
Enter the Token Name, then select the Create Token Password check box. Enter the New Token Password, Confirm password, select the number of Logon retries before token is locked check box.
17
For entering passwords, to enhance security it is recommended to ensure the following:

At least eight characters long (the minimum is 5 characters) Contains both upper-case and lower-case letters Contains numeric characters Contains at least one special character (for example !, $, &, etc.) When entering the Confirm password field enter the exact same password as entered in the New Token Password field, ensuring upper-case and lower-case entries are maintained.
8 9
It is recommended to select the Token Password must be changed on first logon check box. Click Start. The token is initialized.
18
Enroll Certificates to the Token

Secured Certification Authority (CA) trusted digital certification is required for eToken PRO Anywhere SAC functionality. eToken PRO Anywhere runs as an injected or emulated browser. The certificates on the computer in which the token is operatingfor Windows the trusted CAs are listed under Certificate Store and in Firefox under Trusted Certificatescannot be propagated to the eToken PRO Anywhere token. The trusted certificates are enrolled directly onto the token. When the token is inserted into the computer, the certificates on the token are temporarily propagated to the computer in which the token is inserted. Once the token is removed, the certificates are automatically removed. Enroll the user certificate to the eToken using SAM, import PFX file or any other Certificate management application.
NOTE
The client certificate must be valid (a valid root Certificate Authority (CA) certificate must exist on the computer, with the correct date and correct server URL).
To import certificates to the token: 1 2 3 Insert the eToken PRO Anywhere into the computer. In the notification area double-click the SAC icon On the toolbar click . The SAC Tools opens.
. The SAC Tool Advanced Mode window opens.
3. eToken PRO Anywhere Token Preparation / Enroll Certificates to the Token eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
19
4 5 6
Click Tokens, and then click My Token. The token details are displayed. On the toolbar, on the left side click The Token Logon window opens. .
Enter the Token Password, and then click OK. The Import Certificate window opens.
20
8 9
Select the certificate source and then click OK. The standard Windows explorer window opens. Navigate to the location and select the certificate. The certificates are displayed under the My Token in the SAC Tool window.
21
Installing and Configuring Anywhere Application
This chapter describes step-by-step, how to set up an eToken Pro Anywhere device. In this chapter: Step 1: Securing the Web Site Step 2: Enable eToken Pro Anywhere Profile Access on the Web Server Step 3: Install the eToken Anywhere Configuration Tool Step 4: Create the Bundle Profile Displaying eToken PRO Anywhere Configuration Tool Information Managing with Previous Version Profiles Additional Configuration Options
4. Installing and Configuring Anywhere Application / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
22
Step 1: Securing the Web Site

When an eToken Pro Anywhere token is connected to a computer, a launcher application downloads the eToken Pro Anywhere application bundle from a web site. This web site must be set up, to enable posting the eToken PRO Anywhere application bundle to a virtual directory on the server. This virtual directory should be configured with Secure Socket Layer (SSL), and the web server certificate must be valid, requiring users to use SSL client authentication.
Configure SSL Client Authentication

To configure the virtual directory to require SSL client authentication: 1 2 3 4 Open the Internet Information Services (IIS) console. Navigate to the virtual directory to secure. Click Properties. The Properties dialog box opens. Click the Directory Security tab. The Directory Security tab opens.
4. Installing and Configuring Anywhere Application / Step 1: Securing the Web Site eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
23
Under Secure communications click Edit. The Secure Communications window opens.
24
25
Select the following:

Require secure channel (SSL) Require 128-bit encryption Under Client certificates select Require client certificates
Click OK.
Configure Proxy Port

The token also operates within a Proxy environment such as Microsoft's Internet Security and Acceleration (ISA) Server. The ETPA launcher retrieves the users Internet Explorer proxy configuration for the download URL using Microsoft s WinHttpGetIEProxyConfigForCurrentUser and WinHttpGetProxyForUrl functions. In Internet Explorer, the proxy settings are found on the Connections tab on the Internet Options menu. The launcher passes the required authorization credentials to the server using the WinHttpSetCredentials function. The optional Authentication schemes are as follows:

ISA 2006 (Installed on 2003 Server) Proxy settings

Basic Authentication Integrated
26
The ETPA launcher supports the Web Proxy Auto-Discovery (WPAD) protocol for automatically configuring the proxy settings for an HTTP request. The WPAD protocol downloads a Proxy AutoConfiguration (PAC) file, which is a script that identifies the proxy server to use for a given target URL. PAC files are typically deployed by the IT department within a corporate network environment. To configure proxy: 1 In the client machine open the Internet Options window, and then click the Connections tab. The Connections tab opens.
27
Click LAN Settings. The LAN Setting dialog box opens.
28
Under Proxy Server, select Use a proxy server for your LAN, then enter the proxy Address, then in the Port field enter 8080, and then click OK.
29
Step 2: Enable eToken Pro Anywhere Profile Access on the Web Server
By default, the bundle files are created in the following folder: C:\Documents and Settings\........\Application Data\SafeNet\Anywhere\[Profile Name] The two files etAny.dat etAny.sig must be copied to the eToken PRO Anywhere application download URL. On the IIS server ensure that the .dat and .sig files are authorized to be downloaded. To authorize etAny.dat and etAny.sig for download: 1 Open the IIS snap-in, right click on the eToken PRO Anywhere Application Download virtual directory, and then click Properties. The Properties window opens. 2 3 4 Click the HTTP Headers tab. The HTTP Header tab opens. Click MIME Types. The MIME Types window opens. Click New, and then add the .dat and .sig extensions to the registered MIME types table.
4. Installing and Configuring Anywhere Application / Step 2: Enable eToken Pro Anywhere Profile Access on the Web Server 30 eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
Click OK. Permissions for the users to use these files must be enabled.
To grant permissions to the etAny.dat and etAny.sig files: 1 2 3 4 5 Navigate to the folder containing the .dat and .sig files. Right click on the file (.dat or .sig), and then select Properties. The Properties window opens. Click the Security tab. The Security tab opens. Select the user or group to provide access to the file. Click Add, and then click OK.
Step 3: Install the eToken Anywhere Configuration Tool

This step requires the eToken PRO Anywhere Configuration Tool installation.
NOTE
The SafeNet Authentication Client 8.1 SP1 or later must be installed before installing the eToken PRO Anywhere Configuration Tool.
To install the eToken PRO Anywhere Configuration Tool: 1 Run eTokenAnywhere-x32-8.1.msi on x86 platforms and eTokenAnywhere-x64-8.1.msi on 64 platforms The eToken PRO Anywhere Configuration Tool Installation Wizard opens.
4. Installing and Configuring Anywhere Application / Step 3: Install the eToken Anywhere Configuration Tool eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
33
Click Next. The Wizard Destination dialog box opens.
34
Click Next. The installation begins and the Installing screen opens indication the installation process.
35
On completion the Installation Completion dialog box opens.
36
Click Finish.
37
Step 4: Create the Bundle Profile

To create the Bundle Profile and set up eToken PRO Anywhere: 1 Click Start, then click Programs, then click SafeNet, then click SafeNet eToken Anywhere, and then click Anywhere Configuration Tool. The eToken PRO Anywhere Configuration Tool opens.
4. Installing and Configuring Anywhere Application / Step 4: Create the Bundle Profile eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
38
39
Under Anywhere Client Settings complete the following:
Signature certificateClick to select a certificate. The certificates are maintained and stored in the devices Microsoft certificate personal store (My Certificate Store). The Administrator must keep the store certificate for future use (the token contines using the public key). Browser titleSpecifies the title displayed in the Title Bar. Customized client settings fileSelecting this feature, requires that the client file details to be entered into the field next to the check-box. This could include configuring SAC client settings which will be tempararily implemented while the token is inserted. To navigate and locate a client file, click page 47. . For more information see Additional Configuration Options on
Offline mode supportEnables the user to continue using the eToken Pro Anywhere application, even when off-line. The files are maintained on the computer when the token is removed. Only when the token is reinserted are the files accessible. Allow user to set default URLEnables the user to select from the configured URLs the default URL. The URLs are configured by the administrator. IdenTrust supportEnables supporting IdenTrust authentication certification. IdenTrust modules serve browser signing operations. Selecting this option includes Identrust components, which are required for Identrust certification tests, in the generated bundle. This module exists in SAC at the moment and provides both IE and FF extensions, allowing Identrust certification.
40
Native 64-bit supportEnables support for a 64-bit applications. Includes native x64 core modules to be used by 3rd party x64 applications. Enter the secured website authentication URLs into the Authentication URL table with the following buttons:
Adds a new row to the Authentication URL table. To edit the URL details, click on the row in the required column (field) and enter the details. From the Default Browser drop-down list select the browser to use. Removes a selected row from the Authentication URL table. Moves a selected row down in the order in which the URLs are listed. Moves a selected row up in the order in which the URLs are listed.
Forgot my password URLSpecifies the URL link where a password recovery process can be located. For a token with a forgotten password, a new password is configured on the token through SAC. Enable remote token enrollmentEnables token enrollment from a remote location. If this is selected, it is required to complete the Remote enrollment URL field specifying the URL location where the enrollment process is accessed. If the token is empty (no certificate enrolled); this URL becomes the opened default URL.
Under Anywhere ISO Contents enter the Anywhere application download location, specifying where the Anywhere application is located for downloading (without Installing) on the client machine. The download could be URL or UNC.
41
On the eToken PRO Anywhere Configuration Tool toolbar click The Save Profile dialog box opens.
Enter the profile name, and then click OK. If the application download location was not entered, an error message opens and the profile is not saved.
42
In the The eToken PRO Anywhere Configuration Tool window, in the Anywhere application download location field a prompt in is displayed in red.
If the Anywhere application secured site URL is not entered, an error message opens and the profile is not saved.
43
Once a profile is saved, the profile is be used to prepare the eToken PRO Anywhere device. Multiple profiles can be saved.
NOTE
To create a new Anywhere Profile, click .
44
Displaying eToken PRO Anywhere Configuration Tool Information

To display details about the eToken Anywhere Configuration Tool: 1 On the eToken PRO Anywhere Configuration Tool toolbar click The About dialog box opens. .
4. Installing and Configuring Anywhere Application / Displaying eToken PRO Anywhere Configuration Tool Information 45 eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
Managing with Previous Version Profiles

Before installing a new version, previously installed Anywhere configuration tool versions must be removed. To work with the new ETPA version, the bundle must be replaced with a new bundle created with the eToken Anywhere Configuration Tool 8.1. To modify the bundle: 1 2 3 Install the signature certificate used to sign the old bundle into the certificate store. Load the old profile and then save it as a new profile, signing it with same certificate using the Anywhere Configuration Tool. Replace the old bundle with the newly created bundle in the server's virtual IIS directory.
While nothing was changed on the tokens, the new bundles will be downloaded when the tokens are used.
4. Installing and Configuring Anywhere Application / Managing with Previous Version Profiles eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
46
Additional Configuration Options

For administrators with extensive registry management experience there are additional configuration options through the Anywhere registry file.
NOTE
Only sufficiently qualified administrators can perform these modifications.
The Anywhere application generates a registry file which is implemented when the Anywhere application is loaded. The registry values can be modified to implement client specific requirements. To open and configure the Anywhere registration file 1 2 Open Windows Explorer and navigate to C:\Program Files\SafeNet\Authentication\eTPAnywhere\Settings. Right-click and then open the file Anywhere.reg. The Anywhere.reg file opens.
4. Installing and Configuring Anywhere Application / Additional Configuration Options eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
47
The Anywhere Reg file contains the following registry configurations.
48
Registry Value
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\SafeNet\Authentication\SAC]
Explanation
Specifies the Registry editor version. Specifies the registry address containing the configuration settings.
HKEY_CURRENT_USER\SOFTWARE\SafeNet\Authentication\SAC\GENERAL] "LegacyManufacturerName"=dword:00000000 Defines the option to display the Anywhere manufacturers name. Values: 1 - The legacy manufacturer name is written. 0 - The new manufacturer name is written. Default: 0 [HKEY_CURRENT_USER\SOFTWARE\SafeNet\Authentication\SAC\UI] "UseDefaultPassword"=dword:00000000 Defines if the Change Password on First Logon process assumes the current Token Password is the default (defined in the Default Token Password), and does not prompt the user to supply it. Values: 1 (True) - The default Token Password is automatically entered in the password field. 0 (False) - The default Token Password is not automatically entered in the password field Default: 0 (False)
49
Registry Value
"PasswordTerm"="Password"
Explanation
Defines the field name (term) used for the password. Values (String): Password PIN Passcode Passphrase Default: Password
"ShowDecimalSerial"=dword:00000000
Defines the option to display the token serial number in decimal format instead of hexadecimal format. Values: 1 (True) - Displays the serial number in decimal format. 0 (False) - Displays the serial number in hexadecimal format. Default: 0
"ExpiryAlertPeriodStart"=dword:00000030
Defines the number of days before a certificate's expiration date during which a warning message is displayed. Values: > =0 (0 = No warning) Default: 30 days
50
Registry Value
"FutureAlertMessage"="Data on your token expires in $EXPIRE_IN_DAYS days."
Explanation
Specifies the balloon message to display from the notification area during a certificates Certificate Expiration Warning Period. and the number of days remaining before expiration. Values: String Default: Data on your token expires in $EXPIRE_IN_DAYS days.
"PastAlertMessage"="Your token requires an update."
Specifies the balloon message displayed from the notification area giving the user notification of a token expiration. Values: String
"IgnoreExpiredCertificates"=dword:00000000
Defines the option to ignore expired certificates on the token. Values: 0 - Ignore expired certificates. 1 - Display message indicating expired certificates. Default: 0
"AlertTitle"="SafeNet Authentication Client"
Specifies the title to display in certificate expiration warning messages. Values: String
51
Registry Value
"ActionDetailedMessage"=""
Explanation
If Show detailed message is selected in Warning Message Click Action setting, defines the detailed message to display. Values: String
"ActionWebSiteURL"=""
If Open website is selected in the Warning Message Click Action setting, defines the URL to display. Values (string): Website address
"UpdateAlertMinInterval"=dword:00000014
Defines the interval period in days between certificate expiration date verifications. Values: >0 Default: 14 days
"AlertMessageClickAction"=dword:00000000
Defines the action when clicking a balloon message from the notification area. Values: 0 - No action 1 - Show detailed message 2 - Open website Default: 0
52
Registry Value
"ShowInTray"=dword:00000001
Explanation
Defines the option to display the Anywhere icon in the notification area when the token is inserted. Values: 0 - Never Show 1 - Always Show Default: 1
"ShowBalloonEvents"=dword:00000000
Defines the option to display balloon messages from the notification area when a token is connected or disconnected. Values: 0 - Not Displayed 1 - Displayed Default: 0
"CertificateExpiryAlert"=dword:00000000
Defines the option to display an alert indicating an imminent certificate expiration on the token. Values: 1 (True) - Notify the user 0 (False) - Do not notify the user Default: 1 (True)
53
Registry Value
"NotifyPasswordExpiration"=dword:00000001
Explanation
Defines the option to display a balloon from the notification area indicating a password expiration on the token. Values: 1 (True) - The balloon indication is enabled from the notification area. 0 (False) - The balloon indication is disabled from the notification area. Default: 1
"HomeUrl"="SafeNet home URL"
Specifies the SafeNet home URL address. Values: (String)
[HKEY_CURRENT_USER\SOFTWARE\SafeNet\Authentication\SAC\CAPI] "PasswordTimeout"=dword:00000000 Defines the number of minutes a Common Application Programming Interface (CAPI) required password is valid following the last logon activity. Values: >=0 Timeout enabled 0= No timeout Default: 0
54
Registry Value
"LogoutMode"=dword:00000000
Explanation
Defines the option to prompt the user to enter a password for each operation requiring the user to be logged on. Values: 1 (True) - A password prompt is displayed for each operation. 0 (False) - The user remains logged on after the first logon. Default: 0
55
Registry Value
"SignPaddingOnBoard"=dword:00000000
Explanation
Sets the option to enable sign padding for on-board supported devices for added security. Sign padding is supported by Java tokens. Note: To use this feature, SafeNet Authentication Client 8.1 or later must be installed. Values: 0 - Not supported: Sign padding is always performed on the host computer. 1 - Supported: Sign padding is performed on-board supported devices when running SafeNet Authentication Client 8.1 or later; Sign padding is performed on the host computer when running SafeNet Authentication Client versions earlier than 8.1 2- Required: Sign padding is always performed on-board supported devices; Not backwardly compatible with SafeNet Authentication Client versions earlier than 8.1 Default: 0
[HKEY_CURRENT_USER\SOFTWARE\SafeNet\Authentication\SAC\AccessControl]
56
Registry Value
"TrayIconChangePassword"=dword:00000001/TrayIconUnlockEToken"=dword:00000001
Explanation
Sets the option to inform the user to change their password. Values: 0 - No action 1 - Show detailed message Default: 0
Additional registry values can be added into the Anywhere Reg file effectively offering the administrator extensive options.
57
Preparing and Working with the Token
This section describes how to use the device. In this chapter: Token Password Access Preparing the eToken PRO Anywhere Device Connect the eToken PRO Anywhere Device Using the eToken PRO Anywhere Device
5. Preparing and Working with the Token / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
58
Token Password Access

For administrator functionality the token must be initialized with an admin logon. When storing an image on the an inserted token which does not have an Admin password, the Admin logon is grayed out and only User password can be entered. When the token has an Admin and User password, one can be selected using the password option buttons.
5. Preparing and Working with the Token / Token Password Access eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
59
Preparing the eToken PRO Anywhere Device

To load a profile for burning on the eToken PRO Anywhere device: 1 On the eToken PRO Anywhere Configuration Tool toolbar click The Select Profile dialog box opens. .
From the drop-down list select a profile to burn on the eToken PRO Anywhere device. The profile details are loaded into the eToken PRO Anywhere Configuration Tool fields. 2 3 Insert the eToken PRO Anywhere device into a client machine. Click .
5. Preparing and Working with the Token / Preparing the eToken PRO Anywhere Device eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
60
If a token is set for an administrator and user, an option to use either is displayed the first time the token is used. Once selected, the selection remains with no option to change to the other one without reinitializing the token.
For a token that already contains an image and has Administrator password the Administrator Token Logon dialog box opens.
61
For a token with only a user password the User Token Logon dialog box opens.
Enter the relevant password, and then click OK.
62
The burn process begins. During the process the CD-ROM image is stored in the eToken PRO Anywhere token. Also, the signature certificate public key is written to the eToken PRO Anywhere device, enabling the launcher to verify that the bundle file is valid. On completion a burn completion message opens.
The eToken PRO Anywhere device can now ready for use.
63
Connect the eToken PRO Anywhere Device

The eToken PRO Anywhere Launcher application is located in the CD-ROM Partition on the eToken PRO Anywhere device. When eToken PRO Anywhere is inserted into the USB slot, the Windows Autorun feature automatically launches the Launcher application. To connect the eToken PRO Anywhere device and install the launcher application: 1 Insert the eToken PRO Anywhere device into the computer.
Windows identifies and installs the new hardware token.
5. Preparing and Working with the Token / Connect the eToken PRO Anywhere Device eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
64
Windows recognizes that eToken PRO Anywhere device contains a CD-ROM image.
NOTE
Sometimes there is a reference to a reboot. It is a Windows standard message and is not relevant to the token operations or functionality.
65
Windows identifies the eToken PRO Anywhere device and opens the Autoplay dialog box.
NOTE
The notification Publisher not specified refers to the Launcher program not being certified. It is not certified to increase the token storage capacity and in no way affects the Launchers functionality or operational efficiency.
If the Autorun feature is not activated:
66
a b c 2
On the desktop click My Computer. The computer configuration window opens. Click CDROM. The CDROM Explorer window opens. Double-click Launcher.exe.
Click Run Launcher.exe. The Launcer is not signed so a notification window may be displayed. The Launcher communicates with the eToken PRO Anywhere server through an SSL connection. The Launcher downloads the eToken PRO Anywhere application and signature files to the user's computer.
On completion the Launcher verifies the application bundle signature. The Launcher then starts the eToken PRO Anywhere application loading the pre-configured web site, using the eToken Cryptographic Service Provider (CSP).
67
If the default site is not SSL based and not a proxy environment, the user/administrator is logged onto the pre-configured default website, and the eToken PRO Anywhere icon is displayed in the notification area. If an administrator is running SAC, the command options are changed to include the Anywhere command. If working within an ISA proxy environment, the proxy login dialog box opens.
68
Enter the User Name and Password, and then click OK. The Token Logon dialog box opens.
69
Enter the Token Password, and then click OK. The user is logged onto the pre-configured default website, and the eToken PRO Anywhere icon is displayed in the notification area. If an administrator is running SAC, the command options are changed to include the Anywhere command.
70
Using the eToken PRO Anywhere Device

To access the Anywhere commands, right click the Anywhere icon area. The command options are as follows:

displayed in the notification
Viewing a Different Configured Website Setting Default URL Enroll Token View Certificate Information Unblock Token (Administrators) Change Token Password View Token Information Exit Anywhere and Remove Token
5. Preparing and Working with the Token / Using the eToken PRO Anywhere Device eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
71
Viewing a Different Configured Website

To view a different website: 1 In the notification area right-click the Anywhere icon The configured Anywhere websites are displayed. , and then click Anywhere.
Select the website to open. The selected web site opens.
72
Setting Default URL

To change the default URL: 1 In the notification area right-click the Anywhere icon The configured Anywhere websites are displayed. , and then click Anywhere.
The current default URL is displayed as bold and at the top of the list. 2 Click Set Default URL. The Set Default URL dialog box opens.
73
From the drop-down list select the new default URL, and then click OK. The default URL is changed, and the notification area default URL is changed to the selected URL.
Enroll Token
When there is no default URL detected on the eToken PRO Anywhere token, enrollment can be performed from a configured destination. For token enrollment functionality the Enable remote token enrollment option must be selected with a configured address when profile was created. If the option is configured the Enroll command option is active on the command menu. For more information on configuring the enrollment functionality see Step 4: Create the Bundle Profile on page 38.
74
To enroll the token: 1 In the notification area right-click the Anywhere icon The Anywhere commands are displayed. , and then click Anywhere.
Click Enroll. The browser opens the enrollment address for the user to complete the enrollment process.
View Certificate Information

To view certificate information on the token: 1 In the notification area right-click the Anywhere icon The Anywhere commands are displayed. .
75
Click Certificate Information. The Token Certificate Information dialog box opens.
76
Click Close.
77
Unblock Token (Administrators)

To unblock a token: 1 In the notification area right-click the Anywhere icon The Anywhere commands are displayed. .
Click Unblock Token. The Unlock Token: My Token window opens.
78
79
The Challenge Code is already completed. Enter the Response Code, New Token Password and the Confirm Password. For more information on password selection see Change Token Password on page 80. It is advisable to select the Token Password must be changed on first logon check box. Click OK. The token is unblocked.
Change Token Password

Every time the eToken PRO Anywhere is inserted into a computer a password is requested. To change the eToken PRO Anywhere password: 1 In the notification area right-click the Anywhere icon The Anywhere commands are displayed. .
80
Click Change Token Password. The Change Token Password dialog box opens.
81
Complete the following fields:

Current Token PasswordEnter the current token password. New Token PasswordEnter the new token password. To enhance security it is recommended to ensure the following:

At least eight characters long (the minimum is 5 characters) Contains both upper-case and lower-case letters Contains numeric character Contains at least one special character (for example !, $, &, etc.)
Confirm PasswordEnter the exact same password as entered in the New Token Password field, ensuring upper-case and lower-case entries are maintained.
As the new password is entered, an incremental bar indicates the level of security in the new password.
If the password is too short an error message is displayed on bottom of the dialog box.
82
If the Token Password and the Confirm Password do not match an error message is displayed on bottom of the dialog box.
Click OK. The token password is changed on the token.
View Token Information

1 In the notification area right-click the Anywhere icon The Anywhere commands are displayed.
83
Click About. The About dialog box opens.
84
Click OK.
Exit Anywhere and Remove Token

1 In the notification area right-click the Anywhere icon The Anywhere commands are displayed. .
85
Click Exit. The Exit Confirmation dialog box opens.
3 4
Click OK. Remove the token.
86
Configuring eToken Pro Anywhere Extended
eToken PRO Anywhere Extended provides additional functionality of automatically installing and running additional software when the eToken PRO Anywhere device is inserted into a computer. This chapter describes step-by-step, how to set up an eToken Pro Anywhere device. In this chapter: Step 1: Configuring eToken PRO Anywhere Extended Step 2: Preparing the eToken PRO Anywhere Device Copy Extended Profiles Displaying eToken PRO Anywhere Extended Information
6. Configuring eToken Pro Anywhere Extended / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
87
Step 1: Configuring eToken PRO Anywhere Extended

The eToken PRO Anywhere Extended application is automatically installed during the eToken Anywhere Configuration Tool 8.1 installation. To configure the eToken PRO Anywhere Extended: 1 Click Start, then click Programs, then click SafeNet, then click SafeNet eToken Anywhere, and then click Anywhere Extended Configuration Tool. The SafeNet eToken - Anywhere Extended Configuration Tool opens.
6. Configuring eToken Pro Anywhere Extended / Step 1: Configuring eToken PRO Anywhere Extended eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
88
Complete the following fields:

Application file download locationSpecifies where the application is located. Signed 32-bit application fileSpecifies the 32-bit application name. Signed 64-bit application fileSpecifies the 64-bit application name. Command triggered by token connectionSpecifies the CLI command to automatically run the installation process.
NOTE
To create a new Anywhere extended profile click .
On the SafeNet eToken - Anywhere Extended Configuration Tool toolbar click The Profile Save dialog box opens.
89
Enter the profile name, and then click OK. Once saved the save success dialog box opens.
Click OK.
90
Step 2: Preparing the eToken PRO Anywhere Device

To load a profile for burning on the eToken PRO Anywhere device: 1 On the SafeNet eToken - Anywhere Extended Configuration Tool toolbar click The Select Profile dialog box opens. .
From the drop-down list select a Extended profile to burn on the eToken PRO Anywhere device. The profile details are loaded into the SafeNet eToken - Anywhere Extended Configuration Tool fields. 2 Insert the eToken PRO Anywhere device into a USB interface.
6. Configuring eToken Pro Anywhere Extended / Step 2: Preparing the eToken PRO Anywhere Device eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
91
Click
A password prompt dialog opens.
Enter a password, and then click OK. The burn process begins. On completion a burn completion message opens.
92
The eToken PRO Anywhere device is now ready for use.
93
Copy Extended Profiles

The administrator can open and copy Extended profiles contents. To copy profile contents: 1 2 3 On the SafeNet eToken - Anywhere Extended Configuration Tool click The Windows explorer dialog box opens displaying the current folder. Double-click on a profile. The contents are displayed. Copy the contents. .
6. Configuring eToken Pro Anywhere Extended / Copy Extended Profiles eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
94
Displaying eToken PRO Anywhere Extended Information

To display details about the eToken Anywhere Extended: 1 On the SafeNet eToken - Anywhere Extended Configuration Tool toolbar click The About dialog box opens. .
6. Configuring eToken Pro Anywhere Extended / Displaying eToken PRO Anywhere Extended Information eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
95
Troubleshooting
This chapter provides debugging and error information relating to the eToken Pro Anywhere solution. If SafeNet support is required, the following filesaccessed from the temp folder (%temp%)must be provided: eTLauncherLauncher log listing the operations performed by the system prior and during the period the Launcher program starts up and runs. eTInjector2012Log includes details on the injected browser.
In this section:

eToken Pro Anywhere is not Recognized Correctly The Auto-Run Feature is not Launched Signature Verification Error
A. Troubleshooting / eToken Pro Anywhere Adminstrator Guide, Rev. Revision A, 2012 SafeNet, Inc.
96
eToken Pro Anywhere is not Recognized Correctly

Problem
After connecting eToken PRO Anywhere and putting the computer in hibernate or standby mode, and then if the computer is then restarted, the eToken PRO Anywhere is recognized as a mass storage device with the CD-ROM image displayed in My Computer.
Proposed Solution
Reinsert eToken PRO Anywhere or double click the CD icon in My Computer.
The Auto-Run Feature is not Launched

Problem
When there are no available drive letters, the Autorun feature is not launched after inserting eToken PRO Anywhere.
97
Proposed Solution
To activate the Autorun: 1 2 3 4 On the desktop click My Computer. The My Computer window opens. On the Manage menu, click Disk Management. The Disk Management dialog box opens. In the right pane right-click the eToken PRO Anywhere CD partition, and then click Change drive letter and paths. Assign an available letter to the CD partition.
Signature Verification Error

The Secured Certification Authority (CA) trusted digital certification is required for eTLauncher functionality with same CA sign on as the eTLauncher RSA public key. The launcher verifies the bundle signature using stored RSA public key (that corresponding to the key that singed on the bundle). To pass this verification, the CA certificate that issued the RSA sign key (the same key chose in the ETPA configuration tool) must be listed in the trusted CA certificate store. If the CA certificate that issued the RSA sign key is not listed in the trusted CA certificate store the bundle signature verification will be fail with a download error (while a proper verify error will be include in the launcher log file).
98

Etoken Anywhere 8.1 Admin Guide Rev A

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Etoken Anywhere 8.1 Admin Guide Rev A

Uploaded by

Copyright:

Available Formats

eToken Pro Anywhere

Version 8.1 Revision A

Chapter 2: Anywhere Operational Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Working with eToken PRO Anywhere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Chapter 3: eToken PRO Anywhere Token Preparation . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 4: Installing and Configuring Anywhere Application . . . . . . . . . . . . . . . . . . 22

Chapter 5: Preparing and Working with the Token . . . . . . . . . . . . . . . . . . . . . . . . 58

Chapter 6: Configuring eToken Pro Anywhere Extended . . . . . . . . . . . . . . . . . . . . 87

Displaying eToken PRO Anywhere Extended Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

ISA 2006 (Installed on 2003 Server) Proxy settings

Basic Authentication Integrated

Client (32 and 64 bit for all platforms)

eToken PRO Anywhere SafeNet eToken 5200 SafeNet eToken 5205

Anywhere Operational Overview

Using the eToken Process

Working with eToken PRO Anywhere

eToken PRO Anywhere Token Preparation

Initialize the Token

. The Advanced mode is displayed

For entering passwords, to enhance security it is recommended to ensure the following:

Enroll Certificates to the Token

. The SAC Tool Advanced Mode window opens.

Installing and Configuring Anywhere Application

Step 1: Securing the Web Site

Configure SSL Client Authentication

Select the following:

Configure Proxy Port

ISA 2006 (Installed on 2003 Server) Proxy settings

Basic Authentication Integrated

Click LAN Settings. The LAN Setting dialog box opens.

Step 3: Install the eToken Anywhere Configuration Tool

Click Next. The Wizard Destination dialog box opens.

On completion the Installation Completion dialog box opens.

Step 4: Create the Bundle Profile

Under Anywhere Client Settings complete the following:

Displaying eToken PRO Anywhere Configuration Tool Information

Managing with Previous Version Profiles

Additional Configuration Options

The Anywhere Reg file contains the following registry configurations.

"PastAlertMessage"="Your token requires an update."

"AlertTitle"="SafeNet Authentication Client"

"HomeUrl"="SafeNet home URL"

Specifies the SafeNet home URL address. Values: (String)

Preparing and Working with the Token

Token Password Access

Preparing the eToken PRO Anywhere Device

Enter the relevant password, and then click OK.

Connect the eToken PRO Anywhere Device

Windows identifies and installs the new hardware token.

If the Autorun feature is not activated:

Using the eToken PRO Anywhere Device

displayed in the notification

Viewing a Different Configured Website

Select the website to open. The selected web site opens.

Setting Default URL

View Certificate Information

Unblock Token (Administrators)

Click Unblock Token. The Unlock Token: My Token window opens.

Change Token Password

Complete the following fields:

Click OK. The token password is changed on the token.

View Token Information

Click About. The About dialog box opens.