Citrix Secure Private Access 编辑

September 30, 2022 Contributed by:  C

Citrix Secure Private Access

The Citrix Secure Private Access service enables the administrators to provide a cohesive experience integrating single sign-on, remote access, and content inspection into a single solution for end-to-end access control. IT administrators can govern access to approved SaaS apps with a simplified single sign-on experience. With the Citrix Secure Private Access service, administrators can also protect the organization’s network and end user devices from malware and data leaks by filtering access to specific websites and website categories. Administrators can enforce enhanced access security policies for secure access to SaaS applications. Once authenticated, employees have access to all critical business applications from any device irrespective of whether they are in the office premises, at home, or traveling.

Administrators can monitor user activities, such as malicious, dangerous, or unknown websites visited, and the bandwidth consumed, and risky download and upload behaviors. Using the Analytics around websites and website categories accessed, administrators can take corrective action to protect the enterprise network. At the same time, the service provides end users seamless and secure access to all their hosted apps.

Administrators can also restrict actions, such as restricted printing, downloads, and clipboard access (copy-paste).

The following diagram is a visual depiction of the Secure Private Access service.

Overview of Secure Private Access


Key capabilities of Citrix Secure Private Access

Following are some of the key tasks that you can complete with the Citrix Secure Private Access service:

  • Publish SaaS apps with single sign-on access - Once the user is authenticated to Citrix Workspace with a primary identity, subsequent authentication challenges to SaaS and web apps are automatically fulfilled by the single sign-on feature in the Citrix Cloud using SAML assertions.

By default, the SAML assertion utilizes the email address associated with the user’s Active Directory account (identity provider) with the email address associated with the user’s SaaS or web app account (service provider).

  • Set enhanced security policies for SaaS apps. (For example, watermark, copy-paste restriction, and prevent downloads.) - To protect content, organizations incorporate enhanced security policies within the SaaS applications. Each policy enforces a restriction on the Citrix Enterprise Browser when using Workspace app for desktop or on Secure Browser when using Workspace app web or mobile.
    • Preferred browser: Disables local browser use and relies on the Citrix Enterprise Browser engine (Workspace app - desktop) or Secure Browser (Workspace app – mobile and web).
    • Restrict clipboard access: Disables cut/copy/paste operations between the app and endpoint clipboard.
    • Restrict printing: Disables ability to print from within the app browser.
    • Restrict navigation: Disables the next/back browser buttons.
    • Restrict downloads: Disables the user’s ability to download from within the SaaS app.
    • Display watermark: Overlays a screen-based watermark showing the user name and IP address of the endpoint. If a user tries to print or take a screenshot, the watermark appears as displayed on the screen.
  • Provide contextual access - Although an authorized SaaS app is considered safe, content in the SaaS app actually can be dangerous - constituting a security risk. When a user clicks a hyperlink within a SaaS app, the traffic is routed through the web filtering feature, which provides a risk assessment for the hyperlink. Based on the hyperlink’s risk assessment, and the customized list of URL categories, the web filtering feature allows, denies, or redirects the hyperlink request from the user as follows:
    • Approved: The hyperlink is considered safe and the Citrix Enterprise Browser accesses within the Workspace app accesses the hyperlink.
    • Denied: The hyperlink is considered dangerous and access is denied.
    • Redirected: The hyperlink request is redirected to the Secure Browser service, where the user’s internet browsing activities are isolated from the endpoint device, the corporate network, and the SaaS app.
  • Security and performance analytics - Users invariably access SaaS apps that have enhanced security inherent in them. Workspace app, the Secure Private Access service, and the Secure Browser service provide the Security analytics service with information about the following user and application behaviors. These analytics impact the user’s overall risk score:
    • App launch time
    • App end time
    • Print action
    • Clipboard access
    • URL Access
    • Data upload
    • Data download

The web filtering feature evaluates the risk of each hyperlink selected within the SaaS application. Accessing these sites and monitoring changes in user behavior increases the user’s overall risk score because it signals the endpoint device is compromised and started to infect or encrypt data or the user and device are stealing intellectual property.

Note:

Launching of SaaS or Web apps through StoreFront is deprecated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:18 次

字数:5849

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文