Supported environments for HENNGE One

1. Supported OS / Browser

HENNGE Access Control / HENNGE Email DLP / HENNGE Email Archive / HENNGE Secure Transfer / HENNGE Tadrill

  Windows mac iOS iPadOS Android ChromeOS
OS Microsoft Supported Windows 10 or 11 The last 3 generations of codename versions The last 2 generations of major versions The last 2 generations of major versions The last 4 generations of codename versions Latest Version
Browser The latest published browser version
 Google Chrome
 Firefox
 Edge
 Google Chrome
 Safari
 Firefox
 Edge
 Google Chrome
 Safari
 Firefox  
 Edge
 Google Chrome
 Safari
 Firefox  
 Edge
 Google Chrome 
 Firefox
 Edge
Google Chrome

※ HENNGE Secure Transfer and administration screens for other services are provided only for the PC version.

※ IE mode in Edge is not supported.

End of support for Internet Explorer 11 in HENNGE One

HENNGE Secure Browser / HENNGE Secure Browser Desktop

  Windows mac iOS iPadOS Android
OS Microsoft Supported Windows 10 or 11 The last 3 generations of codename versions The last 2 generations of major versions The last 2 generations of major versions The last 4 generations of codename versions

※ HENNGE Secure Browser will give priority to supporting the services needed in daily work: "Mail," "Calendar," "Contacts." Services other than these are not guaranteed to be fully supported. Also, some services are not provided by Microsoft 365 / Google Workspace web interface. To use these services on mobile devices, please download the Native APP.

HENNGE Lock

  iOS iPadOS Apple Watch Android
OS The last 2 generations of major versions
The last 2 generations of major versions


The last 2 generations of major versions

The last 4 generations of codename versions

HENNGE Device Certificate(Including the Device Certificate import tool)

  Windows macOS iOS iPadOS Android Chrome OS
OS Microsoft Supported Windows 10 or 11 The last 3 generations of codename versions The last 2 generations of major versions The last 2 generations of major versions The last 4 generations of codename versions Latest Version
Browser The last 2 generations of versions, including the latest version
(One generation means one major version)
 Google Chrome
 Edge
 Firefox
 Google Chrome
 Safari  
 Firefox
 Safari   Google Chrome   Google Chrome 

HENNGE Cloud Protection

  Only the latest versions
Browser

Google Chrome

Safari

Firefox

Edge

HENNGE Directory Sync Tool

Cautions

The HENNGE Directory Sync Tool utilizes the proxy settings specified in the Internet Options. To configure the proxy settings, please log on to the server as the service startup account. For more details about the proxy setting, please refer to section [ 2. Network ].

1. Client Side Requirements

- A Windows / Windows Server machine being supported by Microsoft and participating in a domain managed by Active Directory;
or
- A machine that is an Active Directory domain controller and a Windows / Windows Server supported by Microsoft.

2. Software Requirements

2.1. .NET Framework 4.0 or above.

2.2. Windows PowerShell 3.0 or above.

2.3. The latest version of the Active Directory module in Windows PowerShell.

3. Network Requirements

3.1. HTTPS (443) Port is opened for external communication.

3.2. No auto-configuration scripts are used on the proxy server.

3.3. During connection, authentication is not required.

3.4. If the HENNGE Directory Sync Tool is not installed on the Active Directory Domain Controller, please ensure that the Active Directory Domain Controller satisfies the Communication Port requirements mentioned within the article written by Microsoft below.
How to configure a firewall for Active Directory domains and trusts

4. Requirements for Active Directory Domain Controller

4.1. A Windows Server supported by Microsoft.

4.2. The attribute [ unixUserPassword ] exists in the Active Directory user attributes.

4.3. Active Directory WEB Service is running.

HENNGE Connect Agent

1. OS : Should be a Windows Server supported by Microsoft.

For additional system requirements, please refer to the following help center:
Check System Requirements (HENNGE Connect)

Support policy for previous versions when a new version is released

1. If you are using an earlier version described in this article, please update your version.

※ In principle, HENNGE does not intentionally prevent users from connecting to its services, but the quality of the experience of using HENNGE One may gradually deteriorate.

2. Policy regarding Old Generation after Release of New Generation

Browser

When a new version is released, support for the latest version starts simultaneously. The oldest supported version will no longer be supported.

OS

Windows: We will inform you in advance.
Chrome OS: Follow Google's Auto Update policy (AEU). For more information regarding the Auto Update policy, click here.
iOS, iPadOS, watchOS, macOS, Android: The oldest supported version will no longer be supported. However, for these unsupported versions, there will have three month support buffer period after the "Supporting Start Day" set by HENNGE's latest version. 

3. As of May 2022, the supported OS versions are as follows

1. Windows: Windows 10 or Windows 11

2. macOS : macOS Big Sur 11, macOS Monterey 12, macOS Ventura 13

3. iOS : iOS 14, iOS 15

5. iPadOS : iPadOS 15, iPadOS 16

6. watchOS: watchOS 7, watchOS 8 

7. Android: Android 9, Android 10, Android 11, Android 12

2. Network

FQDN (URL)

The FQDN and port to allow access for each service are as follows.
Please configure the FQDN and port of your service and the communication permission settings for access.

Service FQDN Port

 HENNGE Email DLP

 console.mo.hdems.com
 host.gross.hdems.com
 hennge-dlp-history.s3.amazonaws.com
 *.transfer.hennge.com

 TCP/443

 HENNGE Access Control

 ap.ssso.hdems.com
 static.ssso.hdems.com
 static2.ssso.hdems.com
 ssso-v2015-02.s3.amazonaws.com
 ssso-spcfg-logo.s3.amazonaws.com
 dc.services.visualstudio.com
 *.auth.hennge.com

 TCP/443

 HENNGE Device Certificate

 verify.ssso.hdems.com
 cybertrust.deviceid.ne.jp
 *.lencr.org

 TCP/443

 HENNGE Connect 

 *.connect.hennge.io

 TCP/443

 HENNGE Connect Agent

 (Outbound communication only)

 *.ngrok.com
 *.ngrok-enterprise.com
 update.equinox.io
 connect.ngrok-agent.com
 dns.google.com
 s3.amazonaws.com

 TCP/443 

 HENNGE Directory Sync Tool
(Active Directory User Synchronization Module)

 sync.ssso.hdems.com
 admin.ssso.hdems.com
 ap.ssso.hdems.com

 TCP/443

 HENNGE Email Archive

 console.hdems.com

 TCP/443

 HENNGE Secure Transfer

 *.hdedrive.com
 *.transfer.hennge.com
 cdnjs.cloudflare.com

 TCP/443

 HENNGE Cloud Protection

 *.f-secure.com
 *.withsecure.com

 TCP/443

 HENNGE Tadrill

 console.tadrill.com

 TCP/443

Reverse IP filter in customer environment

 *.amazonaws.com

 TCP/443

※ When setting access permissions using a URL, enter "https://" at the beginning of the FQDN and "/*" at the end.
※ Wild card specification (FQDN including *) requires wild card permission settings because the FQDN to be communicated with changes dynamically.

IP Address

Since the HENNGE One service is operated using dynamically changing IP addresses, it is necessary to set access permission by specifying a range for all global IP addresses displayed at the link.

Please note that the list in the above link is subject to change without notice.

The type of IP address can access to service

Service Service page / feature IPv4 address IPv6 address
HENNGE Access Control

Old Admin Console(Classic view)
User Portal

Conditions of Access Control(*)

×
New Admin Console(Modern view)
Public API
HENNGE Email DLP All ×
HENNGE Email Archive All ×
HENNGE Secure Transfer All ×

HENNGE Tadrill

All

×

*Currently, only IPv4 addresses can be used for the conditions of access control functionality by HENNGE Access Control. We are now planning the IPv6 support in the future.

3. Single Sign-On

HENNGE Access Control (SAML Authentication)

・ Supports SAML 2.0
・ SAML authentication's NameID (user account information) matches one of the user information items on HENNGE Access Control
・ Supports both SP-Initiated SSO and IdP-Initiated SSO, or either one
・ Handles NameIDFormat as "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" or "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
・ Supports SAML signing certificates with SHA-256 (SHA-2)

HENNGE Access Control (OpenID Connect)

・ Relying Party supporting Authorization Code Flow
・ Confidential client
・ Client authentication is either client_secret_post or client_secret_basic
・ Scope includes openid, profile, email, offline_access
・ The following claims are available in the ID token: aud, iss, sub, iat, exp, hd, name, given_name, family_name, preferred_username, email, email_verified, zoneinfo, locale, updated_at, auth_time, nonce.
Redirect URI is either in HTTPS format URL or localhost (including 127.0.0.1, [::1]).

4. Mail services

HENNGE Email DLP / HENNGE Email Archive

1. Exchange Online(※1)

2. Google Workspace Gmail Webmail Service for Business(※2)

 

※1. Microsoft 365, Exchange Online, Edge, and Active Directory are trademarks or registered trademarks of Microsoft Corporation in the United States and other countries.
※2. Google Workspace, Gmail webmail service, and Chrome are trademarks or registered trademarks of Google LLC in the United States and other countries.

          
Was this article helpful?