General
What is SAASPASS?
SAASPASS is the only identity and access management tool you need to secure your corporate network or your own personal data, a comprehensive and frictionless solution fully-secured with dynamic passcodes and out-of-band multi-factor authentication. Whether logging into your work emails and company apps, accessing your personal online bank account, making purchases at online retailers, browsing social media, or even unlocking the door of your car, home, or hotel room, SAASPASS allows you to use your mobile or other enabled device to manage all your digital and physical access needs securely and conveniently.
Why do I need SAASPASS to secure my personal data?

Usernames and passwords are not very secure, but simply adding proper multi-factor authentication (MFA) to your most sensitive apps can reduce your likelihood of getting hacked by at least 80%. The problem, however, is that most MFA products add several time-consuming and inconvenient steps for the user. Also, simply using an MFA solution doesn’t necessarily mean you’re more secure, as some forms of MFA used by sites, are known to be less secure (such as text messaging based verification codes). In order to comprehensively secure your computer as well as your personal apps and services, on all your devices, multiple products must typically be cobbled together.

SAASPASS cuts through that complexity and is the only identity and access management tool you need to secure your personal data, a comprehensive and frictionless solution fully-secured with dynamic passcodes and out-of-band multi-factor authentication. With a single product, it allows you to use your mobile phone or other enabled device to manage all your digital and physical access needs securely and conveniently.

Why does my company need SAASPASS?

SAASPASS is the only identity and access management tool you need to secure your corporate network, a comprehensive and frictionless solution fully-secured with dynamic passcodes and out-of-band multi-factor authentication. Whether logging into your work emails and company apps, accessing your personal online bank account, making purchases at online retailers, browsing social media, or even unlocking the door of your car, home, or hotel room, SAASPASS allows you to use your mobile or other enabled device to manage all your digital and physical access needs securely and conveniently.

  • Replace hard tokens or repurpose existing tokens by integrating with SAASPASS
  • Replace ID cards, single sign-on products, and password managers with a single, easy-to-use solution
  • Secure every access point to your corporate network, personal data, physical door, or IoT device using out-of-band MFA with dynamic passcodes
  • Login to your Mac or PC, with full MFA, even when offline
  • Authenticate to cloud-based and on-premise apps securely and seamlessly
  • Eliminate password breaches and their impact on you or your organization
  • Eliminate the costs and risks of purchasing and managing security tokens and hardware
  • Eliminate the manual typing of passwords and the resources involved with password complexity rules and resets
  • Minimize admin resources by streamlining the provisioning and deprovisioning of employees and temporary partners to your active directory and corporate apps
  • Control and instantaneously manage network access by employees and partners

For more industry-specific information, check out our White Papers.

How does SAASPASS provide security?

SAASPASS secures organizations and individuals primarily by adding multi-factor authentication with dynamic passwords from the operating system level all the way down to individual apps and services, integrating seamlessly with both on-premise and cloud applications. Because cloud applications are accessible from many locations, authentication security is paramount. Most enterprise cloud platforms (like Google Apps and Salesforce) are accessible both inside and outside the office, and from a variety of different devices, leaving corporate network perimeters dramatically more extended and exposed than just a few years ago. With SAASPASS, users can authenticate to their corporate and personal apps and services securely and conveniently, without an easy-to-steal or guess static username and password, and regardless of their location or device.

Also, because SAASPASS offers the full-stack of identity and access management solutions in one product, it’s able to provide seamless and integrated security without the risk of security holes and cracks that result from stitching together different products. The usability and convenience inherent in such a comprehensive design also reduces circumventions. Other, intrusive or tedious security products, or combination of products, encourage employees and other individuals to find ways to evade security measures.

Why does SAASPASS use an orca in its logo?

In addition to being a beautiful and super cool marine mammal, the orca, also known as a “killer whale,” represents SAASPASS’ mission of “killing” the password.

Why is SAASPASS the superior solution?

In the marketplace of identity and access management (IAM) solutions, enterprises often cobble together two or more solutions in order to meet their needs, for example, pairing a single sign-on product with an MFA hard token. There are obviously extra resources involved with managing multiple solutions from different vendors, but just as important are the inevitable cracks and seams resulting from relying on a patchwork of products. Some of these fragmented solutions are less secure; others are simply less convenient. SAASPASS offers seamless security and greater convenience for less time and cost to you and your organization.

By providing a comprehensive and frictionless solution fully-secured with dynamic passwords and multifactor authentication, SAASPASS is the only IAM tool you need to secure your corporate network or your own personal data. However, its advantage is not simply in its range. SAASPASS has engineered each of its features to be independently second to none. Using out-of-band MFA with dynamic passwords, SAASPASS enables you to securely authenticate and login to your Mac or PC from your mobile phone or wearable device.

Other IAM products are typically designed for enterprise, while some are geared towards individuals. These two approaches are often viewed as separate or incompatible, the result being that individuals are frequently forced to use a different solution to secure their personal data at home as they do at work. SAASPASS takes a very different approach to IAM with its individual-oriented enterprise solution. SAASPASS understands that for an organization to be truly protected, its security perimeter must be extended to protect its employees, suppliers, and subcontractors--anyone with access to the corporate network. A password breach of an employee using Facebook, for example, on his or her personal computer in an airport or at a Starbucks, can provide just enough information for a hacker to gain access to that employee’s corporate network. SAASPASS extends the security perimeter without compromising the individual’s privacy. The SAASPASS ID serves as a key to the network, but it is owned by the individual, not the enterprise. When an employee changes jobs, he or she doesn’t get a new bank account or a new driver’s license, and yet, most likely both are required to operate as an employee. Employers don’t own an employee’s identity, and yet they are vulnerable if that employee’s identity is compromised. Personal and enterprise security are inextricably linked. Unlike other IAM products, SAASPASS has crafted its solution with this important reality in mind.

SAASPASS also distinguishes itself from others because of its unrelenting attitude towards passwords. Other products, particularly password managers and app authenticators, and even many single sign-on solutions, seem content to help users manage passwords or facilitate their use. SAASPASS does not accept the status quo and strives to replace passwords wherever and whenever possible. By continuously expanding our list of secure links to apps, SAASPASS will not stop until passwords are eradicated. Leave your mother’s maiden name and childhood pet back in the 20th century where they belong! It’s time to commit pass-ticide. Move beyond passwords with the only full-stack identity and access management solution.

What devices does SAASPASS support?

SAASPASS works seamlessly on iPhones, Android phones, Blackberry, and many feature phones. Over 350 Java MIDP2 enabled mobile phones have been tested and certified through our extensive internal quality assurance process, and we constantly test and certify new models as they become available.

SAASPASS works basically like a traditional lock and key system, where your “key” is your mobile phone or other SAASPASS-enabled device, and the “lock” can be a computer, a smart lock on your car or home, an IoT device, and so forth.

THE KEY:

SAASPASS can be installed and/or cloned onto any device that supports:
  • iOS (iPhone, iPad, Apple Watch, etc)
  • Android (Android phones, Android tablets, Android Wear Watches, Kindle Fire, or other Android devices)
  • BlackBerry
  • Feature Phones (any device that supports J2ME)
  • Tokens (key fobs, etc)

THE LOCK:

SAASPASS can be used to secure and authenticate to any device that supports:
  • Windows
  • Mac OS/OS X
  • Linux
  • Custom IoT OS, using our API (i.e. smart locks)
What is multi-factor authentication and how does SAASPASS deploy it?
When you authenticate your identity to a website, an app, or any kind of service or product that requires identification, you typically use a username and a password. This is the first layer, or “factor,” of authentication. Because hackers have countless ways of obtaining this information, usernames and passwords on their own are no longer considered secure. Adding a second or third “factor” to verify your identity is known as “two-factor authentication” or “multi-factor authentication” and makes it exponentially harder for hackers to access your accounts. The verifying factor can be something you know (a PIN), something you are (a fingerprint), or something you have (a key fob, ID card, or mobile device).

Multi-factor authentication (MFA) can drastically reduce the risk of hacks, but both the ease-of-use and the level of security provided by different MFA solutions vary widely across the spectrum. Sending and receiving dynamic passcodes by SMS, for example, as some MFA solutions do, should hardly be classified as MFA, as the message is highly vulnerable to interception in man-in-the-middle attacks. Also, passwords should be dynamic, so that even if acquired, they cannot be reused or sold. Only out-of-band MFA solutions with dynamic passwords, such as SAASPASS, offer the high levels of security associated with MFA.

As for convenience, typical MFA solutions require anywhere from 4 to 6 steps in order to securely sign in. SAASPASS can do the same in just a single step, with just a touch of a biometric sensor. SAASPASS provides strong and frictionless MFA through its mobile app and on a number of mobile platforms that include iPhones, iPads and Androids among others. The random number generated through the mobile app can be used to authenticate to any website, service, or device through either our Authenticator format or through custom integration using our RESTful APIs and SAML adapters to over 300 of the top SAAS products.

Why is SAASPASS’s multi-factor authentication superior to SMS-based solutions?
Typical SMS-based solutions involve sending one-time-passwords (OTPs) to a phone via SMS. A user then enters the transmitted password into an online site to authorize a transaction. These SMS messages are unencrypted, insecure, and can be susceptible to interception in what are known as man-in-the-middle hacks. SAASPASS uses an out-of-band multi-factor authentication (MFA) solution, with your device generating the code itself, with dynamic passcodes to provide higher levels of security.
What are dynamic passwords and how does SAASPASS use them?
Multi-factor authentication (MFA) using dynamic passcodes is possible on any SAASPASS-enabled mobile device. SAASPASS one-time passcode generation is offline and user-generated to provide out-of-band MFA. With a single touch, users can generate a one-time passcode to supplement static usernames and passwords with added security. The random passcode changes every 30 seconds and can be automatically populated to any website, service, or device through either our Authenticator format or through custom integration using our RESTful APIs and SAML Adapters to over 300 of the top SAAS products.

The one-time passcodes are generated by the SAASPASS app which is available on nearly every mobile device on the market today: iPhones, iPads, Android phones, Android tablets, Blackberrys, and Java ME feature phones.

What is single sign-on (SSO) and how does SAASPASS SSO work?
Single sign-on products are often used by organizations to secure links to cloud-based apps using a SAML or other protocol, eliminating the need for passwords. SAASPASS’s single sign-on console operates basically like a secure bookmarks folder for all your corporate applications, allowing you to sign-in and authenticate to any corporate app or service securely with a click of the mouse.
What is a password manager and how does the SAASPASS password manager work?
While single sign-on products are often used by organizations to secure links to cloud-based apps using a SAML protocol, eliminating the need for passwords, password management products typically just store and populate usernames and passwords into a browser. These are often used by individuals, rather than enterprises, as they are more about convenience than security. Through its Authenticator format, SAASPASS is able to integrate a 2FA security layer into its password management flow, providing the same level of convenience as other password managers, but with added security.

In cases where an app or service does not enable 2FA, SAASPASS still serves as a traditional password manager, authenticating to those apps automatically with just a stored username and password.

How does SAASPASS authenticate to apps for SAASPASS to App authentication?
With our API, developers can add secure sign in to their Apps, where SAASPASS offers the same convenience as logging into apps with Facebook or LinkedIn, but with the added security of dynamic passwords.
How does SAASPASS manage endpoint access?
Secure endpoint access management, which basically involves putting multi-factor authentication on physical stuff, to lock and unlock a computer for example, typically requires extra hardware such as smart card readers and usb key fobs. These must be purchased, managed, replaced, tracked, and are cumbersome to deactivate. SAASPASS can lock or unlock Macs, Windows, or Linux-based machines in a fully cross-platform manner with no additional hardware.
How does SAASPASS authenticate to Physical Access Control Systems (PACS)?
Offline capabilities are unique to SAASPASS. Other Endpoint Access Management and Multi-factor Authentication products typically only work when connected to the Internet, reverting to static credentials when offline, but because of its superior design, SAASPASS can be used to login or lockdown your Macs and PCs securely, using dynamic MFA, even while offline.

This capability is particularly important for authenticating securely to PACS. Many PACS that claim to be secure are only encompassing the security of encryption of the transport layer for the credentials, which for the most part still rely on static credentials opening them up to attacks. Building SAASPASS into your PACS using our RESTful APIs allows users to authenticate to your smart lock or PACS using dynamic passwords (always changing).

How does SAASPASS authenticate to Internet-of-Things (IoT) devices?
As the quality of IoT devices becomes increasingly associated with security, having superior features or a more aesthetic design for your product are no longer adequate competitive advantages. Security must also be a primary concern. Many IoT devices that claim to be secure are only encompassing the security of encryption, and almost 100% of IoT devices still rely on static credentials. Building SAASPASS into your device allows users to authenticate to the device using dynamic passwords (always changing), even when those devices are offline (i.e. during a power outage or an earthquake). In fact, our superior design gives us offline capabilities that are unique to SAASPASS, and these are particularly important to securing IoT devices. Build SAASPASS into your device using our APIs.
What are SAASPASS’s offline capabilities?
Offline capabilities are unique to SAASPASS. Other Endpoint Access Management and Multi-factor Authentication products only work when connected to the Internet, but because of its superior design, SAASPASS can be used to login or lockdown your Macs and PCs securely, using dynamic MFA, even while offline.

This capability is particularly important for securing IoT devices. Many IoT devices that claim to be secure are only encompassing the security of encryption, and almost 100% of IoT devices still rely on static credentials. Building SAASPASS into your device allows users to authenticate to the device using dynamic passwords (always changing), even when those devices are offline (i.e. during a power outage or an earthquake).

Is SAASPASS cloud-based?
Yes. SAASPASS is a cloud-based identity and access management solution. Simply download and install the SAASPASS application, and you’re done. There’s no hardware needed and no servers or other equipment to manage or maintain. You focus on your business while we focus on keeping you and your business protected in the most convenient and least intrusive way possible.
Does SAASPASS require hardware?
No, we believe software tokens to be easier to manage and deploy. Although we do have support for hard tokens, for those organizations that may need them. As technology evolves, SAASPASS will continue to evaluate how hardware improvements might be used to enhance security.
Can I use SAASPASS with other IAM solutions (i.e. Google Authenticator, YubiKey hard tokens, etc)?
Yes. SAASPASS can replace any and all combinations of IAM products, offering seamless, integrated, security in a single product. However, for a variety of reasons, some companies or individuals may choose to use a different product to integrate with SAASPASS for one part of their IAM stack. This can be done easily and effectively.
How does SAASPASS compare with hardware solutions (i.e. smart cards, key fobs, etc.)?
Hardware solutions like smart cards and key fobs must be purchased, managed, replaced, tracked, and cannot always be easily deactivated if they fall into the wrong hands. SAASPASS can lock or unlock Macs, Windows, or Linux-based machines in a fully cross-platform manner with no additional hardware.

A mobile device, which typically is in an owner’s possession at all times, can be considered a trusted device. The window of opportunity for a thief to commandeer a phone without notice is substantially smaller than stealing an ID badge or token --you realize your phone is gone long before you miss any key fob or card. This short period gives one the opportunity to take preventative action before any damage is done.

Can I pair multiple devices with one SAASPASS ID?
Yes, of course! Pair your smartphone, tablet, work computer and personal laptop with a single SAASPASS ID. Each time you add a new device, synchronize all the devices online.
What is my SAASPASS ID and how does it work?
The SAASPASS ID is owned by the individual, is unique to the individual, is portable, and can be used for both work and personal use. The same ID can even be used by a user employed at multiple companies. Because corporate and personal data operate in sandboxed silos, company admins can manage and configure user access to their own corporate network, but have no access to the employee’s personal apps and services, or another employer’s network. This allows a company to extend the security perimeter of their organization to the personal data of employees, without compromising their privacy.
Will SAASPASS prevent my personal or corporate data from being hacked?
If an attacker stands over your shoulder as you type your SAASPASS PIN into your mobile device, and that same attacker physically steals your device, then your personal data and corporate data are vulnerable. This is the same physical risk level you face everyday as you carry around your ATM card and the keys to your home and car. However, the risk is minimized in the case of SAASPASS, because you can quickly disable the stolen device through a number of different options (i.e. call your mobile service provider and disable your phone number or transfer to another device, disable your stolen device from a cloned SAASPASS device, etc.)

The greatest threat to your cybersecurity is not from a physical attack, but through a remote hack, and hacking is exponentially more difficult to do on a SAASPASS-enabled device. Compromised passwords and user credentials are the number one source of hacks, and SAASPASS virtually eliminates this risk through its design and layered use of proper out-of-band multi-factor authentication.

Can SAASPASS itself be hacked? How and why is it more secure?
No solution can guarantee 100% security from every kind of attack, and one should be wary of any solution making this claim. SAASPASS, however, does everything possible to be the most secure solution available on the market, and has been penetration-tested by numerous organizations. As an organization, SAASPASS employs security best-practices, including requiring that all employees use multi-factor authentication. Additionally, all critical systems operate behind relevant firewalls and deploy numerous other defensive measures against attacks.
What controls are in place to ensure the SAASPASS Recovery process is secure?
A critical weakness of many security products or features is often the recovery process. Recovery can create a backdoor that leaves the solution as a whole vulnerable to attack. SAASPASS has devised a number of measures to keep our recovery process from being the weak link in the chain. Some of these added precautions make the recovery process less convenient, but users can decide on their own what level of security they require. When a Recovery is initiated on a device, the SAASPASS account is always automatically deleted from all other devices. A recovery question can also be added, and a verification code delay can be applied. For the most concerned users, Recovery can be disabled completely, so that an account cannot be restored.
If my mobile device is the “key” to “unlock” my computer, then isn’t my mobile itself a weak link?
No. First of all, mobile devices are inherently more secure than desktop and laptop computers for several reasons. Mobile devices use “sandboxing” to separate and constrain apps from communicating with each other without explicit permission. It’s much more difficult to secretly install software on a mobile device, and even if malware finds its way into the mobile device, these isolated sandboxes can limit the spread and impact. Also, one can download software to a desktop computer from any website, but the apps typically downloaded and used on mobile devices are purchased through reputable stores (i.e. Apple Store, Google Play) which vet apps and require developer registration.

However, even though mobile devices have natural security advantages over computers, SAASPASS takes sandboxing and other security precautions even further through its use of out-of-band multi-factor authentication, encryption, and device management to alert you in case of unauthorized use of your SAASPASS ID. The connection from your mobile device to your cloud-based or on-premise apps is secure and encrypted, and uses multi-factor authentication with dynamic passwords, so there is no backdoor.

Also, even though the mobile device is the “key” that unlocks your computer or other device, you still must unlock the key itself through a PIN code or biometric fingerprint. This PIN code uses our own custom-built keyboard platform which can even be randomly scrambled at each use for extra security.

Can a hacker re-engineer a SAASPASS app to produce codes matching those in my app?
No. Each SAASPASS ID is unique and verifiable, so only an original SAASPASS application downloaded from an authorized app store (i.e. Apple Store, Google Play) can be paired with the SAASPASS system.
Can the SAASPASS control display be compromised?
As with any security system, reverse engineering and building modifications are difficult but not impossible. However, a modified version of SAASPASS is useless within the SAASPASS system, because it cannot be paired without the personalization data embedded in a legitimate version of the application.
How does SAASPASS protect the PIN you use to access the mobile app?
SAASPASS goes above and beyond conventional best-practice for PINs by using our own custom-built keyboard, rather than relying on integration using the keyboard APIs built for the device’s operating system, as all competing solutions do. This means that other apps downloaded onto your device cannot gain access then “listen in” to your PIN as it’s being typed into the keyboard. SAASPASS also has a “Scrambled Keypad” option which, when turned on, scrambles the keyboard randomly each time users are prompted to enter their PIN.
How does SAASPASS manage or store passwords, and what controls are in place?
By default nothing is stored on servers; however, activating features such as Recovery necessitates it. When you set up Recovery, your passwords are stored on SAASPASS servers, but they are fully encrypted, hashed, and salted in accordance with industry best-practice. Moreover, even in the unlikely event that hackers successfully ran a brute-force or dictionary attack on each hash in our database, the dynamic passcodes used to add a second layer of verification to your authentications are generated by your own device and change every 30 seconds. Without obtaining this second factor, breached usernames and passwords aren’t as useful to a hacker.
Does SAASPASS encrypt passwords?
Yes. When your passwords are stored on SAASPASS servers, they are fully encrypted, hashed, and salted in accordance with industry best-practice. Moreover, even in the unlikely event that hackers successfully ran a brute-force or dictionary attack on each hash in our database, the dynamic passcodes used to add a second layer of verification to your authentications are generated by your own device and change every 30 seconds. Without obtaining this second factor, breached usernames and passwords are useless to a hacker.
How does SAASPASS encrypt the data sent from the mobile device to the computer?
All communications between your mobile device and your computer and our servers is completely encrypted at industry-standard, including the Bluetooth offline communications.
Users
How do I install and setup SAASPASS?

Please check out our User page for clear instructions and tutorials.

Can I download SAASPASS onto more than one device?

Yes, of course! Pair your smartphone, tablet, work computer and personal laptop with a single SAASPASS ID. Each time you add a new device, synchronize all the devices online.

What if I don’t have a smartphone?

A smartphone is not required to run SAASPASS. The SAASPASS mobile app runs on any of the following devices:

  • iOS (iPhone, iPad, Apple Watch, etc)
  • Android (Android phones, Android tablets, Android Wear Watches, Kindle Fire, or other Android devices)
  • BlackBerry
  • Feature Phones (any device that supports J2ME)
  • Tokens (key fobs, etc)

Can I integrate my YubiKey or other hardware token with SAASPASS?

Yes. The SAASPASS admin console has detailed instructions for how your admin can pair a hard token with a SAASPASS ID.

What is the computer connector and do I need to download one?

The computer connector modifies login at the OS level to require a second factor of authentication--the dynamic passcode generated by your SAASPASS or other integrated token. Additionally, the computer connector comes integrated with a Single Sign-On agent and most necessary plug-ins for Proximity on Macs. Depending on your browser, however, you may still need to download a plug-in specific to your browser.

Does the computer connector have other languages?

No, but the app itself comes in numerous languages.

What are the browser extensions/plugins and do I need to download them?

The browser will prompt you to download an extension, if needed. This can be downloaded directly from the SAASPASS site, or through reputable stores such as the Firefox or Chrome extension stores.

What are the patches and do I need to download them?

If you’ve just downloaded SAASPASS, and you have El Capitan or Mac OS 10, there is no need to download patches. The downloadable patches are for users with older versions of SAASPASS and older versions of the Mac OS.

I'm using Google Authenticator but I want to transfer all my accounts to SAASPASS. How can I do the switching and migration?

The auto-pairing is intended to work when you don't have 2FA active on your account to begin with. If you already have it, via Google Authenticator, you would first need to turn it off. Then, add it again, saying you will use an Authenticator app. But instead of using the Google Authenticator app, you would scan the pairing code with your SAASPASS app, type in the pairing code, back into the service you are using, and you'll be done. If you want to use SAASPASS's single sign-on capabilities, you would also need to save your password under that authenticator in the SAASPASS app. SAASPASS would essentially replace your Google Authenticator app. SAASPASS has a number of security and usability advantages over the Google Authenticator, including that the seed is encrypted and protected by your PIN entry or Touch ID. Also, you are able to clone it if you want onto other devices such as a backup phone, a tablet/iPad etc... as well as the ability to turn on Recovery should you wish.

My SAASPASS isn’t allowing me to login, what can I do?

If your computer won’t accept your OTP code, first make sure the clock in your computer is in sync with the one on your mobile device. If necessary, change the time on your phone to be synchronized with the computer.

If that doesn’t work, try restarting your computer. Automatic computer updates can sometimes cause the computer’s username and password to be rejected until the computer is restarted.

If SAASPASS will still not let you log in, please contact our support team.

Can I log in to my computer with SAASPASS if I have no internet connection?

Yes. Users can login manually or through the Proximity Feature, with full dynamic MFA, even when offline.

After updating the SAASPASS mobile app, why does the app say it’s updating when I launch it?

This is a security measure. When SAASPASS senses it has been updated, it connects to SAASPASS servers to verify that the app update was an official update.

I just ran updates on my computer and now I cannot log in with SAASPASS?

After your computer runs updates, occasionally you must power off your computer completely, then restart. If you are still locked out, please contact our support team.

I changed the password to my computer and now I cannot login with SAASPASS?

When you change the login password to your computer, you must also change it in the mobile app. Click on the computer in the Computer Login section of the mobile app and enter in the new password.

I’m locked out of my Mac. What do I do?

After your Mac runs updates, occasionally you must power off your computer completely, then restart. If you are still locked out, please contact our support team.

How do I login to SAASPASS with a Pattern/Fingerprint/Touch ID?

In the mobile app under Settings, select PIN Settings. In the menu, turn on the method you would like to enable.

What is proximity login and what does it require?

The Proximity Login feature enables users to authenticate and unlock their personal laptops and desktops, or firm laptops and desktops controlled with active directory--using dynamic multi-factor authentication--simply by being in close proximity to their computer. The feature works using location-based iBeacon Bluetooth Low Energy (BLE) technology, and it requires a downloadable plug-in which is included when you download the computer connector for Macs.

Pair, unpair, and manage devices with your SAASPASS mobile app, Proximity-based authentication works on Bluetooth-capable devices and uses the Bluetooth low-energy format, so SAASPASS Proximity is extremely battery-efficient, and does not require an Internet connection. Most mobile Apple devices (iPhone 4S onwards) and most Apple Macs (2011/2012 onwards) support BLE and the list of supported platforms is increasing every day.

Do I need to pair my phone to use the proximity login feature?

Yes. To customize your pairing settings for the Proximity Login feature, go to Settings in the mobile app under Settings, and select Proximity. Choose your preferences from this menu.

How do I get my proximity login feature to function properly?

In the mobile app under Settings, select Proximity. Customize your preferences in this menu.

How do I get my barcode (QR code) scan to load and function properly?

Your computer must have an Internet connection to use the barcode scan login feature. Without a proper Internet connection, the QR code will not load and display properly. If you do have an internet connection, but it’s still not showing a QR code, then it means a firewall or other network configuration is blocking one of the Ports needed by SAASPASS.

Scan barcode is available on iPhones, Android phones and Blackberry 10 phones. Scan barcode is also available on most iPads, and Android tablets.

What is Remote Login and how do I get it to function properly?

The Remote Login feature works through an Internet connection, turning your mobile device into a remote secure key that can unlock and launch devices and applications using dynamic multi-factor authentication.

What is Push Login?

Similar to the Remote Login feature, the Push Login feature allows users to login to apps with the push of a button. However, while Remote Login works on devices paired with a user’s SAASPASS ID, Push Login requires no plug-ins or any other downloads, so it can be useful for login to a public or shared computer.

How do I log in manually?

After typing in your computer login and password manually, enter in the dynamic passcode listed in your mobile app for the select computer. This can be done even without an Internet connection.

How do I set up password manager?

While single sign-on products are often used by organizations to secure links to cloud-based apps using a SAML protocol, eliminating the need for passwords, password management products typically just store and populate usernames and passwords into a browser. These are often used by individuals, rather than enterprises, as they are more about convenience than security. Through its Authenticator format, SAASPASS is able to integrate a 2FA security layer into its password management flow, providing the same level of convenience as other password managers, but with added security.

In cases where an app or service does not enable 2FA, SAASPASS still serves as a traditional password manager, authenticating to those apps automatically with your stored username and password.

When a browser prompts me to “save my password,” do I need to click “yes” in order for my SAASPASS password manager to function properly?

No. If you click “save my password” when prompted, you are telling the browser to save a password, but if you have already set up SAASPASS password manager, then the passwords are securely saved in your SAASPASS account, and don’t need to be saved in the browser, which is at times one of the stores of information most easily exploited by attackers.

How do I authenticate to an app?

In the Authenticator section of the mobile app, click on the “+” for a number of app integration options. If you select “Choose Authenticator,” you can select from our hundreds of supported applications and integrate automatically using the ready code we have created.

If you are currently using Google Authenticator (or another Standalone Authenticator), in order to transfer your authenticated apps, you should first turn Google Authenticator off. Then, add it again, this time opting to use an Authenticator app. However, instead of using the Google Authenticator app, scan the barcode with your SAASPASS app, type in the pairing code, and you'll be done. To use SAASPASS' single sign-on capabilities, you will also need to save your password under that email address in the SAASPASS mobile app. SAASPASS would essentially replace your Google Authenticator app.

SAASPASS has a number of security and usability advantages over the Google Authenticator, including that the seed is encrypted and protected by your PIN entry or Touch ID. Also, you are able to clone it if you want to onto other devices such as a backup phone, a tablet/iPad etc... as well as the ability to turn on Recovery should you wish.

How do I authenticate to an app that is not on this list?

We currently support hundreds of applications listed here. If we do not currently support an app that is under your own control, please see our Developers site for instructions on how to add your app. If you are unable to add, or if you’d like to authenticate to a third-party application that we do not currently support, please contact our support team.

What if an app does not allow two-factor authentication?

If an app or service does not allow two-factor authentication, you can still use SAASPASS as a password manager for your convenience. When you click on that app, your username and password will be automatically populated for convenient sign-in, but for that app, you will not have the added security of multi-factor authentication. If you’d like to authenticate to a third-party application that we do not currently support, please contact our support team.

How do I erase an authenticated app?

In the mobile app, under Settings, select “Erase My Data.” Click “Continue” and you will be asked to authenticate again as an added security measure. Next, select the apps you wish to erase. Never erase an App if you still have authentication with 2FA / MFA turned on for that app, as you will be unable to login without the code.

How can I change the order of my menu in my SAASPASS app?

In the mobile app, under Settings, select “Custom Menu Layout.” From there, you will be able to rearrange your menu as desired.

What is the “Scrambled Keypad” in the PIN settings?

The Scrambled Keypad randomly changes the order of the keypad when turned on, to add additional security to the PIN on your mobile app so that people in your vicinity won’t be able to guess your PIN based on where on the screen they see you touching.

Can I use SAASPASS for Apple’s 2FA, as well?

No. Apple currently doesn’t allow any third-party 2FA / MFA.

Can I use SAASPASS to authenticate to a door (or other product)?

Yes. If our SAASPASS APIs are used to integrate a smart lock or other device, you can “lock” or “unlock” a door or item from your mobile device just as you would a computer.

What is the “Locker” and how do I use it?

The Locker feature allows users to store important and sensitive information (i.e. passport numbers, credit card or bank account information) in an encrypted, sandboxed vault on their device. Only the user can access his Locker. Users can opt to turn on synchronization between devices, which enables the information in the Locker to be accessed and synchronized on any of his cloned devices, and for the information to be restored in the event of a SAASPASS recovery.

In the mobile app, what is the difference between “Open in Browser” and “Open in App”?

In “Open in App” on the mobile device, a user signs into a service through a browser built into the SAASPASS app, at which point the username, password, and dynamic one-time-password are automatically populated.

In “Open in Browser,” the user must manually enter in his or her username and password for that app, then press “paste” when prompted for the dynamic code (SAASPASS automatically copies the relevant dynamic code to the user’s clipboard). Because of the manual entry, the In-Browser function is slightly less convenient that the In-App function, but in some cases, depending on the app, it can provide the user with a better interface.

I work for two companies that both use SAASPASS. Can I add (or be added) to a second company account?

Yes. Your SAASPASS ID belongs to you and is portable. It can be linked to multiple companies. The admins at each company have zero access to anything in your SAASPASS app except for the specific corporate apps and services in their network to which they configured you.

What happens to my SAASPASS account if I leave my company?

When you are deprovisioned from a corporate network, you lose access to all the corporate apps and services, and these instantly disappear from your mobile app. Your personal apps and services remain, as well as any corporate apps from other employers you may have.

What is Device Management and how does it work?

In Device Management, under Settings in the mobile app, you can view all your SAASPASS-enabled devices, and delete any as needed.

My phone is broken, lost, or stolen. What do I do?

If you set up recovery options before your phone was disabled, lost, or stolen, then you can now initiate a recovery. When you download the app on your new phone, and run a recovery, your SAASPASS account will automatically clear from your original device. Here are detailed instructions: https://www.saaspass.com/how-to-recover-saaspass-id-account.html If you have not previously set up the recovery options, and you have not cloned your SAASPASS ID onto another device, you must now set up a new account.

How do I remove or disable a SAASPASS-enabled device?

To remove or disable a SAASPASS-enabled device, go to Settings in the mobile app. Under Device Management, you can view all your SAASPASS-enabled devices, and delete if needed. Also, if you download the app onto a device, and run a recovery, your SAASPASS account will automatically clear from all other devices.

I just got a new phone or device. How do I transfer my existing SAASPASS account?

When you download the app on your new phone, and run a recovery, your SAASPASS account will automatically clear from your original device. If you prefer to keep your old phone, and want your SAASPASS app to remain enabled on it, then you can clone your SAASPASS ID from the original device onto the new device. This will enable you to use SAASPASS on both devices.

What is cloning and how does it work?

Clone your SAASPASS ID onto two or more devices in a fully cross-platform manner, from an iPhone to an Android, for example. Cloning allows you to backup your SAASPASS ID without resorting to a SMS-based Recovery and security questions. If desired, you can permanently turn off Recovery and use only a Cloned SAASPASS device to restore your ID to other devices.

To clone your SAASPASS ID, go to Settings in the mobile app of your original device, select “Clone SAASPASS ID,” then enter your PIN. A cloning code will be generated as well as a barcode that can be scanned. Download the SAASPASS app onto the target device, and choose the Cloning option at the bottom right after activating it. Next, use the new device to scan the cloning code on your original device, or manually enter the code.

Why should I consider cloning my SAASPASS ID onto another device?

Cloning to a second or third device can add convenience in case your original device is lost, stolen, or disabled. In this case, there would be no need to initiate a SAASPASS Recovery; the original device can simply be removed through the Device Management menu.

Also, the cloned device can serve as a convenient and immediate backup in case the original device has no power or is temporarily disabled.

Can someone clone my SAASPASS ID onto their device without me knowing?

No. For someone to clone your device, they would need full possession of your original device, and they would need to know your PIN to access the SAASPASS app within that device. Even in the unlikely event that someone was able to obtain access this way, without your knowledge, and then clone your ID to their own device, that new device would appear in your Device Management console.

Can I use or clone to a device that doesn’t have an associated phone number, like an iPad?

Yes. You can always use or clone to a device that doesn’t have an associated phone number, but if it’s your only SAASPASS-enabled device, you will not have recovery capabilities if you lose that device.

Are there any weaknesses in the cloning process?

The risks of having your SAASPASS ID cloned to more than one device, are not too different to having more than one key to your house door. The chances of a key being lost potentially increase, but unlike a key which can be used by anyone if found, the SAASPASS app can’t be used unless the finder already knows the correct PIN. Additionally from the device management menu, one can always deactivate any cloned devices that go missing, thereby limiting risks significantly.

What is SAASPASS Recovery and how do I initiate it?

Recovery enables you to restore your SAASPASS account onto a new device. In order to be able to initiate a Recovery, you must set up Recovery options before your mobile device was disabled, lost, or stolen. Here are detailed instructions:

https://www.saaspass.com/how-to-recover-saaspass-id-account.html

What happens when I do recovery?

When you initiate a Recovery, your SAASPASS account will only be restored on the mobile device on which you are running the Recovery. Every other SAASPASS mobile app associated with your SAASPASS ID immediately clears and resets on any device on which it is installed or cloned.

How and why should I set up my recovery when I initially set up SAASPASS?

When you first install SAASPASS, you should set up Recovery in the event that your mobile device is lost, disabled, or stolen. Here are detailed instructions: https://www.saaspass.com/how-to-setup-secure-recovery-two-factor-authentication-2fa.html

If someone obtains unauthorized access to my phone number, can they steal my SAASPASS ID?

If someone is able to hijack your phone number (not your phone), so that calls and SMS messages to you are redirected to their device, theoretically, the SMS verification code would then be sent to them if they initiated SAASPASS Recovery from their device. With that code, they could Recover your SAASPASS account to their device. As extremely unlikely as this is, SAASPASS offers protective measures against this scenario:

  • 1. Setting up a Recovery question requires the phone number thief to answer the question before receiving the verification code.
  • 2. Adding a delay to the verification code creates a, say, 20-hour window before the verification code is sent, during which your SAASPASS account is frozen and you can contact your mobile service provider to alert them that your number has been stolen.
  • 3. Recovery can be disabled completely, so that there is no way to restore your account to any other device.

I have initiated SAASPASS Recovery, but I have not received a verification code?

If you have not received a verification code after initiating SAASPASS Recovery, most likely you either did not set up Recovery when you installed the app, or you set a verification code delay. If neither of these has occurred, please contact both your mobile service provider and also our support team.

During Recovery, isn’t the verification code (sent by SMS) vulnerable to interception?

To minimize the risk of interception when your verification code is sent by SMS during SAASPASS Recovery, SAASPASS has the following security controls:

  • The verification code is a dynamic one-time password, so once you use it, it is no longer valid, even if it’s intercepted.
  • The verification code delay option freezes the account for the duration of the delay and allows you the ability to contact your mobile service provider in the event your mobile device or phone number is stolen.
  • Cloning a device enables you to use the cloned device in the event of a disabled, stolen, or lost device, so that SAASPASS Recovery is unnecessary.
  • Recovery can be disabled completely.

Can I add additional security to the Recovery process?

To add additional security to the Recovery process, go to the Settings icon in the top right corner of the mobile app. Under Settings, click on Recovery, then Advanced Settings. There are several options available:

  • 1. You can setup a delay between when you initiate Recovery and when you receive the verification code. In other words, if you lose your phone, and initiate the recovery process, the verification code will not be sent to your number for the duration of the time period you set (i.e. 20 hours) to give you time to cancel your lost or stolen device and set up your mobile number on a new device through your mobile service provider.
  • 2. You can add your own custom recovery question and answer (a customized security question).
  • 3. Also, if extreme protection is required, recovery options can be disabled completely, meaning there will be no way to recover your account if your phone is lost, broken or stolen (unless you have cloned your SAASPASS ID onto another device). Disabling Recovery is an irrevocable action, so SAASPASS recommends that users maintain an active Recovery option.
How do I delete and uninstall my SAASPASS account?

First, remove the application from your computer. To remove from Windows machines, run the Windows uninstaller. For Macs, run the “SAASPASSremove” program which you can find by using the Mac’s built in search. Next, delete the application from your SAASPASS-enabled mobile or other device(s). If you’ve set up recovery, you will still be able to restore your account. To permanently delete your SAASPASS account, you must go to Recovery in the mobile app and select “Remove” under the Active Recovery Option.

Can I restore my deleted SAASPASS account?

If you’ve set up recovery, then you can restore your account. Otherwise, you must set up a new account.

Developers
How do I install and setup SAASPASS for developers?
Please check out our our Developer page for clear instructions and tutorials.
Do I need authorization from SAASPASS to begin?
No. All of the tools you need to build SAASPASS into your app or device are available online through this site. Check out our Developer page for clear instructions, downloads, and tutorials on how to get started.
How do I build SAASPASS security into the app I’ve developed?
Build SAASPASS into your app using our RESTful APIs, as well as ready codebase in a number of languages. Further information can be found at https://developer.saaspass.com
Why should I build SAASPASS into my IoT device?
As the quality of IoT devices becomes increasingly associated with security, having superior features or a more aesthetic design for your product are no longer adequate competitive advantages. Security must also be a primary concern. Many IoT devices that claim to be secure are only encompassing the security of encryption, and almost 100% of IoT devices still rely on static credentials. Building SAASPASS into your device allows users to authenticate to the device using dynamic passwords (always changing), even when those devices are offline (i.e. during a power outage or an earthquake). In fact, our superior design gives us offline capabilities that are unique to SAASPASS, and these are particularly important to securing IoT devices.
How do I build SAASPASS into my IoT device?
Build SAASPASS into your IoT device using our RESTful APIs.
Can I integrate SAASPASS for my web login using other coding languages?
We’ve provided ready code in a number of different languages for you to use; however, if we don’t have ready code in your preferred coding language, you can use our API documentation for guidance on how to build and integrate SAASPASS into your web application. Of course our support is also available to help guide you if necessary too.
Admins
How do I install SAASPASS for admins?
Please check out our our Admin page for clear instructions and tutorials.
Do I need authorization from SAASPASS to begin?
No. All of the tools you need to register and implement SAASPASS at your organization are available online through this site. Check out our Admin page for clear instructions, downloads, and tutorials on how to get started.
Does SAASPASS have a trial version of the product?
SAASPASS is free for companies for the first 4 months. If your company is not satisfied, there is no obligation to purchase after that period. Also, smaller companies (under 150 users) can continue to use SAASPASS for free.
How do I register a company with SAASPASS?
In the upper right hand corner of the screen, choose ‘LOGIN’. From here choose ‘REGISTER A COMPANY’ to setup your firm. You must register with the email address that is to be your first admin, and your corporate domain is derived from the email address.

Check out our Admin page for clear instructions, downloads, and tutorials on how to get started.

Why has my corporate registration initiation failed?
In order to register a company, you must sign up using an email address from your corporate domain. Using free email service addresses such as Gmail, Yahoo, Outlook, AOL, or Yandex will prompt an error message reading “Invalid email address format.”

If you’ve received an “Existing domain” error message, then you or someone from your company has already registered using an address from that domain. Please make sure that you’ve downloaded the SAASPASS app and that you’ve verified the email that you receive. It may have gone to your spam folder. If you are the admin for your domain, please email our support team, in this case, so that we guide you on how to complete registration.

How much access does SAASPASS have to my company’s data?
Only your SAASPASS-enabled mobile device(s) can access your data, and your SAASPASS PIN is never known to us and never leaves your device. We have access to the interface between your system and other apps, but not what’s in your system. We act only as a gatekeeper, enforcing multi-factor authentication on users.
How is SAASPASS different from a VPN?
A VPN is useful, but can be anachronistic given the evolving structure of companies. When companies used to run everything on-premise (all of their servers, software, etc), then providing users with a secure digital “tunnel” into their corporate “castle” made sense. Now, as organizations increasingly use cloud-based servers and software-as-a-service (SaaS) applications, and as employees increasingly use their devices for both work and their personal needs, the single, enclosed network no longer exists. Networks have become decentralized. SAASPASS is the next generation VPN, protecting resources by identifying, authenticating, and protecting the individuals who access those resources at every gate.
What is SAASPASS Web SSO?
SAASPASS Web SSO allows users to access their corporate apps and services securely and conveniently from any public or shared computer without any downloads, plugins, or extensions. Simply open a web browser, go to your company’s portal, or to www.saaspass.com, then login by scanning the barcode displayed on the screen with your mobile app. Your emails and all of your corporate apps and services can now be accessed securely with a single click through the SSO console.
How can I use a public computer securely with SAASPASS Web SSO?
On your personal or work computer, you’ve downloaded the SAASPASS browser plug-in and extensions. A public or shared computer is unlikely to have these SAASPASS downloads, so proximity login will not work on the computer, and the single sign-on console will not be displayed in your computer’s finder. Instead, simply open a web browser, go to your company’s portal, or to www.saaspass.com, then login by scanning the barcode displayed on the screen with your mobile app. Your emails and all of your corporate apps and services can now be accessed securely with a single click through the SSO console.

When you finish using the public computer, logout and clear the browser for added protection. You’ve just accessed all your corporate apps without ever typing any passwords into the computer. Now you’ll leave without a trace.

Can I manage the admin functions from my mobile device?
Yes. In Settings on the mobile app, go to “Login to SAASPASS Web.” This is basically a secure link to the Admin Console. From here, you can switch to Enterprise mode and securely carry out all of the functions as your company’s admin.
How does SAASPASS integrate with my company?
The SAASPASS integration calls commands with a simple REST API. SAASPASS can be integrated into custom apps with a few simple lines of code or integrated into public products like Google Apps or Salesforce in a few steps. This simple portability eases integration everywhere without diminishing the strength of SAASPASS.
How do I integrate SAASPASS with my company apps?
In the Admin portal, under Applications, specific info is listed under each app. If the app is not shown, please email our support team.
How easy is it to integrate SAASPASS with my firm’s Google Apps?
It is incredibly easy and requires no coding to secure Google Apps with SAASPASS. The whole process takes less than five minutes and a screencast of step-by-step instructions is available.
Can SAASPASS integrate with my company’s on-premise apps?
Yes. For specific help with integrating on-premise apps, please email our support team.
How does SAASPASS allow admins to configure access to corporate networks?
Admins can select the applications and services to which they want to enable a single sign-on connection. Also, access to these apps and services can be configured for each individual employer or user.
Are there privacy issues involved with asking my employees to use their own personal mobile device to access the company’s network?
No. The SAASPASS app and associated ID is owned by the individual, is unique to the individual, is portable, and can be used for both work and personal use. The same ID can even be used by a user employed at multiple companies. Because corporate and personal data operate in sandboxed silos, company admins can manage and configure user access to their own corporate network, but have no access to the employee’s personal apps and services, or another employer’s network. This allows a company to extend the security perimeter of their organization to the personal data of employees, without compromising their privacy.
Are there security issues involved with asking my employees to use their own personal mobile device to access the company’s network?
Not really. Even though the SAASPASS app and associated ID is owned by the individual, is unique to the individual, is portable, and can be used for both work and personal use, any work credentials on it are fully controlled and instantly revocable by that company’s admin. SAASPASS has additional security measures incorporated into it, such as how the PIN operates on a zero knowledge basis, the ability to use biometrics, support for pattern unlock and scrambled keypad which all make it harder for even a compromised mobile device to be misused. Because corporate and personal data operate in sandboxed silos, company admins can manage and configure user access to their own corporate network, but have no access to the employee’s personal apps and services, or another employer’s network. This allows a company to extend the security perimeter of their organization to the personal data of employees, without compromising their privacy, thus even potentially increasing their organizational security.
Are there convenience issues involved with asking my employees to use their own personal mobile device to access the company’s network?
No. The opposite is true. Employees are going to carry, protect, and maintain their personal mobile device regardless of any security tools or methods your company implements. Why ask them to carry and keep track of an extra piece of hardware (i.e. an ID card, a key chain fob, or hard token) that must also be guarded and managed? For most users, being able to use a mobile device they already carry in their purse or pocket is more convenient.
What if my employee doesn’t want to use their personal mobile device?
Tokens can be ordered and issued to employees who prefer to use them.
Why is using a personal device preferable to using a token?

SAASPASS can provide and support hard tokens, but we encourage companies to use soft tokens (mobile app). Using the mobile device minimizes costs and resources to your company in terms of maintenance, replacement, inventory, etc.

Also, mobile devices are potentially more secure. Based on a recent study by Nottingham Trent University, the average person checks their phone 85 times a day. This translates to once every 11 minutes if the average person is assumed to sleep 8 hours, whereas hard tokens tend only to be checked when needed. This means it could be hours or even days before a user realizes a hard token is lost, versus minutes for a soft token. This time advantage exponentially increases security as it gives admins the ability to take action and cut out sooner the potential of an attack surface window.

Additionally, more features are available on the soft token. Hard tokens are generally issued to employees by the company, and they do not authenticate to the user’s personal apps and services, so users lose some of the portability and versatility advantages of the mobile app.

How much does SAASPASS charge for hard tokens?
SAASPASS charges a $15 (without PIN) or $20 (with PIN) one-time-fee for each SAASPASS hard token or $10 for integrating a third party token, plus the regular SAASPASS user license fee. See Pricing for the most up-to-date rates. The license fee for tokens is based on the SAASPASS ID linked to the token, not the individual, so if a company reissues a previous employee’s token to a new employee, this would only be priced as a single license.
Can my organization use a combination of hard tokens and mobile devices?
Yes.
What is the battery life of the hard tokens?
Approximately 3 years.
How do I add a new employee to SAASPASS?
When synchronized, your Active Directory (AD) automatically adds users to SAASPASS when you add them to AD. If you don’t use AD, or your AD is not synchronized, users can be added through the Admin Console under Groups & Users (either manually or via file upload). Users will need to download the SAASPASS app to their mobile device.
How do I add a new employee to SAASPASS when their user name differs from their email?
Instead of typing the user’s email address as the first step, use their user name instead. Next, in the second step, type the user’s SAASPASS ID, then add the user name to the computer login application.
How do I unblock an employee who’s done a recovery?
After a user initiates recovery, SAASPASS’ default setting is to automatically block the user from all corporate apps and services. To unblock the user, sign into the Admin Console, click on the Groups & Users tab, and click on button on the left-hand side marked “blocked users.” This link, which is not visible if there are no blocked users, will display all your blocked users. Click on the SAASPASS ID of the user that you want to unblock, then click “unblock user” when prompted.
How do I deprovision an employee?
In the Admin Console, under Groups & Users, all of your users are listed. After clicking on a user, a pop-up appears showing the services for which the selected user is provisioned. A button to delete the user is also displayed. When deleted, all services are deprovisioned for that user, and those services instantly disappear from the user’s mobile app.
How do I set up SAASPASS on Active Directory?
Set up the computer login application in the SAASPASS admin console and configure users for it. Next, roll out the SAASPASS package for install on your Macs and PCs. Make sure that all your users are already enrolled before you do the rollout, however, as all machines with SAASPASS will start enforcing 2FA the moment SAASPASS is installed on them (unless you create a configuration where some users are allowed to sign-in without SAASPASS, which is possible from the admin settings).
In setting up Active Directory, what if the client terminals run different OSs?
SAASPASS supports Windows, Mac OS, and Linux, and works in a cross-platform manner.
Does the depth of my Active Directory structure matter?
No.
In setting up Active Directory, what if some users are exempt from the default login name structure?
It doesn’t matter. All user names can be manually entered or synchronized with your AD.
In setting up Active Directory, do I handle roaming accounts (user details stored on remote storage) and local accounts differently?
No. Configuration is the same for all.
How do I import my Active Directory users into SAASPASS?
Import users automatically using the SAASPASS synchronization agent for AD. Users can also be entered manually, or through a CSV file upload.