In this blog we are going to discuss about how to leverage Citrix Secure private access service to enable ZTNA features for SaaS/Web Applications without the need for VPN or Citrix XenApp Servers.
Publishing Internal SaaS application via Secure Private Access.
Navigate to Citrix Cloud, under my services select “secure private access”.
In the Secure private access console, click on the Applications tab.
Click on “Add an App” to initiate the application addition process.
You can either choose the pre-configured templates like deploying OWA, Service now etc. Else you can click on “Skip” to skip the templates.
In the “App details” section select the “where is the application located?” as “Inside my corporate network”.
Provide the App name, description, category, the webapp URL and also the domain name which will be used for DNS resolution. For example, if I am publishing http://mymail.amalcloud.xyz, then make sure amalcloud.xyz is configured in the related domains for DNS resolution.
You can also change the app icon, option to set the app as a favorite in the workspace app.
You can configure the authentication type in the “single sign on” section. You can use SAML, Kerberos and other authentication modes for the application to authenticate. For this blog, I am skipping the authentication and select “Don’t use SSO”.
In the “app connectivity” section, you can specify how the connectivity to the app will happen. As we are publishing internal websites, you need to select the connection type as “Internal via Connector” and provide the resource location. It is mandatory to deploy Citrix Connector appliance for making the internal websites work as the web traffic will traverse via the connector appliance to the app server.
Click Finish to complete the app publishing.
Creating the Access policies
Just by creating the app publishing, the application will not be accessed or assigned to any users. For publishing an application to the end users/groups, we need to create access policies in the Secure private access portal.
To create the access policies, click on “access policies” in the left pane and click on “Create policy”.
In the Create policy wizard, provide the policy name, description, and select the applications to be part of the rules and Click Save.
Under the policy rules, click on “create rule” to create the access policy rule. This is the place where we are publishing the application to specific end users/groups.
In the Create new rule wizard, provide the rule name and description and click Next.
In the conditions tab, select the user* as “matches any of” and select the domain. You need to search for the user/group and click Next.
Note: – For enabling additional access rules like disabling clipboard, watermark etc. need additional “SPA Advanced” license.
In the “Action” conditions tab, select “allow access” and click next. Review the settings and click finish to create the rule.
Once the rule is selected, click on save and enable the tick box “enable policy on save” to enable the policy.
You cannot access web applications via HTML5 as secure private access leverages enterprise browser to securely publish the web application. You will get the below error once you access the web application via HTML5.
Configure the workspace app using the configuration file which can be downloaded from “Workspace configuration”.
You will be able to see the web application in the workspaces client. The web application will open in the enterprise browser part of the workspaces application.
The application has opened in the enterprise browser.
Hope this blog is informative to you. Please feel free to share your feedback.
