Skip to content

How To Use Accops HySecure Self Service Portal For Remote Users

Self Service Portal

Change and improvements are continuous processes. New user requirements arise as per their usages and environment. Every organisation is working on reducing IT operations costs with increase in efficiency. For many organisations Identity and Access management i.e IAM is big cost in all terms and hence every organisation is working on managing such task with the help of possible automation without compromising the security. In this regard password management for all of the corporate users who are authorised to use different resources is big task for corporates if done manually and its error prone and time consuming for more than one valued resource. This need to be automated for sure. So as per our esteemed customer's feedback we are in process of finalizing Self Service Portal for password management for HySecure secure remote access Gateway users.

Using the Self Service Portal, all the HySecure users who authenticate using Active Directory or LDAP will be able to manage their own password. As a solution we are proposing to integrate a new section on the HySecure portal, called Self Service Portal, where authenticated and authorized HySecure users can create their own profile which will help them reset or recover their own password. Using the newly added "forgot password" link on the HySecure login page, the user will be able to follow a wizard to authenticate via various mechanisms and reset their password without any intervention from the Administrator. HySecure administrator can control how strongly users have to authenticate with Self Service Portal and reset their passwords. The authentication mechanisms include PIN authentication,security questions, email & mobile no. verification and OTP sent to registered email ID or mobile phone.

Given below are the details of the feature and the UI.

Self Service Portal Admin Configuration

Self Service Portal is tied to the HySecure domain (realm) which will enable administrators to turn ON or OFF Self Service Portals for specification organization or group of users within the enterprise.

  1. Enable PIN
    PIN is a 4 digit password that user will set. The 4 digit PIN will be stored on the HySecure server database as part of user profile. When resetting the password, the user will have to enter the PIN to authenticate. User can update/change their PIN from the “Update Security Profile” section on the HySecure portal.

  2. Enable One Time Password Verification
    If selected, a One-Time-Password will be sent to user’s registered email ID or mobile phone. At the time of resetting the password, user will be send this OTP and user will have to feed in the OTP on the HySecure portal to complete the authentication for resetting their password.
    The registered email ID and phone number will be fetched from Active Directory server. Administrators have to ensure that email ID and/or mobile no. of the user are stored on the Active director server.
    If there is no email ID or phone number available in active directory, the email ID and phone number will be retrieved from the security profile of the user.

  3. Enable Email Verification.
    This verification involves only matching the email ID with the email ID stored on active directory server or the HySecure local database. When enabled with Active Directory, the email ID will be matched against the email ID of the user available in active directory in the user object. If administrator does not store such details, HySecure can verify the email ID against the email ID stored by end user in their security profile.

  4. Enable Email Verification.
    This verification involves only matching the email ID with the email ID stored on active directory server or the HySecure local database. When enabled with Active Directory, the email ID will be matched against the email ID of the user available in active directory in the user object. If administrator does not store such details, HySecure can verify the email ID against the email ID stored by end user in their security profile. No verification email is sent to user's email IDin this authentication option.

  5. Enable Phone No. Verification.
    This verification involves matching phone number with the phone number stored on active directory server or the HySecure local database. When enabled with Active Directory, the phone number entered by user during authentication will be matched against the phone number of the user available in active directory in the user object. If administrator does not store such details in active directory, HySecure gateway can verify the phone number against the phone number stored by end user in their security profile. No verification SMS/OTP is sent to user's phone number in this authentication option.

  6. Enable Security Question Verification.
    When selected, user will be able to configure 3 security questions and setup answers for these in their security profile. At time of resetting the password, theuser will have to feed in correct answers for the 3 questions selected by the end user.

User Profile Setup Page

End users can access the Self Service Portal after login into the HySecure portal,User must authenticate using standard authentication procedure on HySecure portal. Once authenticated, user can see the option to update their Security Profile under the "My Profile"tab on HySecure portal.
The controls on this page are controlled by the HySecure administrator. Based on the authentication parameters enabled by the administrator, the controls will be shown or hidden for user to fill in data.


##Forgot Password Users can now reset their password from the HySecure portal login page by accessing the "Forgot Password" link. Clicking this option will take them through a wizard where users will have to authenticate based on their security profile. User must select correct Organization or VPN Domain and then chose the option "Forgot Password"

Once the user authentication is completed, users will be able to reset their password on the same page

User enters the username. If the username is valid the wizard will move to the next screen.

User is now prompted to authenticate based on the security profile that the user had created on the Self Service Portal.

Only if all the details are correct, the user will be able to authenticate and get option to reset their password.

If any of the details are not matching with the stored security profile, the user will be shown message to enter correct detail, without revealing exactly which answer or input is incorrect.

If the all details provided by the user are correct, user is allowed to change their password. User can login now with the new password into HySecure.

Management and Auditing

Administrators will be able to support end users when they have problem updating their security profile. From a new screen on the HySecure management console, administrators will be able to see which users have completed their security profile. In case an end user has forgotten their PIN or details of their security profile and they are unable to reset their password on their own, the administrators will have to manually reset their password in the directory server. Administrator will also be able to reset the security profile of the end user.

All action by user and administrators will be logged in the admin logs.

Like whenever user requests password reset, updates security profile or all failed retries with forgetting password.

Additional Features

  1. Forced Enrolment:
    As its mandatory for end users to update their security profile for them to be able to reset their password on their own, there is a need to educate the end user to update their security profile upon first login. There will be an option for administrator to configure when the user should be prompted to create their security profile.
    a. Prompt user for enrolment on every login.
    b. Prompt the user but allow the user to skip the enrolment.
  2. Reset Password:
    From HySecure management page now administrator can rest active directory user password for enrolled self service portal profile.


Desktop Client Support

Users will be able to access the reset password option from all access modes including the desktop clients for Microsoft Windows, Linux, MAC OSX, iOS App and Android app. But in all cases, the user will have to go to the HySecure portal to create/update their security profile to reset their password.

The steps will be:

  1. After login, from the file menu of the desktop client or the landing page of the smart phone app, user can chose the option to create or update their security profile.
  2. Once user clicks of any of these options, a browser will open with HySecure server as the ULR. The landing page will have the VPN domain/organization and user name already populated.
  3. User will have to login into the HySecure portal and then create/update their profile.
  4. The "forgot password" option can be access from the login screen of the desktop client and the smart phone app.
  5. In case of "forgot password", the HySecure portal will show the wizard to reset the password.
  6. Once the security profile is created/update or password is reset, user will have to login again into the Desktop client or smart phone app.