KB003: Configure AD User Management Console Access
Article ID: KB003
Last Updated: June 21, 2025
Applies To: HySecure Gateway 7.1 and above
Category: User Management & Access Control
Overview
This guide explains how to grant HySecure Management Console access to Active Directory users. This feature eliminates the need for native certificate-based users and allows AD users to access the Management Console using any HTML5-supported browser from any device.
Prerequisites
- HySecure Gateway 7.1 or higher
- Active Directory integration is configured
- Security Officer or Administrator access to the HySecure Management Console
- Active Directory users available for role assignment
Available Roles
| Role | Description | Capabilities |
|---|---|---|
| Security Officer | Highest privilege level | Full system access and configuration |
| Administrator | High privilege level | System management, excluding Security Officer functions |
| L1 Support User | Support level access | Limited troubleshooting and monitoring |
| Monitor | Read-only access | View-only access to system status and logs |
Procedure
Step 1: Access Admin Users Configuration
-
Log in to Management Console
- Log in to the HySecure Management Console as a Security Officer or Administrator.
-
Navigate to Admin Users
-
Go to Users > Admin Users.
-
Click Add.
-
Step 2: Configure Role Assignment
-
Select Role
-
Choose one of the available roles:
-
Security Officer
-
Administrator
-
L1 Support User
-
Monitor
-
-
-
Configure Domain Settings
-
Select HySecure Domain.
-
Select Authorization Server (configured Active Directory).
-
-
Configure Internet Access (Optional)
- Check or uncheck Allow administration access from internet based on security requirements.
-
Complete Assignment
- Click Submit to save the configuration.
Step 3: User Authentication
After configuration, AD users can access the Management Console:
-
Browser Access
-
Open any HTML5-supported browser.
-
Navigate to the HySecure Management Console URL.
-
Use Active Directory credentials to log in.
-
-
No Certificate Required
-
No security certificate installation needed.
-
Direct authentication against Active Directory.
-
-
Client Based Login
-
Open the Workspace Windows Client.
-
Login with Client SSL certificate.
-
Enter the password.
-
Navigate to the HySecure Management Console as web application.
-
Important Notes
Access Restrictions
Who Can Grant Access:
-
Only native Security Officers and Administrators can grant console access.
-
Administrators cannot assign Security Officer role (higher privilege).
Configuration State Access:
-
AD users have access to Management Console even in Configuration State.
-
Low-security applications will not be visible during Configuration State.
Security Recommendations
Multi-Factor Authentication:
-
Enable MFA for all AD users with Management Console access.
-
Particularly important for high-privilege roles.
Regular Access Review:
-
Periodically review assigned roles and access levels.
-
Remove unnecessary access permissions.
-
Monitor console access logs.
Verification
After configuration:
-
Test AD User Login
-
Have AD user attempt console login.
-
Verify role-appropriate access levels.
-
Confirm functionality works as expected.
-
-
Verify Role Permissions
-
Test specific functions available to assigned role.
-
Ensure restrictions are properly enforced.
-
-
Check Access Logs
-
Monitor console access logs.
-
Verify successful authentication events.
-
Confirm no unauthorized access attempts.
-
Troubleshooting
Common Issues:
AD User Cannot Login:
-
Verify assigned role in Admin Users.
-
Verify Active Directory connectivity.
-
Check user account status in AD.
Role Permissions Not Working:
-
Check role assignment configuration.
-
Verify user is member of correct AD group.
Access Issues over Public Networks:
-
Check Allow administration access from internet setting.
-
Verify network connectivity and firewall rules.