Configure OU-Based Assignment for Application Access Control

Applies To: HySecure Gateway 7.2 and above

Category: Access Control

Overview

This guide explains how to configure Organizational Unit (OU)-based assignment for Application Access Control policies. Administrators can now target access policies by Active Directory OUs in addition to existing user and user group assignments, enabling policy management aligned with organizational directory structure.

Prerequisites

• HySecure Gateway 7.2 or higher

• Administrator or Security Officer access to the management console

• Active Directory integration configured

• OU structure defined in Active Directory

Procedure: Configure OU-Based Application Access Control

Step 1: Create or Modify Application Access Control Policy

1. Access Application Access Control

   • Log in to the HySecure management console as Administrator or Security Officer.

   • Navigate to Policies > ACL > Application Access Control.

2. Create a new policy or modify an existing one

   • Click Add for new policy, or select existing policy to modify.

   • Enter or update the Access Control Name.

     

Step 2: Select OU-Based Assignment

1. Configure Assignment Type

   • Select the Assignment Type dropdown.

   • Choose the OU-based assignment option.

2. Select Target OUs

   • Browse the Active Directory OU structure.

   • Select one or multiple OUs for policy assignment.

   • Policy applies to all users within selected OUs.

     

Step 3: Configure Application Access Settings

1. Define application access parameters

   • Configure application access rules per policy requirements.

   • Set permitted applications for selected OUs.

   • Define access restrictions or permissions.

2. Save configuration

   • Click Submit to save the Application Access Control policy.

   • Policy applies automatically to users in selected OUs.

     

Business Context

Simplified Policy Management:

Leverage existing Active Directory OU structure for application access policies instead of manually managing user groups. Policies automatically apply to users based on OU membership, reducing administrative overhead.

Scalable Access Control:

Automatically include new users in access policies when added to OUs. Eliminates manual policy updates for organizational changes, supporting dynamic workforce management.

Use Cases

Scenario 1: Department-Based Application Access

An organization with a department-based OU structure (Sales OU, Finance OU, Engineering OU) assigns CRM applications to the Sales OU and financial applications to the Finance OU. New hires automatically receive appropriate application access based on department OU placement.

Scenario 2: Geographic Location Access Control

An organization with regional OUs (APAC OU, EMEA OU, Americas OU) restricts region-specific applications based on user location. Policy automatically applies to users when transferred between regional offices, and OUs are updated accordingly.

Important Notes

OU Synchronization:

• Policy automatically applies to new users added to selected OUs.

• User removal from OU removes policy assignment automatically.

Combined Assignment:

• OU-based assignment works alongside existing user and user group assignments.

• Multiple assignment types can be configured in a single policy.

• User access is determined by combined policy evaluations.

OU Hierarchy:

• Policy applies to users directly in the selected OU.

• Child OUs are not automatically included unless explicitly selected.

• Select parent and child OUs separately if both require policy.