Skip to content

Endpoint Security

Overview

HySecure provides a way to bind a User / User Group with an expected Device profile and allowing such users which match the Device profile to allow them to connect to the Gateway either from the HyLite Portal or from the NAtive Client, as per the configuration.

This binding is allowed through Endpoint Security based Access Control.

In order to bind a specific Device Profile, here are some preconditions:

  1. The EPS license should be applied

  2. The HySecure domain should have EPS enabled

Important

The Endpoint Security based Access Control is different from the Endpoint Protection based Access Control, which primarily helps in ensuring sanitization of the endpoint from any connections with devices other than the Gateway.

Also, the Endpoint Security based Access Control, unlike Endpoint Protection based Access Control, needs an EPS license for it to be effective.

Configuration Workflow

This section describes the workflow for creating an "Endpoint Security" type of Access Control.

  1. Identify the User / User group for whom the Access Control needs to be made implemented. The set of users will either be:

    1. part of an Authorization Server associated with an Authentication Domain which is attached to a HySecure Domain OR

    2. part of a High / Low Security native User Group OR

    3. a High / Low Security native User

  2. Select the Device Profile that should be matched to the selected User/User Group when the user logs in to the selected HySecure domain that fall under this Access Control policy.

  3. Configure the access through the HyLite Portal and/or Native client.

  4. Configure the validity and the state for this Access Control Policy.

Endpoint Security based Access Control Preferences

If multiple Endpoint Security based Access Controls are configured then they are matched in order of the configured priority of these policies.