Skip to content

Endpoint Security

Overview

HySecure provides a way to bind a User / User Group with an expected Device profile and allowing such users which match the Device profile to allow them to connect to the Gateway either from the HyLite Portal or from the NAtive Client, as per the configuration.

This binding is allowed through Endpoint Security based Access Control.

In order to bind a specific Device Profile, here are some preconditions:

  1. The EPS license should be applied

  2. The HySecure domain should have EPS enabled

Important

The Endpoint Security based Access Control is different from the Endpoint Protection based Access Control, which primarily helps in ensuring sanitization of the endpoint from any connections with devices other than the Gateway.

Also, the Endpoint Security based Access Control, unlike Endpoint Protection based Access Control, needs an EPS license for it to be effective.

Configuration Workflow

This section defines the workflow for creating an "Endpoint Security" type of Access Control.

  1. Identify the User / User group for whom the Access Control needs to be made effective. The set of users will either be

    1. part of an Authorization Server associated with an Authentication Domain which is attached to a HySecure Domain OR

    2. part of a High / Low Security native User Group OR

    3. a High / Low Security native User

  2. Select the Device Profile which should be matched for the selected User / User Group, when the user logs in to the selected HySecure domain of this Access Control policy.

  3. Configure the access through HyLite Portal and/or Native client, as appropriate.

  4. Configure the Access Control validity and the state.

Endpoint Security based Access Control Preference

  1. If there are multiple Endpoint Security based Access Controls, then they are matched in the order of configured priority of these policies.