Thales Safenet Trusted Access

Thales STA is a cloud-based Access-Management service combining MFA, SSO, policy, management into a single service. Validating identities, enforcing policies, applying smart SSO, organisations can ensure secure access to cloud/on-prem applications from one console. Applying pre-defined application/user based policies removes complexity and frustration while increasing security and user productivity.


  • Multi-factor Authentication - MFA/2FA - Widest variety of Token Options
  • Smart Single Sign On - SSO with context based adaptability
  • Application and user access event reporting
  • Application and user based policy creation - pre-defined integrations
  • Self-service user provisioning portal
  • Highly scalable cloud based licensing
  • Certificate based authentication option - PKI
  • Powerful reporting and real-time dashboards


  • Additional layer of security for all users prevents illegitimate access
  • Simplifies and enhances application access without compromising security
  • Improved compliance through visibility into access events
  • Increase user productivity and reduce IT resource pressures
  • Extend access secruity to all internal and external users
  • High assurance authentication to cloud and on-prem applications
  • Reduced IT fatigue with valid data and less noise


£16.30 a user

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 1 2 2 5 2 9 9 9 3 8 3 3 8 7


Telephone: 02083721000

Service scope

Software add-on or extension
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
SafeNet Trusted Access offers customers 5 9’s of uptime: 99.999% availability for access requests and 4 9’s of uptime: 99.99% for the SafeNet Trusted Access management console. Thales offers a Standard Support Plan (24 hours x 7 days a week) which is included in the subscription price. This warranty coverage includes options for the return or exchange of products (RMA Services) that do not perform as specified, and also provides certain access privileges to Gemalto Technical Support centers.
Support available to third parties

Onboarding and offboarding

Getting started
We offer training and professional services
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data is destroyed by Thales under GDPR guidelines
End-of-contract process
The service is terminated. Authenticators will continue to operate but there is no service for them to authenticate with

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Differences between the mobile and desktop service
Authenticator on pre-windows 10 does not support push notification
Service interface
User support accessibility
None or don’t know
Description of service interface
Browser based administration console
Accessibility standards
None or don’t know
Description of accessibility
End-user portals are designed to meet all WCAG 2.0 level AA guidelines that apply to the type of functions provided. MobilePASS+ for Windows supports keyboard navigation, Microsoft narrator, JAWS screen reading, high contrast themes and all colour contrasts and font sizes are easily readable.
Accessibility testing
What users can and can't do using the API
It can be used for the creation of authentication agents and management tasks
API documentation
API documentation formats
Open API (also known as Swagger)
API sandbox or test environment
Customisation available
Description of customisation
Whitelabeled service. Authentication token pin length and patterns can be adjusted.


Independence of resources
The service offered is isolated within a multi-tier and multi-tenanted infrastructure


Service usage metrics
Metrics types
Authentication success and failure. Token status and usage numbers.
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller (no extras)
Organisation whose services are being resold
Thales, Gemalto, Safenet

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Reports can be exported from the admin console
Data export formats
  • CSV
  • Other
Other data export formats
  • Tab Delimited
  • HTML
  • SysLog
  • Windows Event Viewer
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Port 443 HTTPS Agent
LDAP Sync - Dedicated TCP Port8456 - AES256
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Use Secure Communication Protocols (HTTPS, TLS)

Availability and resilience

Guaranteed availability
99.999% UK DC - 99.99% EU DC
Approach to resilience
Cannot release information
Outage reporting
Web based status page. Email, SMS, WebHook notifications and status updates. Post outage incident report

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
Full role based administration access
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication
Full role based administration access with authentication policies

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Information security policies and processes
As per ISO 27001 standards

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration and Change Management Board (CAB) model, as per SOC2 standards.
Thales maintains a formally documented Change Management policy and procedure that outline how changes to Thales cloud computing environments are controlled.
All proposed changes to production environments/applications are subject to this policy. No changes may be made to production environments/applications without approval from the Change Management Approvers group.
All changes are tested and signed-off by the tester and/or applicable business owner. Evidence of testing and the requisite approvals are attached to the change request ticket. Emergency changes follow a standard change management process following an expedited timeline.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Thales undergoes periodic application and network penetration testing by third parties. The assessment methodology includes structured review processes based on recognized “best-in-class” practices as defined by such methodologies as the ISECOM's Open Source Security Testing Methodology Manual (OSSTMM), the Open Web Application Security Project (OWASP), Web Application Security Consortium (WASC), and ISO 27001:2013 Information Security Standard
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
A third-party service provider scans the network externally and alerts the Thales Security Team regarding changes in the baseline configuration to increase audit levels. Additional levels of network traffic monitoring are conducted on a 24x7 basis across key points within the infrastructure and automated reports are delivered on a daily basis to the network administrator.

Monitoring logs exist to track activity in the key applications and firewalls. These logs are reviewed by Thales Cloud Services Operations (CSO) security team.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Thales implements a formal Incident Management Process with a dedicated Incident Response Team for Cloud Services. When an incident occurs, the defined incident management process is initiated by the team. Corrective actions are implemented in accordance to the defined policies and procedures. Customers are notified following a formalized Communication Policy.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
Connected networks
  • Public Services Network (PSN)
  • NHS Network (N3)
  • Health and Social Care Network (HSCN)

Social Value

Fighting climate change

Fighting climate change

In line with its values, its purpose of "building a future we can all trust", and its social responsibility strategy, Thales has been committed to a proactive and responsible approach to environmental protection for more than 15 years. This commitment, written into the Code of Ethics, is reflected in a Group-wide policy aimed at reducing the environmental impact and risks arising from its activities and products.
Since 2019 Thales has adopted a low-carbon strategy based on reducing direct emissions, eco-responsible offerings for our customers and contributing to a better understanding of climate phenomena.
Thales works to offer its customers innovative and eco-responsible functions and services that will enable them to reduce their own greenhouse gas emissions.
Thales’s resource management policy guides its efforts to preserve water, reduce its use of raw materials, produce less waste, recycle more, become a more energy-efficient business, and shrink its carbon footprint.
Equal opportunity

Equal opportunity

Thales is committed to creating a respectful, equitable, stimulating work environment, where creativity is encouraged, and where valuing each person's authentic self is a prerequisite for individual well-being and collective success. Trust within teams reflects the trust customers place in Thales.

Thales is committed to:
Accelerating the recruitment of women at every level of the organisation
Promoting women to higher levels of responsibility
Increasing the representation of women on management committees


£16.30 a user
Discount for educational organisations
Free trial available
Description of free trial
30 day trial for up to 10 users
Link to free trial
Unique portal created upon request

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.