Quick Guide Three HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Manage Accounts and Storage User Accounts Add User Account…: Create Account manually

Manage Accounts and Storage Global User Account Settings: Setup how to auto-create users
Manage Accounts and Storage User Link Repair: Here you can fix if the user has change ad store or remove a user that can’t be found in AD anymore

  • Note that remove a user in Acces2 does not affect AD, only that all Authentication methods stop working and need to create new ones when you re-create the account.

  • Access2 has a setup that it will provide total information if you failed the login of security reason

Manage Accounts and Storage User Storage: Setup connection with ad and what store it will search in

Upgrade You can download and install it later, don’t need to do both at the same time

  • HAG is about 5 GB total with all disc space.
    It’s all to get a grip of the disk so they will have full control when a user does upgrade for example.

Manage System Notification Settings: Setup/Configure email and SMS so HAG can send Notification to user

Manage System Authentication Methods: Setup what Authentication Method, will be available for the user

Manage System Authentication Services à Manage Global Authentication Service Settings Password/PIN Settings: You can find password rules, expire and more for different Authentication

Manage System Certificates à Add Certificate Authority…: Add Certificate
Manage System Certificates Add Server Certificate…: Add Certificate (Has to be PEM)
                                                                 Access Points: Pick the new cert
                                                                 Policy Services: Pick the new cert
                                                                 Distribution Service: Pick the new cert

Manage Resource Access Access Rules: setup roles for access rights

Manage Resource Access SSO Domains Add SSO Domain…
Add for example user attribute
Add for example password attribute

Look for Web Resources you want to employ it to > Edit Resource Host…
Enable Single Sign-On
Pick Single Sign-On Type
Pick SSO Domain solution you have picked

Manage Resource Access SAML Federation Add SAML Federation…

Quick Guide Two HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

Part 1 PortWise Synchronized
Page 2 Change pin access2
Page 3 PortWise Invisible Token


Part 1 – Problem with Synchronized

You can only pick 1 or 2

1. Here user if there are close by, they can pick own pin code that they will user in VPN and access2.

2. Here you generate a pin for the user that user will get a notification on (depending what you pick as notification)

You can only pick 3 or 4
3.  You pick this one user will receive a long number and letter combination that they haft to type och past in TruID. (Click on +, inside Truid. Then advanced, paste in the second line (Enter Seed for profile)).

4. You pick this one user will receive a mail with a link, click on it will come to another page with another link to click on after click on that one TruID will start automatic (if the user has it installed and doing this on the phone) and create a profile based on pin selection you did.

Hint – If nr 2 generated password is not working of some reason picking a password nr 1


Part 2 – Help with change pin in Synchronized

If a user still gets a problem after following the instruction from access2 with changing the password, go to the page before and do option 1 manually pick a pin code.


Part 3 – Problem with PortWise Invisible Token

Try uncheck Enable PortWise Invisible Token, save Then look up user again and check Enable PortWise Invisible Token.
See if that helps.

Quick Guide One HAG

All the examples are made for HAG (Hybrid Access Gateway) federated with AD. It might not work the same in your environment

  1. Surf to HAG admin portal
  2. Login with the admin account and password
  3. Go in to Manage Accounts and Storage
  4. Pick  User accounts  to the left menu


Continue to the part that fits you best

Part 2 – Delete misspelled user
Part 3 – Add User
Part 4 – Forgot Pin
Part 5 – Check if the user account is locked
Part 6 – View User log


Part 2 – Have users id been misspelled?

Delete misspelled user
It’s ok to delete it, it will only affect access2
(make sure its not a local account, these examples are meant for account

  1. Search for the person in the User ID field
  2. First name* (don’t forget *)
  3. Pick the person that is misspelled by click on it.
  4. In the bottom part of the screen, you can find Delete
  5. Click on it and approve it

Done


Part 3 – Add a user account

  1. Click on Add User Account…
  2. Write users normal account on the domain
  3. Click on the link (so it will connect with AD), after that click next
  4. Now you should have entered PortWise Authentication Settings

    Check and Enable (check them in order a, c, b)
    1. PortWise Mobile Tex
    1. PortWise Invisible Token
    1. PortWise Synchronized

      a and b can only be checked if a Mobil nr is added to Active Directory
  5. On PortWise Mobile Tex, and PortWise Invisible Token
    Check Use password from directory service

  6. On PortWise Synchronized
    You pick Generate PIN
    Seed under Select how to activate soft token

    Notification – By Screen and E-mail

    Next
    Next
    Finish wizard

Part 4 – Forgot password

  1. Search for the user first name* (don’t forget *)

  2. Click on the user and then go to PortWise Authentication
  3. Now you go to PortWise Synchronized (if you can’t find it go the bottom of the screen to enable it)
  • Go to the bottom and pick

Save


Part 5 – Check if an account is locked


Search for the person that has the problem first name* (don’t forget *)

If Disabled is checked then account I Active Directory is Disabled, DON’T TOUCH IT!

If any of the other three
                             Locked access
                             Locked authentication
                             Locked Time-Lock Authentication

Locked (checked) then uncheck and save

Part 6 – View User log

  1. Search for the user that you want to check user log on the first name* (don’t forget*)
  2. Click on the user you should end up under General Settings, go down to the bottom
    you should find View user log like the picture below

Click on view log when you have added the time period you want to check.