Skip to content

New features in V5.4 SP6

Google Secure LDAP Service Support

In this release, support for Google Secure LDAP Service has been added. This feature will enable the Administrator to provide granular access control for Google Secure LDAP users.

Cloud Directory can be a cloud-based LDAP server for authentication, authorization, and directory searches using Secure LDAP. To ensure secure communication when integrating Secure LDAP with HySecure, a valid SSL certificate and private key from the Google Workspace LDAP service are utilized.

Note

Google LDAP Service does not support authentication over port 389.

How to integrate Google Secure LDAP with HySecure

Below are the steps to integrate Google Secure LDAP with the HySecure gateway:

  1. Log into Google Workspace and go to Apps > LDAP.

  2. Add LDAP client and download certificate and key file later to be imported into HySecure gateway. Refer to the representative screenshot of the SSL certificate and key obtained from the Google Workspace LDAP service.

    image-20240118191015602

  3. Enable Service for LDAP clients.

  4. Log into the HySecure Management console and go to Settings >Authentication > Authentication Servers.

  5. Add an LDAP server with server details shown in the below image, and upload the certificate and key file for the LDAP client imported from the Google Secure LDAP service. Refer to the representative screenshot of the Secure LDAP configuration with HySecure.

    image-20240118191148305

  6. Create required access controls and policies in the HySecure management console.

Email notifications for device approval status

In this latest release, a new functionality has been implemented to notify end users and administrators via email about the status of device approval. This feature ensures that the following events trigger email notifications:

  • Automatic approval of a device by the HySecure gateway

  • Automatic approval of a device by the MDM server

  • Automatic approval of a device by a third-party device approval service

  • Registration of a device with pending approval

    Note

    Email notifications will not be sent in the case of manual device approval by the administrator.

How to Setup Email Notification for Device Approval Status

Below are the steps to set up Email notifications for device approval status:

  1. Log in to the HySecure Management console and go to Policies > ACL.

  2. Create a Device ID Access control with the necessary parameters and activate the following options:

  3. On-Device Approval: Activate this option to receive email notifications for device auto-approval.

  4. On Device Pending: Activate this option to receive email notifications for device registration with pending approval.

  5. Notify User: Activate this option to notify users and administrators when a device is registered.

    image-20240118191627709

Early Notification for Idle Timeout

In the earlier HySecure gateway releases, the user would be logged out without warning due to idle timeout. However, there are instances where users prefer to be notified of the impending disconnection so that they can take appropriate measures to prevent being logged out.

Idle timeout occurs with no user activity or outbound traffic from the endpoint. The early notification timeout, configurable on the HySecure Gateway, applies to both scenarios. In the case of user inactivity, a warning notification is displayed, while for no outbound traffic, a dialog box appears, offering the option to extend the session or log out.

Note

The feature is available from HySecure Windows client 5.2.3.8695 onwards. It is not supported with Accops workspace clients and the HyLite Portal.

How to Configure Early Notification for Idle Timeout

Follow the below steps to configure early notification for Idle timeout:

  1. Log in to the HySecure Management console and go to Settings > Global > Server.

  2. Enable client heartbeat in CARTA Settings.

    image-20240118192045636

  3. Go to Policies > Client Profile > Client Configurations and enable “Early notification of idle timeout.”

  4. Notification time can be modified, as shown in the image below.

    image-20240118192058305

Syncing Service Alerts

In this release, improvements have been made to the existing alert system, and a new feature has been introduced to include alerts for syncing services. Administrators can now receive alerts if syncing services cease functioning, providing enhanced visibility and control over the syncing process.

The monitor daemon on each node periodically checks the status of the services. If any monitor daemon within the cluster detects a service stoppage, an email is generated and sent to the administrators configured in the Alert Manager. The monitor assesses the syncing status of InfoAgent, Filesync, and FesDBsync. If these three services are not running, an alert will be sent to the designated email addresses.

image-20240118192129975