Sign-in

The Workspace Windows Client Sign-in/Login Screen is the interface that appears when a user downloads and opens Accops Workspace Windows Client application. On this screen enter the credentials to authenticate and access the workspace.

Login Workflow

The login workflow involves the following steps:

1. Launch the Workspace Client. The Login Screen is displayed.

   

2. This screen prompts the user to begin the authentication process to access their workspace environment.

3. Click Settings to enter the Controller or HySecure Gateway Address.

   

4. After entering the address, click Test and Apply. The Workspace Client verifies connectivity with the specified gateway. If the connection is successful, the settings are applied and the client proceeds to the next step.

5. Users may be part of multiple domains or identity realms. A drop-down or field is presented to select the appropriate domain/realm (configured on the HySecure Gateway).

   

6. Enter the Login credentials. Depending on the organization’s configured authentication policy, the user is presented with one of the following login methods:

   1. Multi Factor Authentication (MFA): Users can log in using a MFA method, adding an extra layer of security. After entering their password, users will be prompted to authenticate via a second factor, such as an SMS or email code.

   2. SAML-based Login: Security Assertion Markup Language (SAML) is supported for Single Sign-On (SSO). With SAML, users can authenticate using credentials from their Identity Provider (IdP).

   3. Passwordless Login: This method allows users to access the workspace without having to enter a traditional password. Instead, users can authenticate through a registered authentication device on which the Accops HyID app is installed

   4. OTP-only Login: Users can opt for a login method that requires only an One-Time Password (OTP), sent via email or SMS.

7. Once credentials are validated a secure session is established. User-specific policies, profiles, and resource access controls are applied. User gains access to the virtual desktop, published applications, or other workspace services as defined by the administrator.

8. Session management and timeout; The client monitors activity during the session.

   Important

   • Users are automatically logged out after a defined inactivity timeout or when the session duration limit is reached.
   • This ensures security compliance and prevents unauthorized access in unattended sessions.

Login Screen

The following describes the various widgets displayed on the login screen:

1. Username and password: The sign-in screen prompts the user to enter the valid username and password. The username field can be saved and auto-filled based on the configurations done from the HySecure Gateway or HyWorks Controller.

   

2. Forgot Password: This option redirects the user to the organization's password recovery system or support portal.

3. Authentication Methods:

   1. Sign-in button: Upon entering the credentials, click the Sign-in button to authenticate and connect to the workspace resources. If credentials are valid and the user is authorized, the user gains access to resources.

      • Multi-Factor Authentication (MFA): Workspace Client requires multi-factor authentication for extra security if MFA is enabled. After entering the credentials the client will prompt the user for the second factor for more authentication, such as:

        • SMS Token: A one-time code sent via SMS to the user's phone for authentication.

        • Email Token: A one-time code sent to the user's email address for authentication.

        • Mobile Token: A one-time code generated by the HyID app which acts as a mobile authenticator app for secure login.

        • Push Notification: A prompt sent to the user's mobile device for quick approval or denial of the login attempt.

          

   2. Sign-in with QR code: This authentication allows users to log in using a registered authentication device instead of the legacy username and password. An Auth device is a device on which the Accops HyID app is installed, and the user is registered for a mobile token. However, to access Hosted Apps and Desktops, the SSO application user must enter the password explicitly after scanning the QR code for passwordless, in the Domain password prompt, or during application access.

      

   3. Sign-in with AzureAD: User can sign-in using Azure AD as the identity provider to authenticate and authorize users in a workspace client application. This allows to manage user access securely and centrally using Microsoft's Azure AD.

      

   4. Sign-in with SAML: When launching the first SSO app, client will prompt for the domain password. The user can skip providing the password, or if the user submits a wrong password, the correct password can be provided later using the new option Change SSO Password in the user menu.

      

      

4. Quick Access Settings menu: Displays the set of settings and options that are to be easily accessible and offer common, frequently used configurations. Following are the available options:

   

   1. Status: Click to view the detailed network settings.

      

   2. Certificate Login: Click the icon to login to the secure gateway using the Client SSL certificate.

      

   3. Log Viewer: Click to view the detailed log files. Select the required log file name to view the details. Admins can monitor login attempts and access logs to detect unusual or unauthorized login attempts.

      

   4. Virtual Keyboard: Click to open the system default on screen keyboard.

      

   5. USB Devices: Click to access or configure the USB devices connected to the virtual desktop.

   6. Settings: Click to access configuration options that let users customize their workspace client environment. This includes preferences such as language settings, network settings. Users can also set or modify the server address to connect to their workspace, which is also used for certificate enrollment or login. Click Test and Apply to test the connection with the secure gateway.

      

      Note

      The settings icon option is not available post login.

After successful login, the user is shown the launchpad that displays their virtual desktops and apps that they are authorized to access in the Accops workspace.