Skip to content

Device ID

Device ID Access control - Overview

Device ID based Access Controls can be used to lock down access to HySecure from a desired set of machines, say corporate machines only. It supports the flexibility to allow one or specified number of machines per user from where s/he can log in.

Device ID based Authentication can be used for following purposes:

  1. Restrict users to login from corporate machines or tablets.

  2. Restrict users to login from one or specified no. of machines.

  3. Restrict user logins only from specific locations like branch offices of home offices.

  4. Restrict user logins from certain countries or locale.

  5. Detect real location of the user and restrict access if the user is using Internet proxy.

  6. Restrict user access from certain tablets.

Important Terms / Actions

Device ID

A device ID is a per device unique signature that is created by HySecure Gateway for each device that connects to it. The HySecure Portal and Client collects the hardware details of the user device and sends it to the Gateway. The Gateway then stores the information and registers the device if the policy is set to allow that.

A device ID can be formed using following parameters:

  1. IMEI (only for tables/smartphones with SIM card)
  2. Serial No. (only for tablets and smartphones)
  3. CPU ID
  4. Motherboard ID
  5. HDD ID
  6. MAC Addresses
  7. IP Addresses
  8. Default Gateway
  9. Regional Settings
  10. Locale
  11. Detected and Received WAN IP Address
  12. Device Type
  13. Browser ID
  14. Browser Type 15 And more..

Administrators can chose the above list and include in the device ID. Some of the parameters when included in the device signature, can effect user's mobility.

Device Registration Process

The registration process is completely automated. Device ID can be enabled based on user groups. So if a user logs in and device ID is enabled for any of the group this user belongs tothe device signature gets registered for the device, the user is using on the HySecure Gateway. If the administrator has setup "Auto approval" to On, the user can start working immediately. If "Auto approval" is Off, the user device is registered and user is denied access to the applications until the administrator reviews the registered device and approves the device for the user. If SMTP is configured on HySecure server then administrator will get email notification for device registration.

Manage Registered Devices

HySecure administrator can login into HySecure and review, approval, block or manage the device registrations.

Configuration Workflow

This section defines the workflow for creating a "Device ID" type of Access Control.

  1. Identify the User / User group for whom the Access Control needs to be made effective. The set of users will either be

    1. part of an Authorization Server associated with an Authentication Domain which is attached to a HySecure Domain OR

    2. part of a High / Low Security native User Group OR

    3. a High / Low Security native User

  2. Ensure that the Application Group containing the applications which are to be published, is created.

  3. Check the option "Enable collection of device fingerprint details from user device" from "Client Settings" under the "Advanced Settings" tab

  4. Create an Access Control of type "Device ID" and assign the User / User Groups, along with the Device ID parameters which need to be enforced for login to HySecure Gateway.

Device ID Preference

  1. If there are multiple Device ID based Access Controls, then the first matching Access Control will get applied.