Skip to content

Enhancements

Administrative & System Enhancements

Inactive Registered Users' Cleanup

Administrators can disable/delete registered users based on their last login or last authentication time.

Business Value

  • Automated user lifecycle management

  • Reduced administrative overhead for inactive account management

  • Improved security through inactive user cleanup

Configuration:

  1. Log in to the HySecure management console as Security Officer/Administrator.

  2. Navigate to Diagnose > Cleanup Policies.

  3. Enable the checkbox Enable Registered Users Cleanup.

  4. Under Action for Inactive Registered Users, select:

    • Disable: Retain the user profile but disable access.

    • Delete: Remove the user profile completely.

  5. Configure Action Based On parameter:

    • Last Login Time: Users logging in to the HySecure gateway for enterprise application access.

    • Last Authentication Time: Users logging in through HyID Windows client, Linux Credential Provider, NPS, RADIUS, or third-party applications using HySecure as MFA provider.

  6. Set Inactive for Last (days) value (1-999 days range).

Workspace Client Upgrade via Management Console

Workspace Client upgrade support has been added to the Management Console. Previously supported the HySecure client upgrade only.

Business Value:

  • Unified client upgrade management for HySecure and Workspace clients
  • Simplified client distribution via the HyLite login page
  • Centralized client version control

Configuration:

  1. Log in to the HySecure Management console as a Security Officer/Administrator.

  2. Navigate to Settings > Global > Client Upload (clear browser cache and hard reload if tab not visible).

  3. Click Add to upload the client.

  4. Select Platform (Windows, MAC, Ubuntu 64-bit, RHEL 64-bit).

  5. Select Upgrade From:

    • HySecure: Apply client over an installed HySecure client only.

    • Workspace: Apply client over an installed Workspace client only.

  6. Enter Client Version (e.g., 7.2.0.1063).

  7. Select Force Upgrade:

    • Yes: Apply upgrade forcefully.

    • No: Allow users to choose an upgrade.

  8. Select Use External Link:

    • Yes: Upgrade client via external link (provide URL and MD5 checksum).

    • No: Upload client installer files.

  9. Client Installer configuration:

    • Admin Client: Upload WorkspaceClientSetup.exe / mac_release.dmg / linux_release_64bit.7z with MD5 checksum.

    • On-Demand Client: Upload Accops_WorkspaceOndemand.exe with MD5 checksum.

  10. Click Submit to confirm the configuration.

Hybrid Mode Support

Configure similar settings for hybrid mode. HySecure to HySecure client upgrade not supported in hybrid mode. Supported: HySecure Client to Workspace and Workspace to Workspace upgrades.

OU-Based Assignment for Application Access Control

Organizational Unit (OU)-based assignment support added for Application Access Control policies.

Business Value

  • Directory OU-based policy targeting alongside existing user and user group assignments

  • Simplified policy management for OU-structured organizations

How-To Guide: For more information, refer to the KB Article.

Account Lockout Access Control for Users and Groups

The Account Lockout access control policy is designed to disable registered users based on their last or first login time. This policy can be assigned to specific users or user groups, or it can be configured to apply to all users. Previously, this access control was applied universally to all users when created.

Business Value:

  • Granular account lockout policy assignment

  • Flexible security policy configuration per user/group

License Model Updated to Concurrent Sessions

License Type updated from Concurrent Users to Concurrent Sessions. Licenses consumed based on active concurrent sessions rather than active concurrent users.

Business Value:

  • Accurate license consumption model for multi-session environments

  • Transparent license tracking for simultaneous session scenarios

Windows HyID Client Logs Collection

The HySecure gateway retrieves and stores logs from the HyID Client for an offline duration. Once the HyID Client reconnects, the offline logs are automatically transferred and recorded in the HySecure management console under HyID logs.

Business Value

  • Complete audit trail for offline HyID Client activity

  • Enhanced security monitoring for offline token usage and MFA bypass events

Events Captured

  • User login using an offline token

  • Disabling the HyID client using the master password, followed by login without MFA

  • All login attempts while the HyID client is disabled

MFA bypass using OTP bypass key in online mode

Prerequisites

  • Windows HyID Client v1.1.16.8 or above

  • HyID Desktop Agent-based policy configured in the HySecure gateway

  • At least one user login from the HyID client in online mode after configuration

How to Enable

  1. Log in to the HySecure gateway/HyID server as a Security officer.

  2. Navigate to Settings > Global > Server, locate External API Settings.

  3. Enable the Docker checkbox in External API Settings.

  4. Enter the Docker IP address in the Provide local network IP field.

Important

  • Log timestamps reflect the time the HySecure gateway received logs, not the original event time. Minimum one online login required to enable offline activity logging

Upgrade History on HySecure Dashboard

The Upgrade History view displays all successfully applied patches across HySecure gateway nodes in a single consolidated view.

Business Value

  • Simplified patch status verification during upgrade

  • Improved operational visibility for patch management

  • Quick confirmation of node-level patch status

Application Block Bypass for Quarantined Devices

Designated users or user groups can access applications that are usually blocked when a device falls under a quarantine profile during an endpoint security scan.

Business Value

  • Selective application access for privileged users despite device quarantine

  • Greater flexibility and control in access management

Prerequisites

  • Endpoint Security enabled for designated HySecure Domain

  • Host Scan policies and Quarantine Device Profile present

Configuration

  1. Log in to the HySecure management console as Security Officer/Administrator.

  2. Navigate to Policies > ACL, create or modify Endpoint Security access control.

  3. Assign policies to the required user/user group.

  4. Enable the checkbox Bypass Endpoint Security Profile to allow quarantine-blocked applications.

Security & Compliance Enhancements

Implementation of 3-Minute OTP Validity as per RBI Guidelines

A 3-minute OTP validity period has been introduced for SMS and Email OTP configuration in the HyID policy to comply with the latest RBI guidelines.

Business Value

  • RBI compliance for financial sector deployments

  • Enhanced OTP security through reduced validity window

Improved CPU Usage Alert Mechanism

CPU resource consumption alert now triggers only when overall CPU usage exceeds the defined threshold. Previously generated an alert was generated if any single core crossed the threshold, causing false alarms.

Inclusion of System Logs in Log Archival

System logs (/var/log/cron, /var/log/maillog, /var/log/messages, /var/log/warn, /var/log/wireguard-, /var/log/secure, /var/log/spooler)* are included in the HySecure log archival mechanism.

Business Value

  • Reduced storage consumption through log rotation

  • Improved system performance via log management

Configuration

Logs are archived by default. Configure via /etc/logrotate.d/rsyslog for customization.

Device Fingerprint Collection Based on Device ID Access Control

Device fingerprint collection is automatically managed based on the Device ID access control status. When Device ID access control is enabled, fingerprint collection is automatically enabled. When no Device ID access control is configured, fingerprint collection is automatically disabled.

Business Value

  • Simplified Device ID access control administration

  • Automatic fingerprint collection management reduces configuration effort

Auto Trigger OTP while using Self Service Portal

When the user clicks Trouble Logging In? to reset the password or unlock the HySecure or Active Directory account, OTP is automatically sent if only one MFA method is configured. User does not need to click Send OTP manually.

Business Value

  • Streamlined self-service portal user experience

  • Reduced clicks for single MFA method scenarios

Database Query Optimization During Login

Login time optimized by skipping unnecessary Time Access filter queries when no filters exist in the database. System queries Time Access filters only when at least one is present.

Business Value

  • Faster user login experience

  • Reduced database query overhead

Post-Incident Logs Collection for HySecure Gateway

Security Log Collection is integrated into the HySecure Management Console. Administrators collect incident-related logs instantly without external scripts.

Business Value:

  • Streamlined investigation process

  • Reduced delays for incident analysis

  • Faster, more accurate incident response

How to Collect Logs:

  1. Log in to the HySecure management console as the Security Officer/Administrator using the affected HySecure node IP address.

  2. Navigate to Diagnose > Post-Incident Logs.

  3. Click Generate & Download Logs to download incident logs.

Note

The logs generation process may take up to 5 minutes.

Failed Login Attempts Indicator for AD Users

User experience improved by displaying remaining allowed authentication attempts after each failed login. Once all attempts are exhausted, the user account is locked in the user directory.

Business Value

  • Enhanced user awareness of account lockout status

  • Transparent failed attempt feedback

Note

Feature disabled by default, applies only to AD users.

How to Enable

Contact Accops Support for assistance with backend configuration.