At Hypergate we constantly improve our products and develop new features which help you to ensure better usability and even better security. Introducing Hypergate’s newest feature: SmartAccess.
SmartAccess is a local rule engine which allows the IT administrator to use Context Data such as Geofences, WIFI, requested resource etc. to trigger pre-programmed actions. With SmartAccess you can gain full control over when, where and how their employees get access to specific data.
To enable the SmartAccess service no additional infrastructure or network is needed.
Set Context Data, define Actions
SmartAccess gives you the tools to define a rule under what conditions access should be granted and how. A rule will be expressed in a JavaScript which preforms actions based Context Data. These can be summarised to the following:
Context Data
Geo-Fencing
Network Based
Time Based
Actions
User interaction
Network requests
Accept / Deny access
Let’s start with an example
Your sales team neither want to compromise on security nor on usability when they are in the office.
They just want the highest level of convenience which means directly accessing internal websites without additional security measures in place.
Since they are travelling quite a lot, it would be smart to step up the security whenever they are not in the headquarter.
Set up
Easily define, that when a member of the sales team is within your internal WIFI, authentication happens without any friction.
If a member of the sales team wants to authenticate from outside, you additionally ask for a Biometric validation (i.e. Fingerprint or Face ID).
// check if currently connected to the internal wifi if (context.wifi_ssid == "papers_internal") { // directly accept authentication request return environment.accept(); } else { // additionally ask for fingerprint var wasSuccessful = environment.requestBiometrics(); if (wasSuccessful) { // accept authentication request after fingerprint was accepted environment.accept(); } } // deny authentication request environment.deny();
To achieve this, SmartAccess does not require any additional infrastructure or backend components. All the processing is done in a secure way on the managed device. To give you an impression how powerful SmartAccess is, you can have a look at the passed context as well as the available events and actions:
// This data will be gathered on the device: var context = { "event": "AUTHENTICATOR_INITIAL_AUTHENTICATION", "resource": "HTTP/hypergate.com", "requesting_package_name": "com.android.chrome", "platform": "android", "os_version_code": 28, "os_version": "9.0", "username": "ale", "account_expiry": 3456789678, "password_expiry": 6789067890, "tgt_expiry": 3456789, "wifi_ssid": "papers_internal", "activity_type": "IN_VEHICLE", "country": "CH", "fence": [ "office" ], "local_time": "01.01.2020+0200", "timestamp": 567890987654, "custom_payload": { "groups": [ "HR", "MANAGEMENT" ], "secret_question": "What was your first dogs name?", "secret_answer": "Bello" } }
Available events:
An event is a hook, when SmartAccess is triggered. It is propagated as part of the context and is usually the first thing to check to assure your code is running at the right time. Available events are:
| Event | Description |
| AUTHENTICATOR_OPEN | Triggered when the Hypergate Authenticator application is opened |
| AUTHENTICATOR_INITIAL_AUTHENTICATION | Triggered before a TGT is requested |
| AUTHENTICATOR_SERVICE_AUTHENTICATION | Triggered before a Service Ticket is requested |
| AUTHENTICATOR_CHANGE_PASSWORD | Triggered before the password change flow starts |
| UTILS_ON_USER_ACTIVITY_CHANGE | Triggered after the user activity changed (i.e. from “stil”l to “walking”) |
| UTILS_ON_EXIT_GEOFENCE | Triggered after any of the configured geofences is exited |
| UTILS_ON_IN_GEOFENCE | Triggered after any of the configured geofences is entered |
| UTILS_ON_COUNTRY_UPDATE | Triggered after the user country changed |
| FILES_OPEN | Triggered after the Hypergate Files application is opened |
| FILES_LIST_DIRECTORY | Triggered before a folder content is listed in Hypergate Files |
| FILES_READ_FILE | Triggered before a file is opened in Hypergate Files |
| FILES_WRITE_FILE | Triggered before a file is written in Hypergate Files |
Actions
Actions allow you to interact with the user, make network requests or accept and deny the request. All the actions are also emulated in our SmartAccess configurator for testing at http://config.hypergate.com/tabs/smartaccess .
// the following methods can be called to control business logic (javascript syntax) environment.store(key, payload): void // store data environment.load(key, defaultValue): string // load previously stored data environment.showAlert(title, message): void // show an alert environment.showDialog(title, message): string // show a dialog with user input environment.requestBiometrics(): boolean // request biometric authentication environment.get(url, headers = [{'key': string, 'value': string}]): result // get webservice request environment.post(url, body, headers = [{'key': 'Authorization', 'value': 'ApiKey xyz'}]): result // post webservice request environment.put(url, body, headers = []): result // put webservice request environment.delete(url, headers = []): result // delete webservice request environment.accept(): void // accept / approve request environment.deny(): void // deny / reject request utils.needleInHaystack(needle, haystack): boolean // helper class for in list search
Use Cases
These are the currently available methods, with further updates, we will gradually add more methods. This very powerful feature set allows us to cover use cases such as:
- Increase security level based on
- Location
- Time, Date (i.e. Expiring access), or even Day (i.e. Weekdays only)
- Requested resource (i.e. intranet.com vs. secure.intranet.com)
- Action (i.e. validate secret question before changing password)
- Reporting
- Report failed authentication attempts
- Report to backend when entering / leaving geofence
- Business rules:
- Start / Stop tracking time when entering / leaving a geofence
- Set out of office reminder when outside of the country
These are just some examples to give you an impression of what might be possible. They are by no means complete. To give you an impression of how easy it is to develop such rules, we developed a configurator which emulates Hypergates behaviour. You can find it (including some samples) at https://config.hypergate.com.
Smart Access is available for Hypergate Professional Android and coming soon to Hypergate iOS. Please reach out to us if you have questions regarding Smart Access.
See how it works
Hypergate Files
Is a very simple file browser that provides seamless access to on-premise network shares. Let your users collaborate freely with their teams and edit all files directly on their mobile devices. All file types are supported by their native apps, no special viewer, editor or custom implementation, just pure usability.
Hypergate Authenticator
Delivers a seamless and secure Single Sign-On solution integrating directly with Active Directory. The solution leverages industry standards like Kerberos to provide the best possible user experience without compromising on security. Save IT support costs by allowing your users to change or reset their expired passwords on their own devices, no computer needed.
