Enhancements in Accops Workspace Windows Client version 7.2.0.1063
MDM Intune Support
Older Workspace Clients support MDM solutions such as VMware AirWatch and Scale Fusion. In the latest Workspace Client, Microsoft MDM solution support, known as Intune, has been added. This feature allows devices to be automatically approved for logging into the HySecure Gateway using an external authentication server. The login process is based on the device's status on the Microsoft Intune MDM server, and successful login requires the device to be registered and compliant on the Microsoft Intune MDM server.
Note
Currently, Device Approval through Intune MDM server is only supported for Windows (7.2.0.1063) and Mac (7.0.1.1101) workspace client and above; other platforms must be bypassed.
Supported Client platforms & Gateway compatibility
This enhancement is supported on the following client modes and types with HySecure Gateway versions 7.1 SP1 and above:
| Supported Client modes and OS | 5.4 SP2/5.4 SP5 | 5.4 SP6 | 7.0 | 7.1 | 7.1 SP1 |
|---|---|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | No | No | No | Yes |
| Hybrid mode | No | No | No | No | Yes |
| HyLite mode | No | No | No | No | No |
| On-Demand client | No | No | No | No | Yes |
Integrating MDM Server
-
Log in to the HySecure management console as a Security Officer.
-
Navigate to Settings > Services Config > External Authentication. Under General Configuration, enter the following details:
-
External Authentication Type: Choose Device Approval.
-
Device Approval Mode: Choose MDM as the approval mode.
-
Select MDM Provider: Choose the MDM provider name and Microsoft Intune.
-
Endpoint URL: Enter the Microsoft Intune URL.
-
Endpoint API Version: Choose the API version as 1.
-
Search Attribute: This attribute is used to identify and search for the device. Select Entra Device ID.
-
Read Timeout (Secs): This is the timeframe in which data should be received on an established connection with External MDM.
-
Connection Timeout (Secs): This is when a connection between HySecure and the Microsoft Intune server must be established. After a configured time, HySecure will give a connection time-out message.
-
Authentication Type: Choose the authentication type for MDM. If None is selected, the connection will be established without authentication. If Basic is selected, please provide the MDM Client ID, Client Secret, and Tenant ID. Click Submit to continue.
-
Linking MDM Server with Device ID Access Control
To enable device approval through the Microsoft Intune MDM server, a Device ID ACL must be created and linked to Microsoft Intune. Users with an assigned policy will have their devices approved through Microsoft Intune.
Steps to link the MDM Server with Device ID Access Control:
-
Log in to the HySecure management console as Security Officer/Administrator.
-
Navigate to Policies > ACL and create or modify a Device ID policy. Set the Device ID parameter to Device ID and enable External Authentication.
-
Choose Microsoft Intune as the Authentication Server.
-
Under Authentication with External Server, select the device authentication frequency:
-
Check on every login: Authenticates the device with the MDM server at every login, regardless of its status in the HySecure Gateway.
-
Check for new device: Authenticates only new devices with the MDM server; subsequent logins will be approved based on device status in the HySecure Gateway.
-
-
Click Submit.
Client Login
-
Log in through the Workspace Client on the gateway from a machine that is enrolled with Microsoft Entra and Intune.
-
For first-time user logins, if the device is not enrolled or is non-compliant with the Intune MDM server, the login attempt will fail, and the device will be listed under the Devices section for admin approval.
-
If the device is already enrolled and compliant with the Intune MDM server, the user will be able to log in successfully, and the device will automatically appear in the Devices section of the management console.
MTU Recalculation on Network Change
The older version of the Workspace Client calculates and sets MTU during Gateway login. However, MTU recalculation was not supported in case the network is changed. In the latest Workspace Client, MTU recalculation is supported in case network changes are detected.
Supported Client platforms & Gateway compatibility
This feature is supported by the client modes and types with HySecure Gateway versions 5.4 SP6 and 7.0 (Build – 651) & above.
| Supported Client modes and OS | 5.4 SP2/5.4 SP5 | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | Yes | Yes |
| HyLite mode | No | No | No |
| On-Demand client | No | No | No |
Client Upgrade Enhancement
In the latest Workspace Client, users will be notified via a prompt for client download and update confirmation. The purpose of this is to enhance the user experience while upgrading the client through the HySecure Gateway.
Additionally, the Windows system tray now displays client download and update status, including availability for download, in-progress download, download failure, and 'up to date', to provide better visibility of client upgrades to end-users
Note
The Accops Workspace Client upgrade enhancement will be applicable for client versions 7.2.0.1063 and above.
Supported Client platforms & Gateway compatibility
This feature is supported by the client modes and types with HySecure Gateway 5.4 SP6 and on HySecure Gateway versions 7.0 & above.
| Supported Client modes and OS | 5.4-SP2/5.4 SP5 | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-Demand client | No | Yes | Yes |
Gateway Configuration
No new gateway configuration is required for the client upgrade enhancement. Admin only needs to configure the single client upgrade as earlier.
Client Login
-
Install the Accops Workspace Windows Client version 7.2.0.1063 or above on the user’s system.
-
Log in to the client.
-
On the 1st login, the user will get a client download prompt.
-
Upon clicking Download, the client update will be downloaded on the user's machine.
-
If the client downloads successfully, the user will receive a prompt to install it on the second login.
-
Click Install to start the Workspace Client upgrade.
-
For forceful client upgrades, the steps will remain the same, but users will receive the following prompts to download and install the client update.
Note
If the user clicks Not Now for both the download client update and the install client update prompts, they will see these prompts every time they log in until they either download or install the client update.
Remember me support
The current Workspace Client application exhibits inconsistent behavior when dealing with the saving of usernames and passwords, especially when different combinations of gateway-side configurations are applied. This support has been added to the Client launchpad. Additionally, users are given the option to save credentials on the client launchpad.
Gateway Configuration
-
Log in to the client with the SO user and access the management console.
-
Navigate to Settings > Global > Client > uncheck the options Do not allow user to remember password on local device and Do not allow user to remember username on local device.
Client Login
-
Install the Accops Workspace Windows Client version 7.2.0.1063 on the user’s system.
-
Launch the client, enter the server address, and fetch the realm.
-
The user will see a Remember me checkbox on the login page, select it, and then log in to the client.
-
Now log out of the client.
-
The user’s login credentials will be saved on the login page during the next login.
-
If the user unchecks the Remember me option, then the login credentials will not be saved.
Auto launch of HySecure Applications
Support for auto-launching published HySecure applications has been added.
-
The behavior is controlled via a configuration setting on the Gateway.
-
When enabled, the Workspace Client will automatically launch their assigned applications upon login, improving efficiency and reducing manual steps.
Supported Client platforms & Gateway compatibility
This feature is supported by the client modes and types with HySecure Gateway versions 5.4 SP6 and 7.0 (Build – 651) & above.
| Supported Client modes and OS | 5.4-SP2/5.4 SP5/ | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-Demand client | No | Yes | Yes |
Gateway configuration
Create an application on the HySecure Gateway and enable auto-launch for that application.
Client login
-
Install the Accops Workspace Windows Client version 7.2.0.1063 on the user’s system.
-
Log in to the client.
-
Once you log in, the configured application will launch automatically.
-
The automatic launch of applications will function for SO, Native, and AD users.
Multitenancy Support for the Gateway Address as a Parameter in the MSI installer
As part of this release, we have improved the user experience during login by introducing the following enhancements: added support for Multitenancy as a gateway address Parameter in the MSI installer for client installation.
-
When the client is installed using MSI parameters, the server address and domain name will be pre-filled by default.
-
Users will no longer need to manually enter the server address or select the domain name when logging into the Secure Gateway.
-
This streamlines the initial login process and reduces setup time.
Supported Client platforms & Gateway compatibility
This feature is supported by the client modes and types with HySecure Gateway 5.4 SP6 and on HySecure Gateway versions 7.0 & above.
| Supported Client modes and OS | 5.4-SP2/5.4 SP5/ | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-Demand client | No | Yes | Yes |
Configuration
Please contact the Accops Support Team for assistance with the Configuration.
UI enhancement
The server URL is now displayed on the login screen in the latest Workspace Client, providing better clarity for users during sign-in. The Workspace Windows Client now includes an updated application icon. This change affects the installer icon, desktop shortcut, and taskbar icon.
Client login
-
Install the Accops Workspace Windows Client version 7.2.0.1063 on the user’s system.
-
Launch the client, enter the server address, and fetch the realm.
-
On the login page, the user will get the URL of the connected server and the organization.
Browser Selection for SAML Authentication and Web App Launch
In previous releases, the SAML authentication page was launched using either the system's default browser or client WebView window, based on gateway configuration.
In the latest release, administrators can now explicitly specify the browser to be used for launching the SAML authentication page via a gateway configuration setting.
Similarly, when launching web applications from the client launchpad, the browser to be used can now be defined by the admin in the gateway configuration.
This configuration overrides any previous gateway browser settings and removes older limitations, such as the Requirement to configure the default browser and Browser closing automatically on user logout. This enhancement provides greater flexibility and consistency in the user experience across different environments.
Supported Client platforms & Gateway compatibility
This feature is supported by the client modes and types with HySecure Gateway 5.4 SP6 and on HySecure Gateway versions 7.0 & above.
| Supported Client modes and OS | 5.4-SP2/5.4 SP5/ | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-Demand client | No | Yes | Yes |
Gateway Configuration
Please contact the Accops support team for assistance with the Gateway Configuration.
Client login
-
Launch the workspace client and enter the server address.
-
Log in through SAML, and the SAML authentication page will be launched on the specified browser.
-
Launch web applications from the client launchpad; the web app will be launched on the specified browser.
Configurable Copy/Paste for the Password Field
Copy-paste functionality in the password field on the client launchpad is now controlled via Gateway configuration.
By default, copy-paste functionality will be blocked in the password field on the client’s login page.
If the admin enables it from the gateway configuration, copy and paste will be allowed in the password field.
Supported Client platforms & Gateway compatibility
This feature is supported by the client modes and types with HySecure Gateway 5.4 SP6 and HySecure Gateway versions 7.0 & above.
| Supported Client modes and OS | 5.4-SP2/5.4 SP5/ | 5.4 SP6 | 7.0 |
|---|---|---|---|
| Full Admin Client on all supported Windows OS | No | Yes | Yes |
| Hybrid mode | No | No | No |
| HyLite mode | No | No | No |
| On-Demand client | No | Yes | Yes |
Gateway Configuration
Please contact the Accops support team for assistance with the Gateway Configuration.