Skip to main content
日本語 简体中文 繁體中文

How to ensure only the users with Pass-cookie are allowed to access from outside of the office network?

Question

Is it possible to set an Entrance Pass on a PC that cannot connect to the internal network?

Answer

By configuring settings from the Access Control Administration, you can set an Entrance Pass even from an external environment.
For details, please refer to the procedure below.

  1. (Admin) Create an Access Policy Group for Entrance Pass distribution users
  2. (Admin) Create an Entrance Pass distribution user
  3. (Admin) Add Entrance Pass distribution conditions
  4. (Admin) Provide the login information for the Entrance Pass distribution user to the user
  5. (User) Log in with the Entrance Pass distribution user and set the Entrance Pass cookie in the browser

Procedure

Admin Tasks

  1. Log in to the Access Control Administration.
    * For the URL and login information, please refer to [Service List] - [HENNGE Access Control] in the Customer Portal.
    [Customer Portal] How to check the HENNGE One Service List
    * If the initial password listed in the login information has been changed, please check internally.

  2. Create an Access Policy Group for Entrance Pass distribution users.
    Click [Users] - [Access Policy Groups] - [+Add Group], and register with the following settings.

    スクリーンショット 2026-03-03 7.35.23.png

  3. Create an Entrance Pass distribution user.
    Create a user with any name. (E.g., Username "cookie")
    After registering in Access Control, assign the user to the policy created in Step 2.
    * There is no need to create an account in Google Workspace / Microsoft 365.
    • When integrating with Active Directory: Create a user with any name in Active Directory and add it through dry run and synchronization.
    • If not integrating with Active Directory: Create the user in Access Control.
      [Access Control] Creating / Editing a New User

  4. Add Entrance Pass distribution conditions.
    From [System] - [Domain Settings] - [Other Settings], edit the Entrance Pass issuance conditions and add "login_name:username" (*).
    (*) Enter the username created in Step 3.
    If the username is "cookie", it will be "login_name:cookie".
    [Configuration Example]

    Before: ip4:<IP Address>
After: ip4:<IP Address> or login_name:username (*)
  5. Provide the login information for the Entrance Pass distribution user to the user.
    ・Username and password created in Step 3
    ・OTP token for the user created in Step 3 (*)
    (*) This is the value in [Emergency OTP Token] on the Edit User screen.
    Initially, 5 tokens are automatically set. You can also click [+Add new] to add more.
    Since OTP (One-Time Password) tokens are single-use passwords, you can restrict users from distributing them to multiple browsers. Used OTP tokens will be deleted from the Edit User screen.

User Tasks

After all admin tasks from Steps 1 to 5 are completed, please perform the following operations as the user.

  1. Log in with the Entrance Pass distribution user and set the Entrance Pass in the browser.
    Log in with the Entrance Pass distribution user.
    URL: Please refer to [Service List] - [HENNGE Access Control] in the Customer Portal.
    [Customer Portal] How to check the HENNGE One Service List
    ID / Password / OTP: Provided by the admin in Step 5
  2. After login is authorised, log out once.
  3. Access again and log in with your own ID and password.