HDE Access Control Admin Console Guide : System Settings

This article consists of instructions on how to properly configure and customise the settings in Access Control Admin Console in order to best suit the environment of your organisation.

There are three parts of settings in Access Control Admin Console: System settings, User settings, and Secure Browser Settings. As for this particular article, only the System settings will be explained. The User settings and Secure Browser Settings can be found in separate documents.

This Admin Console guide is consists of five components:

1) Domain Settings
2) Access Log
3) Batch Registration Log
4) OAuth Client Settings
5) Sync Log

1) Domain Settings  

The Domain Settings itself is consists of four components:

a) Login Screen Appearance
b) Password Related Settings
c) Secure Browser Settings
d) Other Settings

a) Login Screen Appearance

☆ 1 - Log in to your Access Control Admin Console

https://ap.ssso.hdems.com/admin/yourdomain

Picture1__20_.png

☆ 2 - After logging in to the Admin Console, please click on "Domain Settings" as shown as below. Then, click on "Edit".

Screen_Shot_2015-12-21_at_12.39.40_PM.png

☆ 3 - In the Edit settings interface, there are a few configurations such as :

1) Title string : Here you can define the name of the webpage of your HDE Access Control Admin Interface.

2) Display remember login : The admin could configure to show or hide the "Remember Login" option in the console login page. If the "Remember Login" option is checked, the login session will be retained even if the browser or tab is closed and relaunched.

3) Ignore domain name : If this is enabled, the users are able to log in with just the username part without the domain name part. For example, the user can just log in with just "username" instead of the full "username@yourdomain.com".

4) Logo URL : The admin could change the Logo image of the login page here.

Screen_Shot_2015-12-21_at_12.40.08_PM.png

b) Password Related Settings 

☆ 1 - Return to the "Domain settings" interface, you will be able to find the "Password Related Settings" as shown as below. Then, click on "Edit".

Screen_Shot_2015-12-21_at_3.11.45_PM.png

☆ 2 - In the "Password Related Settings" interface, there are a number of configurations such as : 

Edit.png

1) Password Policy : The admin could set the policy to ensure that the password strength of each user is strong enough to fit the requirements of the organisation's security policy. The list of policies are as shown as below.

Screen_Shot_2015-12-21_at_3.14.26_PM.png

2) Password min length : The admin could fix the minimum length of the password here.
3) Notice for password policy : An acknowledgement to be displayed on the interface when a user wants to change the password.
4) Password expiration days : The admin could set the period of time that the user's passwords to be available until they expire. 
5) Action on password expiration (browser) : The admin can set the browser's behaviour after the password is expired. The options are as shown as below.

Screen_Shot_2015-12-21_at_3.16.06_PM.png

6) Action on password expiration (rich client application) : For the users that are using Rich Client Applications, when the password expires, the admin could set the application to do nothing or prohibit the user from logging in until the user has changed the password. 

Screen_Shot_2015-12-21_at_3.16.37_PM.png

7) Notification mail : The notification email will be sent to the user if the admin decided to prohibit the user from logging in to the system when the password is expired.

8) Exclude admin : When this option is enabled to exclude the admin from the policy, admin is not required to change the password even when the password expiration is due.

Screen_Shot_2015-12-22_at_4.31.07_PM.png

c) Secure Browser Settings 

☆ 1 - Return to the "Domain settings" interface, you will be able to find the "Secure Browser Settings" as shown as below. Then, click on "Edit".

Screen_Shot_2015-12-22_at_4.43.21_PM.png

☆ 2 - In the "Secure Browser Settings" interface, there are two configurations to be made : 

1) Auto device authentication : If this setting is disabled, all the devices will be required to obtain to authentication from the admin in order to use the HDE Secure Browser. On the other hand, if it is enabled, all the devices will not be required to have authentication from admin in order to use HDE Secure Browser.

2) Device authenticated notification email : If an email address is being input here, every time a device requests for authentication approval, a notification email will be sent to the email address.

Screen_Shot_2015-12-22_at_4.43.57_PM.png

d) Other Settings 

☆ 1 - Return to the "Domain settings" interface, you will be able to find the "Other Settings" as shown as below. Then, click on "Edit".

Screen_Shot_2015-12-22_at_5.26.56_PM.png

☆ 2 - Download server certification for setting up HDE Access Control with Office 365/ G Suite

Screen_Shot_2015-12-24_at_11.55.22_AM.png

The server certification can be used to in the setups below:

1) Please refer to this article: HDE Access Control : Single Sign-on Setup (Office 365)
2) Please refer to this article: Setting Up HDE Access Control (G Suite)

☆ 3 - In the"Other Settings"'s Edit settings interface, there are a few configurations such as :

Screen_Shot_2015-12-22_at_5.59.48_PM.png

1) Lockout activate times : The admin could set the number of times the user is allowed to enter the wrong password before the account is being locked out.

2) Lockout term : The admin could set the period of time for the account lockout. 

3) Pass-cookie expiration days : The life span of the Pass-cookie. Pass-cookie is a piece of data that will be issued and stored in the user's browser for a certain period of time. Its basic purpose is to allow user under certain condition to access to the cloud services even when the policy disallow.  

4) Pass-cookie secret key : Secret key that is used to generate and validate the Pass-cookie. The admin could change the value of this secret key in order to disable all issued Pass-cookie. If this value is empty, the system will not issue any Pass-cookie to any user.

5) Timezone : The admin could set the timezone of the console to suit the locale of the user's organisation.

6) Locale : The admin could set the locale of the console that the organisation is located in.

7) logout_url : The link that users be redirected to after logging out.

2) Access Log  

The Access Log in Access Control Admin Console allows administrator to monitor the login activities of the cloud services. In the log, you will be able to see all the accepted and denied login attempts and their date, username, ip address, and type of device used. 

Screen_Shot_2015-12-24_at_2.48.11_PM.png

3) Batch Registration Log  

The Batch Registration Log in Access Control Admin Console allows administrator check the record for Batch Registrations that have been done in the past. Batch Registration allows administrator to register multiple users into Access Control all at once.

Screen_Shot_2015-12-24_at_3.03.48_PM.png

4) OAuth Client Settings  

The OAuth Client Settings contains OAuth Client details that is required while setting up Access Control with Office 365 domain. 

Screen_Shot_2015-12-24_at_3.14.17_PM.png

To see the actual usage of the OAuth Client details,
please refer to this link : HDE Access Control : HDE One Directory Sync (Office 365 with Azure Active Directory)

5) Sync Log  

The Sync Log in Access Control Admin Console allows administrator to monitor the account synchronisation activities between your Office 365 and Access Control. There are a few details that you can find in the Sync Log such as the date, synchronisation route, and the type of synchronisation such as adding, updating, deleting, and failure to synchronise.

Screen_Shot_2015-12-24_at_4.38.01_PM.png

          
Was this article helpful?

Frequently Asked Questions (FAQs)

Powered by Zendesk