Skip to content

Configure Browser Selection for SAML Authentication and Web Applications

Applies To: Accops Workspace Windows Client 7.2.0.1040 and above

Category: User Experience & Interface

Feature Status: Stable

Overview

This guide explains how to configure explicit browser selection for SAML authentication pages and web application launches in Accops Workspace Windows Client. This feature enables administrators to specify which browser launches for SAML authentication and web applications, overriding previous gateway browser settings and removing limitations such as default browser configuration requirements and automatic browser closure on logout. This enhancement provides greater flexibility and consistency in user experience across different enterprise environments.

Prerequisites

  • Gateway Version: HySecure Gateway 5.4 SP6 or HySecure Gateway 7.0 and above
  • Client Version: Accops Workspace Windows Client 7.2.0.1040 or higher
  • Administrative Access: Security Officer or Administrator access to HySecure Management Console
  • Browser Installation: Target browsers installed on client devices (Chrome, Edge, Firefox, etc.)
  • SAML Configuration: Existing SAML identity provider integration configured
  • Network Connectivity: HTTPS connectivity to SAML identity providers and web applications
  • Knowledge Requirement: Understanding of SAML authentication workflows and web application deployment

Benefits

  • Enhanced User Experience: Consistent browser experience eliminates confusion from unpredictable browser behavior
  • Administrative Control: Centralized browser selection removes dependency on individual user default browser settings
  • Security Standardization: Enforced browser choice ensures consistent security policies and certificate handling across organization
  • Deployment Flexibility: Accommodates enterprise browser policies and specialized browser requirements for different applications

Browser Selection Options

Supported Browser Types

Microsoft Edge:

  • Description: Microsoft's modern browser with enhanced security features and enterprise integration
  • Use Case: Organizations using Microsoft 365 ecosystem with integrated security policies
  • Requirements: Microsoft Edge installed on client devices (typically pre-installed on Windows 10/11)

Google Chrome:

  • Description: Widely-used browser with extensive extension support and cloud integration
  • Use Case: Organizations preferring Google Workspace integration or specific Chrome-based applications
  • Requirements: Google Chrome installed on client devices with appropriate version support

Mozilla Firefox:

  • Description: Open-source browser with strong privacy features and customization options
  • Use Case: Organizations requiring specific privacy controls or Firefox-only compatible applications
  • Requirements: Mozilla Firefox installed on client devices with current security updates

Internet Explorer Mode (Edge):

  • Description: Legacy application support through Internet Explorer mode in Microsoft Edge
  • Use Case: Organizations with legacy web applications requiring Internet Explorer compatibility
  • Requirements: Microsoft Edge with Internet Explorer mode enabled

Platform Support

Client Mode Windows 8/8.1 Windows 10/11 Server 2016-2025 Support Level
Full Admin Client Yes Yes Yes Full Support
HyBrid Mode No No No Not Supported
HyLite Mode No No No Not Supported
On-Demand Client Yes Yes Yes Full Support

Procedure Part 1: Gateway Configuration

Step 1: Access Browser Configuration Settings

⚠️ Important: Contact the Accops support team for assistance with the Gateway Configuration due to specialized configuration requirements and version-specific implementation details.

Configuration Requirements:

  • SAML Browser Selection: Specify browser for SAML authentication page launches
  • Web Application Browser Selection: Define browser for web application launches from client launchpad
  • Override Settings: Configuration overrides previous gateway browser settings
  • Compatibility Validation: Verify browser selection compatibility with SAML providers

Step 2: Configure SAML Authentication Browser

  1. SAML Authentication Browser Settings
  2. Browser Type Selection: Choose from available browser options (Edge, Chrome, Firefox)
  3. Browser Path Configuration: Specify browser executable path if non-standard installation
  4. Launch Parameters: Configure browser startup parameters for SAML authentication

  5. Session Management: Define browser session handling for authentication workflows

  6. Identity Provider Compatibility

  7. Browser Testing: Verify selected browser compatibility with configured SAML identity providers
  8. Certificate Handling: Ensure browser properly handles SSL certificates for SAML endpoints
  9. JavaScript Support: Confirm browser JavaScript functionality for SAML authentication flows
  10. Popup Management: Configure popup handling for SAML authentication processes

Step 3: Configure Web Application Browser

  1. Web Application Launch Settings
  2. Default Application Browser: Set browser for web application launches from client launchpad
  3. Application-Specific Settings: Configure different browsers for specific web applications if supported
  4. Session Isolation: Define browser session isolation between different web applications

  5. Security Policies: Apply browser security policies for web application access

  6. Application Compatibility Testing

  7. Web Application Validation: Test web applications with selected browser configuration
  8. Performance Optimization: Verify browser performance with corporate web applications
  9. Plugin Support: Ensure required browser plugins/extensions are available
  10. Mobile Responsiveness: Test web application compatibility across different screen sizes

Procedure Part 2: Browser Installation and Configuration

Step 1: Standardize Browser Deployment

  1. Enterprise Browser Installation
  2. Deployment Method: Use organizational software deployment tools (SCCM, Intune, etc.)
  3. Version Standardization: Deploy consistent browser versions across all client devices
  4. Configuration Management: Apply standardized browser configurations and security policies

  5. Update Management: Establish browser update procedures and testing protocols

  6. Browser Policy Configuration powershell # Example: Configure Chrome enterprise policies via Group Policy # Set homepage and security settings $ChromePolicies = @{ "HomepageLocation" = "about:blank" "DefaultBrowserSettingEnabled" = $false "BlockThirdPartyCookies" = $true "SSLErrorOverrideAllowed" = $false }

  7. Security Hardening

  8. Certificate Store Configuration: Ensure proper certificate trust store setup
  9. Privacy Settings: Configure privacy settings appropriate for corporate environment
  10. Extension Management: Control browser extension installation and usage
  11. Download Restrictions: Apply download policies for security compliance

Step 2: Browser Compatibility Validation

  1. SAML Provider Testing
  2. Authentication Flow Testing: Verify complete SAML authentication workflow with selected browser
  3. Multi-Factor Authentication: Test MFA integration with browser selection
  4. Single Sign-On: Validate SSO functionality across different SAML applications

  5. Error Handling: Test error scenarios and browser behavior during authentication failures

  6. Web Application Compatibility

  7. Application Functionality: Test all web applications with selected browser configuration
  8. Performance Benchmarking: Measure application load times and responsiveness
  9. Feature Support: Verify advanced web application features function correctly
  10. Cross-Browser Testing: Document any application-specific browser requirements

Configuration Examples

Example 1: Microsoft-Centric Enterprise

Configuration:

  • SAML Authentication Browser: Microsoft Edge
  • Web Application Browser: Microsoft Edge
  • Identity Provider: Azure AD SAML
  • Enterprise Integration: Microsoft 365 ecosystem
  • Security Policies: Microsoft Defender Application Guard integration

Use Case: Organizations heavily invested in Microsoft ecosystem with Azure AD integration

Benefits: Seamless integration with Microsoft security features and enterprise policies

Example 2: Multi-Browser Environment

Configuration:

  • SAML Authentication Browser: Google Chrome
  • Web Application Browser: Mozilla Firefox for specific applications, Chrome for others
  • Identity Provider: Okta or Ping Identity
  • Application Requirements: Mixed browser requirements for different web applications
  • User Flexibility: Different browsers for different application categories

Use Case: Organizations with diverse web application portfolio requiring different browser capabilities

Benefits: Optimized browser selection for specific application requirements while maintaining consistency

Example 3: High-Security Environment

Configuration:

  • SAML Authentication Browser: Microsoft Edge with Enhanced Security
  • Web Application Browser: Firefox ESR (Extended Support Release)
  • Identity Provider: On-premises ADFS with hardware token integration
  • Security Controls: Strict certificate validation and enhanced privacy settings
  • Compliance Requirements: Government or financial services security standards

Use Case: High-security environments requiring strict browser security controls and compliance

Benefits: Maximum security with controlled browser environments and validated security configurations

SAML Authentication Workflow

Browser-Based Authentication Process

Authentication Sequence:

  1. Client Login Initiation: User launches Workspace client and selects SAML authentication
  2. Browser Launch: System launches specified browser for SAML authentication
  3. Identity Provider Redirect: Browser redirects to configured SAML identity provider
  4. User Authentication: User completes authentication process within selected browser
  5. SAML Response Processing: Identity provider returns SAML response to HySecure Gateway
  6. Session Establishment: Gateway processes SAML response and establishes user session
  7. Browser Session Management: Browser behavior managed according to configuration settings

Session Security:

  • Secure Communication: All SAML communications encrypted via TLS 1.2+
  • Token Validation: SAML assertions validated against identity provider certificates
  • Session Timeout: Browser sessions respect configured timeout policies
  • Cross-Site Protection: Browser security features protect against CSRF and XSS attacks

Web Application Launch Process

Application Access Workflow:

  1. Application Selection: User selects web application from client launchpad
  2. Browser Launch: System launches specified browser for web application access
  3. Authentication Token Transfer: Session tokens transferred securely to browser session
  4. Application Loading: Web application loads with authenticated user context
  5. Session Synchronization: Application session synchronized with gateway session status
  6. Logout Coordination: Application logout coordinated with gateway session termination

Verification and Testing

SAML Authentication Testing

  1. End-to-End Authentication Test
  2. Launch Workspace client and initiate SAML authentication
  3. Verify specified browser launches correctly
  4. Complete authentication process and confirm successful login

  5. Expected Result: Seamless SAML authentication using configured browser

  6. Multi-Factor Authentication Test

  7. Test SAML authentication with MFA requirements
  8. Verify browser handles MFA prompts appropriately
  9. Confirm successful authentication with multiple factors

  10. Expected Result: Proper MFA handling within selected browser environment

  11. Browser Session Management Test

  12. Complete SAML authentication and verify session establishment
  13. Test logout behavior and browser session handling
  14. Verify browser doesn't close automatically (limitation removed)
  15. Expected Result: Improved session management without unwanted browser closure

Web Application Launch Testing

  1. Application Launch Verification
  2. Select web applications from client launchpad
  3. Verify specified browser launches for web application access
  4. Confirm applications load correctly with proper authentication

  5. Expected Result: Consistent web application access using configured browser

  6. Multiple Application Testing

  7. Launch different web applications sequentially
  8. Verify browser behavior with multiple concurrent applications
  9. Test application switching and session management
  10. Expected Result: Proper handling of multiple web applications within browser environment

Performance and Compatibility Testing

  1. Browser Performance Assessment
  2. Measure browser launch times for SAML authentication
  3. Monitor web application load times and responsiveness
  4. Assess memory usage and system resource consumption

  5. Expected Result: Acceptable performance within organizational standards

  6. Cross-Platform Compatibility

  7. Test browser selection across different Windows versions
  8. Verify functionality on various hardware configurations
  9. Confirm behavior consistency across client deployment types
  10. Expected Result: Consistent functionality across supported platforms

Monitoring and Logging

Browser Selection Event Logging:

  • Browser launch events: Application launches, browser selection, timestamp
  • SAML authentication events: Authentication success/failure, browser used, duration
  • Web application access: Application launches, browser selection, session duration
  • Error events: Browser launch failures, compatibility issues, performance problems

Log Analysis Procedures:

  1. Navigate to HySecure Management Console → Monitoring → Application Logs
  2. Filter by Event Type: Browser Launch for browser-specific events
  3. Analyze browser usage patterns and performance metrics
  4. Review error rates and browser compatibility issues

Performance Metrics:

  • Browser launch time statistics
  • SAML authentication completion rates
  • Web application load time measurements
  • User satisfaction and support ticket volume

Security Considerations

Browser Security

Secure Browser Configuration:

  • Certificate Validation: Ensure browsers properly validate SSL certificates for SAML and web applications
  • Content Security Policy: Configure CSP headers for web applications to prevent XSS attacks
  • Secure Cookie Handling: Verify proper secure cookie implementation for session management
  • Privacy Controls: Balance privacy settings with functional requirements for corporate applications

Enterprise Security Integration:

  • Domain Join Integration: Leverage domain-joined device capabilities for browser security
  • Certificate Store Management: Integrate with enterprise certificate management systems
  • Policy Enforcement: Apply organizational security policies through browser configuration
  • Threat Protection: Integrate with enterprise threat protection and monitoring systems

Authentication Security

SAML Security:

  • Assertion Validation: Verify SAML assertion integrity and authenticity
  • Replay Attack Prevention: Implement measures to prevent SAML assertion replay attacks
  • Encryption Standards: Ensure SAML communications use current encryption standards
  • Certificate Management: Maintain current certificates for SAML identity provider trust

Session Security:

  • Token Protection: Secure handling of authentication tokens within browser sessions
  • Session Isolation: Ensure proper isolation between different application sessions
  • Logout Security: Comprehensive session cleanup during logout processes
  • Cross-Site Request Forgery: Protection against CSRF attacks in web applications

Troubleshooting

Common Issues:

Browser Launch Failures:

  • Issue: Specified browser fails to launch for SAML authentication or web applications
  • Check: Verify target browser is installed and accessible on client device
  • Verify: Confirm browser executable path is correct in gateway configuration
  • Solution: Reinstall browser or update gateway configuration with correct browser path
  • Prevention: Implement browser deployment validation and monitoring procedures

SAML Authentication Problems:

  • Issue: SAML authentication fails or displays errors in selected browser
  • Check: Verify browser compatibility with SAML identity provider requirements
  • Verify: Confirm browser security settings allow SAML authentication flow
  • Solution: Adjust browser security settings or select compatible browser for SAML
  • Prevention: Conduct comprehensive browser compatibility testing with SAML providers

Web Application Compatibility Issues:

  • Issue: Web applications display incorrectly or function improperly in selected browser
  • Check: Verify web application browser requirements and compatibility matrix
  • Verify: Confirm browser version meets application minimum requirements
  • Solution: Update browser version or configure application-specific browser selection
  • Prevention: Maintain application compatibility matrix and browser update procedures

Browser Policy Conflicts:

  • Issue: Organizational browser policies interfere with SAML or web application functionality
  • Check: Review applied browser policies and their impact on authentication workflows
  • Verify: Test authentication and application access with policy exemptions
  • Solution: Adjust browser policies or create exceptions for SAML and web application domains
  • Prevention: Coordinate browser policy management with application access requirements

Diagnostic Steps

Browser Configuration Validation:

# Check installed browsers and versions
Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | 
    Where-Object {$_.DisplayName -like "*Chrome*" -or $_.DisplayName -like "*Firefox*" -or $_.DisplayName -like "*Edge*"} | 
    Select-Object DisplayName, DisplayVersion

# Verify browser executable accessibility
Test-Path "C:\Program Files\Google\Chrome\Application\chrome.exe"
Test-Path "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

SAML Authentication Diagnostics:

  1. Browser Network Analysis: Use browser developer tools to analyze SAML authentication network traffic
  2. Certificate Validation: Verify SSL certificate chain validation in browser
  3. JavaScript Console: Check browser console for JavaScript errors during SAML authentication
  4. SAML Response Inspection: Analyze SAML response content and format

Web Application Diagnostics:

  • Browser Compatibility Testing: Test web applications across different browser versions
  • Performance Profiling: Use browser performance tools to identify bottlenecks
  • Security Policy Analysis: Review content security policy and browser security settings
  • Session Management Testing: Verify proper session handling and timeout behavior

Advanced Configuration

Enterprise Browser Management

Centralized Browser Deployment:

  • Group Policy Integration: Deploy browser configurations via Active Directory Group Policy
  • Software Deployment Tools: Use SCCM, Intune, or similar tools for browser management
  • Configuration Templates: Standardized browser configuration templates for different user groups
  • Update Management: Coordinated browser update procedures across enterprise

Browser Policy Automation:

# Example: Deploy Chrome enterprise policies
$ChromeRegPath = "HKLM:\SOFTWARE\Policies\Google\Chrome"
New-Item -Path $ChromeRegPath -Force
Set-ItemProperty -Path $ChromeRegPath -Name "HomepageLocation" -Value "about:blank"
Set-ItemProperty -Path $ChromeRegPath -Name "DefaultBrowserSettingEnabled" -Value 0

Application-Specific Browser Selection

Conditional Browser Assignment:

  • Application Categories: Different browsers for different types of web applications
  • User Group Policies: Browser selection based on user group membership
  • Geographic Considerations: Regional browser preferences and compliance requirements
  • Legacy Application Support: Specialized browser configurations for legacy applications

Performance Optimization

Browser Performance Tuning:

  • Memory Management: Optimize browser memory usage for client devices
  • Cache Configuration: Configure browser caching for improved application performance
  • Extension Management: Control browser extensions to minimize performance impact
  • Resource Monitoring: Monitor browser resource usage and optimize configuration

Network Optimization:

  • Connection Pooling: Optimize HTTP connections for web applications
  • Compression Settings: Configure content compression for faster application loading
  • CDN Integration: Leverage content delivery networks for improved performance
  • Bandwidth Management: Optimize browser settings for various network conditions

Multi-Tenant Considerations

Service Provider Deployments:

  • Tenant-Specific Browser Settings: Different browser configurations for different customer tenants
  • Brand Customization: Tenant-specific browser appearance and configuration
  • Security Isolation: Ensure proper isolation between tenant browser sessions
  • Policy Inheritance: Tenant-specific browser policy templates and management

Notes

  • Support Requirement: Gateway configuration requires Accops support team assistance due to specialized browser integration settings
  • Platform Limitations: Browser selection feature only supported for Full Admin Client and On-Demand Client modes - HyBrid and HyLite modes not supported
  • Browser Dependencies: Feature functionality depends on proper browser installation and configuration on client devices
  • Legacy Limitation Removal: Configuration overrides previous gateway browser settings and eliminates automatic browser closure on logout