Skip to content

Device ID

Device ID Access control

Use Device ID-based access control to restrict HySecure access to the specified set of machines (e.g., corporate machines), i.e., restrict users to log in only from those machines.

Device ID-based Authentication can be used to:

  1. Restrict users to logging in from the corporate machines or tablets.

  2. Restrict users to logging in from a single or multiple machines.

  3. Restrict users to logging in only from specific locations, like branch offices.

  4. Restrict users to logging in from certain countries or locales.

  5. Restrict access when the user is using an Internet proxy by detecting the user's actual location.

Important Terms / Actions

Device ID

A device ID is a unique signature created by HySecure Gateway for each device that connects to it. The HySecure Portal and Client collect the hardware details of the user device and send them to the Gateway. The Gateway, in turn, stores the information and registers the device if the policy allows it.

A device ID can be formed using the following parameters:

  1. IMEI (only for tablets/smartphones with SIM cards)

  2. Serial No. (only for tablets and smartphones)

  3. CPU ID

  4. Motherboard ID

  5. HDD ID

  6. MAC Addresses

  7. IP Addresses

  8. Default Gateway

  9. Regional Settings

  10. Locale

  11. Detected and Received WAN IP Address

  12. Device Type

  13. Browser ID

  14. Browser Type

Administrators can choose from the above list and include it in the device ID. Some of the parameters, when included in the device signature, can affect the user's mobility.

Device Registration Process

The registration process is completely automated. Device ID can be enabled based on the user groups. When the user is a member of the group for which the Device ID is enabled, the device signature gets registered for the device from which the user has logged in.

If Auto approval is enabled (ON), the user can start working immediately. If Auto approval is off, the user's device is registered, but the user cannot access applications until the administrator reviews and approves the registered device and the user's device. If SMTP is configured on the HySecure server, then the administrator will get an email notification for device registration.

Manage Registered Devices

A HySecure administrator can log in to HySecure and review, approve, block, or manage the device registrations.

Configuration Workflow

This section describes the workflow for creating a Device ID-type Access Control.

  1. Identify the User / User group for whom the Access Control needs to be implemented. The set of users will either be:

    1. part of an Authorization Server associated with an Authentication Domain, which is attached to a HySecure Domain, OR.

    2. part of a High / Low Security native User Group OR.

    3. a High / Low Security native User.

  2. Ensure that the Application Group containing the applications that are to be published has been created.

  3. Check the Enable collection of device fingerprint details from user device option in Policies > Client Profiles.

  4. Create an Access Control of the type Device ID and assign the User/User Groups, along with the Device ID parameters, which need to be enforced for logging in to the HySecure Gateway.

Device ID Preference

If multiple Device ID-based Access Controls are configured, then the first matching Access Control is applied.