Direct access to Enterprise web apps 编辑
Enterprise web applications like SharePoint, JIRA, Confluence, and others which are hosted by the customer either on-premises or on public clouds, can now be accessed directly from a client browser. End users no longer need to initiate access to their enterprise web apps from the Citrix Workspace experience. This feature also enables end users access to the web apps by clicking links from their emails, collaboration tools, or browser bookmarks. Thus provisioning a true zero footprint solution to the customers.
How it works
Add a new DNS record or modify an existing DNS record for the configured Enterprise web apps.
IT administrator would add a new public DNS record or modify an existing public DNS record for the configured enterprise web app FQDN to redirect the user to the Citrix Secure Private Access service.
When the end-user initiates access to the configured enterprise web app, the app traffic is steered to the Citrix Secure Private Access service, which then will proxy the access to the app.
Once the request lands on the Citrix Secure Private Access service, it checks for user authentication and application authorization, including contextual access policies checks.
Upon successful validation, the Citrix Secure Private Access service communicates with Citrix Cloud Gateway Connectors or Connector Appliances, deployed at the customer’s environment (either in on-premises or cloud) to enable access to the configured enterprise web app.
Configure Citrix Secure Private Access for direct access to Enterprise web apps
Prerequisites
Before you begin, you need the following for the application to be configured.
- Application FQDN
- SSL certificate – Public certificate for the app to be configured
- Resource location – Install Citrix Cloud Gateway Connectors or Connector Appliances
- Access to the public DNS record to update it with the canonical name (CNAME) provided by Citrix during the app configuration.
Procedure to configure direct access to Enterprise web apps:
Important:
For a complete end-to-end configuration of an app, see Admin guided workflow for easy onboarding and set up.
On the Secure Private Access home page, click Continue.
Note:
The Continue button appears only for the first time that you use the wizard. In the subsequent usages, you can directly navigate to the Applications page and, then click Add an app.
Set up identity and authentication. For details, see Admin guided workflow for easy onboarding and set up.
Proceed to add an app. For details, see Add and manage applications.
Select the app that you want to add and click Skip.
In Where is the application location?, select the location.
Enter the following details in the App Details section and click Next.
App type – Select the app type (HTTP or HTTPS).
App name – Name of the application.
App description - A brief description of the app. This description that you enter here is displayed to your users in the workspace.
App icon – Click Change icon to change the app icon. The icon file size must be 128x128 pixels. If you do not change the icon, the default icon is displayed.
If you do not want to display the app icon, select Do not display application icon to users.
Select Direct Access to enable users access the app directly from a client browser. Enter the following details.
- URL – URL for the back-end application. The URL must be in HTTPS format and a corresponding DNS entry must be added by the admin.
SSL certificate – Select an existing SSL certificate from the drop-down menu or add a new SSL certificate by clicking Add New SSL Certificate.
Points to note:
- Only a public or a trusted CA certificate is supported. Self-signed certificates are not supported.
- Full chain of certificate must be uploaded.
Related Domains – The related domain is auto-populated based on the URL that you have provided. Related domain helps the service to identify the URL as part of the app and route traffic accordingly. You can add more than one related domain. You can bind an SSL certificate to each related domain, this is optional.
- CName record – Auto generated by Secure Private Access. This is the value that must be entered in the DNS to enable direct access to the application.
Click Next.
In the Single sign on section, select your preferred single sign-on type to be used for your application and click Next.
In the App Connectivity section, you can either select an existing resource location or create one and deploy a new Gateway connector or a Connector Appliance. To choose an existing resource location, click one of the resource locations from the list of resource locations, for example My Resource Location, and click Next. For details, see Route tables to resolve conflicts if the related domains in both SaaS and web apps are the same.
Click Finish. The app is added to the Applications page. You can or edit or delete an from the Applications page after you have configured the application. To do so, click the ellipsis button on an app and select the actions accordingly.
- Edit Application
- Delete
Note:
To grant access to the apps for the users, admins are required to create access policies. In access policies, admins add app subscribers and configure security controls. For details, see Create access policies.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论