How can I manage Zero Trust Application Access?

Follow

Perimeter 81's Zero Trust Application Access is a cutting-edge solution that allows organizations to provide their workforce with secured, zero trust access to popular web applications -- without an agent.

By applying user connection identification rules, continuous protection of your organization’s applications will be seamlessly implemented.
Based on customized protocols, organizations have the opportunity to deploy four types of application access to their workforce.

To get started, you’ll need to add an application to your Perimeter 81 account.

 

Go to the Applications tab and click "Add Application":

 

mceclip0.png

 

The "Add Application" screen will appear: 

 

Application Identification Data
mceclip0.png
  • Application name
  • Protocol, currently RDP, SSH, HTTP/s and VNC supported
  • Application Icon
General Settings data
mceclip9.png

 

  • Port - The port the server is listening on, usually 3389 for RDP, 80 or 443 for HTTP/s and 22 for SSH.
  • Network - Your Perimeter 81 Network that is interconnected with the network that holds the Web Server
  • Maximum number of connections - The maximum number of concurrent RDP sessions. It should multiply by the number of Perimeter 81 gateways.
  • Ignore server certificate  (RDP Only) - If set to "true", the certificate returned by the server will be ignored, even if that certificate cannot be validated. This is useful if you universally trust the server and your connection to the server, and you know that the server's certificate cannot be validated (for example, if it is self-signed).
  • Admin console (RDP Only)-  If set to "true", you will be connected to the console admin session of the RDP server.
URL Alias

mceclip5.png

Enable URL alias for direct browser access, if you have SSL certificates to attach you will have to activate the URL alias:

  • External Domain (CNAME) - The URL alias (DNS CNAME) for the application
  • SSL Certificate - The SSL Edge certificate that matches the URL alias given.
Authentication Data

mceclip0.png

  • Authentication type - Username/ Password or Private Key/ User Name/ Passphrase
  • Username  - The username to use to authenticate your access
  • Password  -The password to use when attempting authentication for access
  • Private key  - The entire contents of the private key to use for public key authentication. If this parameter is not specified, public key authentication will not be used. The private key must be in OpenSSH format, as would be generated by the OpenSSH ssh-keygen utility.
  • Username - The username to use for authentication. If not specified, you will be prompted for the username upon connecting.
  • Passphrase - The passphrase to use to decrypt the private key for use in public key authentication. This parameter is not needed if the private key does not require a passphrase. If the private key requires a passphrase, but this parameter is not provided, the user will be prompted for the passphrase upon connecting.
Customer HTTP Headers (for HTTP/s only) 

mceclip6.png

  • Hardcoded HTTP headers to be attached to every request
Access Groups

mceclip7.png

  • Perimeter 81 groups that can access the application
Policy

mceclip8.png

  • The access policy that will be used to validate every session

 After you have applied the settings for the application, a list of the applications that you deployed will be available.

 

mceclip2.png

 


Once in the settings of the application, you will able to switch which group of users will have access and which policy will be enabled for the application.

If the user's identification and policy rules match up, they will have access to the application deployed on the network.
Each user will see a complete list of available applications that they have permission to access.
Once they click on the application they will be automatically connected and will be able to work more securely.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.