KB011: Configure Geolocation-Based Login
Last Updated: July 22, 2025
Applies To: HySecure Gateway 7.1 Service Pack 1 and above
Category: Advanced Security & Access Control
Feature Status: Beta
Overview
This guide explains how to configure geolocation-based login support to control user access based on GPS location coordinates. This feature allows administrators to define allowed login zones using latitude and longitude coordinates with configurable radius, ensuring users can only access the system from predefined geographic areas.
Prerequisites
-
HySecure Gateway 7.1 Service Pack 1 or higher.
-
Security Officer or Administrator access to HySecure management console.
-
Windows Workspace Client (7.2.0.10xx) and above.
-
Android/iOS HyID Client for geolocation data transmission.
-
Active Directory environment with user attribute support.
Note
Contact Accops support: support@accops.com for backend configuration assistance.
Supported Authentication Methods
Geolocation-Based Login Modes:
-
QR Code Authentication: Login using QR code scanning.
-
Credential + Push Notification MFA: Traditional login with push notification as multi-factor authentication.
Platform Requirements:
-
Mobile Client: Android/iOS HyID Client required for geolocation data
-
Network: GPS-enabled devices with location services enabled
Part 1: Configure Active Directory User Attributes
Step 1: Set Up User Geolocation Attributes in Active Directory
-
Access Active Directory Users and Computers
-
Connect to your domain controller.
-
Open Active Directory Users and Computers.
-
-
Configure User Geolocation Attribute
-
For each user requiring geolocation-based access, edit user properties.
-
Add geolocation data in the designated attribute field in the format: Latitude|Longitude|Area
-
Example:
18.5923633|73.7510613|Wakad -
Users can have multiple geolocation values.
-
HySecure allows login if device location matches any configured coordinate.
-
Step 2: Map Geolocation Attributes in HySecure
-
Access Authentication Server Configuration
-
Login to HySecure management console as Security Officer or Administrator.
-
Navigate to Settings > Authentication > Authentication Server.
-
Select and edit the configured authentication server.
-
-
Configure User Attribute Mapping
-
Scroll to User Attribute Mapping section.
-
Locate existing LocationDetails attribute.
-
Click Add New Mapping.
-
-
Map Directory Attribute
-
User Attribute Name: Ensure LocationDetails is selected.
-
Directory Attribute: Enter the Active Directory attribute name containing geolocation data.
-
Click Submit to save mapping.
-
Part 2: Enable Geolocation-Based Login Feature
Step 1: Contact Accops Support for Feature Enablement
Backend Configuration Required:
-
This feature requires backend access for initial enablement.
-
Contact Accops support team with the following information:
-
HySecure gateway cluster details such as version.
-
Desired radius setting for geolocation validation and desired allowed range in meters (default: 100 meters).
-
Authentication methods to be supported (QR Code, Push Notification, or both).
-
Step 2: Radius Configuration Planning
Default Setting:
-
Standard Radius: 100 meters from allowed coordinates
-
Customization: Configurable based on organizational requirements.
Radius Planning Considerations:
-
Building Size: Account for large office complexes.
-
Campus Environments: Consider multi-building corporate campuses.
-
Mobile Work Areas: Factor in movement within approved locations.
-
GPS Accuracy: Account for GPS precision variations.
Part 3: Client Configuration and Testing
Step 1: Configure Client Applications
-
Windows Workspace Client Setup
- Ensure client version 7.2.0.10xx or higher.
-
Mobile HyID Client Setup
- Install Android/iOS HyID Client.
Step 2: Test Geolocation-Based Authentication
-
QR Code Authentication Testing
-
Have test user attempt login using QR code from approved location.
-
Verify authentication succeeds within configured radius.
-
Test authentication failure from non-approved location.
-
-
Push Notification MFA Testing
-
Conduct a traditional credential login test with geolocation validation.
-
Verify push notification MFA works with location checking.
-
Confirm proper error messages for location violations.
-
Monitoring and Logging
Log Information Includes:
-
User authentication attempts with location data.
-
GPS coordinates at time of authentication.
-
Location validation success/failure results.
-
Radius compliance information.
-
Authentication method used.
Accessing Logs:
-
Navigate to Monitoring > Activity Logs.
-
Review location validation results.
-
Monitor for authentication patterns and violations.
Notes
- This is a Beta feature - thorough testing recommended before production deployment.
- Backend configuration required through Accops support team.
- Regular monitoring and maintenance required for optimal performance.
- Consider backup authentication methods for GPS failure scenarios.
Contact Support: support@accops.com for backend configuration assistance.