For Google Workspace.

For Microsoft 365.

Question:

How to ensure only the users with Pass-cookie are allowed to access from outside of the office network?

Answer:

The setting procedures are as follows.

- The outline of setting procedure.

The URL of access control management
https://ap.ssso.hdems.com/admin/[Tenant name for exclusive user]

1.[Administrator] Make access policy for distribution user of Pass-cookie.
2.[Administrator] Make distribution user of Pass-cookie.
3.[Administrator] Add condition to distribute of the Pass-cookie.
4.[Administrator] Provide login information about distribution user of Pass-cookie for user.
5.[User] Access as distribution user and setting the Pass-cookie in Browser.

The advanced setting procedures are as follows

[Work for Administration]

1. Make access policy for distribution user of Pass-cookie.

Please register the following set value from [user]> [access police group]> [+new access policy group]

■The screenshot of [add new access policy group]

2. Make distribution user of Pass-cookie.

Make user with optional name [example: “user name” cookie]

In AD-Collaboration:

Make user with optional name on AD and add to synchronous processing.

In Non AD-Collaboration

Make user in access control.

Set the policy which makes procedure 1 after registering access control.
*Google Workspace/Microsoft 365 don’t need to make account.

3. Add condition to distribute of the Pass-cookie

Edit the Pass-cookie from [System]> [Setting domain]> [Other settings] and add login_name:username(*)

(*)Add the user name which configures the step 2.

If you configure the username to “username cookie”, please add “login_name: cookie”

[Example of configuration]

Before the change: ip4 :< IP address>
After the change: ip4:<IP address> or login_name:username(*)

4. Provide login information about distribution user of Pass-cookie for user.

The following things are configured by step 2

・User name and password
・User OTP token(*)

 * This value is for [OTP token for urgent case] in user editing page.

Default value will be automatically set five. It is also possible to put any string with single letter by administrator.

OTP (one time password) token can be used only one time, so it can the user can limit to distribute multiple browser. OTP token is deleted from user editing after use.

[Work for user]

After completing work for administrator from step 1 to 4, please carry out the following operation in a user.

5. Login as an authentication/entry permission distributing user and set the entry permission on the browser.

1) Log in as an authentication cookie user.
　URL: https://ap.ssso.hdems.com/portal/[Tenant name for exclusive user]/login
　ID/Password/OTP: provided by the administrator in step 4

2) After your login was completed successfully, log out once.

3) Access to it once again and log in with your own ID / password.