device recognition with option disabled
HSNM administration backend general discussion

Rate this topic
   Post Reply
8 posts   •   Page 1 of 1
khGAP
Posts: 10
Joined: 07 Nov 2018, 13:41

device recognition with option disabled

by khGAP » 15 Nov 2018, 12:51

Hi,

we have users in different Domains. Only one domain (the one the Gateway is linked to) has the "Device Recognition" enabled.
But user from all other domains are now recognized as well, despite in their Domains device recognition is disabled.

This behaviour was introduced with last (or penultimate) update.
Can you confirm this?

HSNMSupport
Posts: 1553
Joined: 26 Jul 2016, 09:16

Re: device recognition with option disabled

by HSNMSupport » 15 Nov 2018, 14:29

Hi khGAP,

Are those mentionated domain federated? If yes, what you are seeing is normal because we added a change on federation in the 6.0.156 update.

Here an extract from the available change log:
3) New If in the domain you have enable “Recognize the user based on the device ", now it also considers the federated domains.

Best Regards.

khGAP
Posts: 10
Joined: 07 Nov 2018, 13:41

Re: device recognition with option disabled

by khGAP » 15 Nov 2018, 14:49

Hi,

yes, the domains are federated. Is it possible to configure the system somehow to the 'old' standard?
Because we have a lot devices shared among different users. And now the last logged-in user is always recognized.

That is the reason, why we have set-up different doamins. I see no benefit from this change, we were able to achive the same by configuring the domains.

HSNMSupport
Posts: 1553
Joined: 26 Jul 2016, 09:16

Re: device recognition with option disabled

by HSNMSupport » 15 Nov 2018, 15:11

Hi khGAP,

you just have to disable "Device Recognition" option in the single domain where you enabled that option.

Because it doesn't make sense enabling that option if many users share the same device/devices. Or it could make sense but, then, it doesn't make sense enabling federation.

Hope to have been clear.

Best Regards.

khGAP
Posts: 10
Joined: 07 Nov 2018, 13:41

Re: device recognition with option disabled

by khGAP » 15 Nov 2018, 15:51

Then we have to disable the device recognition on the public domain as well. We think this takes away a lot of flexibility, we used this setup since a few years and it worked great (plublic domain = recognition enabled / internal domains = recognition disabled).

One thing we found testing the "all device recognition disabled"-option. If we have enable the 'Complementary Access' and a user from another domains logs-in, the next time the complementary-access field won't display.

Example: Employee uses a laptop with his username/password, he log off. Next time the laptop will we used by an guest, he doesn't sees the 'Complementary Access' field. If we delete the federation group, the 'Complementary Access' field shows up again. All device recognitions is disabled! It seems the system still recognizes the laptop and says, hey, your MAC-Address is in my employees-domains and I won't display you the 'Complementary Access' enabled in the public-domain. Now the guest complains because he is unable to login.

HSNMSupport
Posts: 1553
Joined: 26 Jul 2016, 09:16

Re: device recognition with option disabled

by HSNMSupport » 15 Nov 2018, 17:42

Hi khGAP,

I'm sorry but, as I told you before, the only thing you can do is to disable the recognition in the domain you told me it's active.
Features like federation, recognition and, as in you mentioned in your last example, complimentary access are based on the fact that user is using, and will use, its own device.

As for complimentary access, it is normal that, once a user has logged in from a device, the user who arrives later doesn't see the complimentary access.
Because this feature is based on the device MAC address and not on user credentials. So that is why now, with changes made for federation, system recognizes that a device used with complimentary access in a certain domain "A" can't be used in a second federated domain "B" due to the complimentary access behaviour itself, that is based, as already told, on device's MAC address.

I can understand that you say that, before, all was working fine with your configuration. But the root of the problem is that certain HSNM features are based on certain principles. So, it is necessary to understand well how these features were intended and, consequently, to use them in the correct and best way.

Best Regards.

khGAP
Posts: 10
Joined: 07 Nov 2018, 13:41

Re: device recognition with option disabled

by khGAP » 16 Nov 2018, 08:20

Hi,

thanks for clarification - you say the displaying of the 'Complementary Access' fields depends as well on a MAC recognition, even the device recognition is disabled on all domains (Option set to "No")? This is a bit confusing to be honest.

Our own devices are shared among employees and guests, therefore the old standard worked fine and granted us this flexibility.

Best regards

HSNMSupport
Posts: 1553
Joined: 26 Jul 2016, 09:16

Re: device recognition with option disabled

by HSNMSupport » 16 Nov 2018, 11:48

Hi khGAP,

Yes, exactly. Complimentary access itself is based on device MAC recognition. So, it works even if you don't enable Recognition option in the domains.

Best Regards.

Rate this topic

Who is online

Users browsing this forum: No registered users and 10 guests

It is currently 21 Nov 2024, 16:21