Restart admin portal HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

HAG is working and alive, but you can’t log in on the admin portal.

  1. Putty to HAG server
  2. Login as: with your admin account.
  3. When asked for input, Press x.
  4. Run this command: sudo /etc/init.d/administration-service restart
  5. You will have to enter the admin password again to force restart on this service.

When that done, do a restart, it will take about 3 – 5 min to restart and get all Services up again.
Restart will not effect you live environment only admin portal.

Reset Synchronized Pin in HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Reset pin in HAG (Hybrid Access Gateway)

Surf to your login page for HAG
Pick Synchronized


Login in with your Synchronized application

If your pin has expired, you will receive this message
Use a new pin (that you pick 6 numbers) to generate new OTP in the Synchronized application.


Do it again to confirm


Done!


Reset Synchronized Pin in HAG

Create report in HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

How do you create reports in HAG (Hybrid Access Gateway)

  1. Surf to your HAG Admin portal
    Login with your admin account

  • Go Reports in the left menu


  • Pick on the right side Access report…
  • Pick what time range you want to search on
    Then Click on Generate Report
  • You can look at the report

Or you can download the report

HAG Publish button

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Check Diff from running configuration to what will be deployed in your HAG (Hybrid Access Gateway)

Remember things might have changed with other versions so be careful

The published button is blue but you don´t know what will be published

Sign in with your admin account with putty on your HAG server.
1. Run sudo su
    Type admin password again
2. cd /opt/companyname/administration-service/config
3. run command:
    diff RemoteConfiguration.xml published/remoteConfiguration0.xml

A list with changes will be displayed

Application rights HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

  1. Login on with your admin account in the
    HAG (Hybrid Access Gateway) Admin portal
  2. Pick Manage Resource Access
  3. Pick what software you looking for and then to the right you will see what access is required

Registered Resources row, you can see all your web resources.
To the right, you can see access rules if person or AD Group that decides ad requirements to access that resource

Add superuser in HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Hybrid Access Gateway, HAG

Login with your admin account on HAG admin portal

Go to
Then  on the left side

Pick, , then
There you can add Administrator when you add new Administrator enter full ad username.

Then click Search, add, save and then Publish

Quick Guide Three HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Manage Accounts and Storage User Accounts Add User Account…: Create Account manually

Manage Accounts and Storage Global User Account Settings: Setup how to auto-create users
Manage Accounts and Storage User Link Repair: Here you can fix if the user has change ad store or remove a user that can’t be found in AD anymore

  • Note that remove a user in Acces2 does not affect AD, only that all Authentication methods stop working and need to create new ones when you re-create the account.

  • Access2 has a setup that it will provide total information if you failed the login of security reason

Manage Accounts and Storage User Storage: Setup connection with ad and what store it will search in

Upgrade You can download and install it later, don’t need to do both at the same time

  • HAG is about 5 GB total with all disc space.
    It’s all to get a grip of the disk so they will have full control when a user does upgrade for example.

Manage System Notification Settings: Setup/Configure email and SMS so HAG can send Notification to user

Manage System Authentication Methods: Setup what Authentication Method, will be available for the user

Manage System Authentication Services à Manage Global Authentication Service Settings Password/PIN Settings: You can find password rules, expire and more for different Authentication

Manage System Certificates à Add Certificate Authority…: Add Certificate
Manage System Certificates Add Server Certificate…: Add Certificate (Has to be PEM)
                                                                 Access Points: Pick the new cert
                                                                 Policy Services: Pick the new cert
                                                                 Distribution Service: Pick the new cert

Manage Resource Access Access Rules: setup roles for access rights

Manage Resource Access SSO Domains Add SSO Domain…
Add for example user attribute
Add for example password attribute

Look for Web Resources you want to employ it to > Edit Resource Host…
Enable Single Sign-On
Pick Single Sign-On Type
Pick SSO Domain solution you have picked

Manage Resource Access SAML Federation Add SAML Federation…

Quick Guide Two HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Part 1 PortWise Synchronized
Page 2 Change pin access2
Page 3 PortWise Invisible Token


Part 1 – Problem with Synchronized

You can only pick 1 or 2

1. Here user if there are close by, they can pick own pin code that they will user in VPN and access2.

2. Here you generate a pin for the user that user will get a notification on (depending what you pick as notification)

You can only pick 3 or 4
3.  You pick this one user will receive a long number and letter combination that they haft to type och past in TruID. (Click on +, inside Truid. Then advanced, paste in the second line (Enter Seed for profile)).

4. You pick this one user will receive a mail with a link, click on it will come to another page with another link to click on after click on that one TruID will start automatic (if the user has it installed and doing this on the phone) and create a profile based on pin selection you did.

Hint – If nr 2 generated password is not working of some reason picking a password nr 1


Part 2 – Help with change pin in Synchronized

If a user still gets a problem after following the instruction from access2 with changing the password, go to the page before and do option 1 manually pick a pin code.


Part 3 – Problem with PortWise Invisible Token

Try uncheck Enable PortWise Invisible Token, save Then look up user again and check Enable PortWise Invisible Token.
See if that helps.

Quick Guide One HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

  1. Surf to HAG admin portal
  2. Login with the admin account and password
  3. Go in to Manage Accounts and Storage
  4. Pick  User accounts  to the left menu


Continue to the part that fits you best

Part 2 – Delete misspelled user
Part 3 – Add User
Part 4 – Forgot Pin
Part 5 – Check if the user account is locked
Part 6 – View User log


Part 2 – Have users id been misspelled?

Delete misspelled user
It’s ok to delete it, it will only affect access2
(make sure its not a local account, these examples are meant for account

  1. Search for the person in the User ID field
  2. First name* (don’t forget *)
  3. Pick the person that is misspelled by click on it.
  4. In the bottom part of the screen, you can find Delete
  5. Click on it and approve it

Done


Part 3 – Add a user account

  1. Click on Add User Account…
  2. Write users normal account on the domain
  3. Click on the link (so it will connect with AD), after that click next
  4. Now you should have entered PortWise Authentication Settings

    Check and Enable (check them in order a, c, b)
    1. PortWise Mobile Tex
    1. PortWise Invisible Token
    1. PortWise Synchronized

      a and b can only be checked if a Mobil nr is added to Active Directory
  5. On PortWise Mobile Tex, and PortWise Invisible Token
    Check Use password from directory service

  6. On PortWise Synchronized
    You pick Generate PIN
    Seed under Select how to activate soft token

    Notification – By Screen and E-mail

    Next
    Next
    Finish wizard

Part 4 – Forgot password

  1. Search for the user first name* (don’t forget *)

  2. Click on the user and then go to PortWise Authentication
  3. Now you go to PortWise Synchronized (if you can’t find it go the bottom of the screen to enable it)
  • Go to the bottom and pick

Save


Part 5 – Check if an account is locked


Search for the person that has the problem first name* (don’t forget *)

If Disabled is checked then account I Active Directory is Disabled, DON’T TOUCH IT!

If any of the other three
                             Locked access
                             Locked authentication
                             Locked Time-Lock Authentication

Locked (checked) then uncheck and save

Part 6 – View User log

  1. Search for the user that you want to check user log on the first name* (don’t forget*)
  2. Click on the user you should end up under General Settings, go down to the bottom
    you should find View user log like the picture below

Click on view log when you have added the time period you want to check.