API concepts

These resources allow you to interact with your EAA configuration using the API:

  • Application: A collection of services used within an enterprise, hosted either within the network perimeter of the enterprise or on the cloud. These span a broad range of categories including productivity, business operations, communication, and development operations. These applications can also include SaaS applications, Remote Desktop, or SSH sessions.
    You specify the type of application that you want to create. EAA categorizes applications as Access applications, SaaS applications, or Bookmark applications. You can add an application to EAA with either a predefined application profile or a custom application profile.

  • Application IDP: Specifies the identity provider (IDP) configuration settings for an application.

  • Application directory: Specifies the associated directory configuration settings for an application.

  • Application category: Create and assign application categories to logically organize the applications in EAA. An application can be assigned to one category and a category can be assigned to multiple applications.

  • Application bundle: Create and deploy groups of applications.

  • Application rewrite group: Rewrite groups allow you to apply rewrite rules across distinct applications that are related to one another.

  • Audit log report: Generates application audit log reports for a specified timeframe.

  • Admin Event Report: Admin event reports provide audit trails that demonstrate compliance. You can run an admin event report to generate logs on EAA login, configuration, and system events that are performed or triggered by an EAA administrator.

  • Services: An application's optional, additional set of services. Services include data compression, URL rewrite, Internet Content Adaption Protocol (ICAP), and URL path-based services. You can also add and modify service rules to configure the service's behavior.

  • Rules: Allows you to create access control rules to block or deny access to a set of applications.

  • IDP: Creates, maintains, and manages identity information for users, services, or systems. IIdentity providers (IDP) offer user authentication as a service. They create, maintain, and manage identity information for principals (typically a user) in a cloud. DPs allow you to link multiple directories together for a unified single sign-on (SSO) experience.
    Some IDPs can act as the directory and others can delegate authentication back to Active Directory (AD) or LDAP. IDPs provide authentication to applications within a federated or distributed network.

    • IDP directory: Specifies the associated directory configuration settings for the identity provider (IDP).

    • IDP block user: Use access control rules to block or unblock users in bulk.

  • Directory: A server that handles authentication and authorization of users. To authorize user access to applications in Enterprise Application Access (EAA), you add directories to EAA and associate them with connectors. Then you add groups with permissions and specify user membership.
    For new accounts, EAA creates a default Cloud Directory that you can use to add users and groups. You should also assign directories to identity providers (IDP) to provide identity as a service.

  • User: Specifies user accounts for individuals accessing EAA applications. You can add and manage user accounts in EAA or link user accounts to external IDP directories.

  • Group membership: Group membership allows you to view and manage a user's access to groups.

  • Connector: A virtual machine that provides access to a data center by acting as a reverse proxy. You can deploy multiple connectors for redundancy and scaling. Application and system metrics allow you to assess the health of a connector based on usage statistics.

  • Certificate: Certificates provide authentication between the client and server to securely send data using Transport Layer Security (TLS). You can create, upload, retrieve, modify, and delete certificates for various components of EAA.

  • Client: A desktop application installed on Windows or Mac computers that enables EAA functionality to end-users. The client gathers device data and reports these signals to EAA for use in device posture configuration.
    The client is required when enforcing wild card access settings.

  • Device Posture: Device posture allows you to capture end user device details and configure device-based access controls for a broad set of devices or for specific applications. EAA captures and reports signals that contain activity metrics for machines that access your applications. It takes approximately 10 minutes or less for a device value change to report back to EAA.
    Using this device data, you can view details or modify access for the following device signal information: Activity, Risk assessment, Browser activity, OS activity, System disk encryption, Firewall status, Anti-malware status, Device biometrics. Jailbroken devices, and Screen lock.

  • Integrations The Device Posture supports integrating third-party device signal data to factor into Risk Assessment calculations. Currently the supported third-party vendors are Carbon Black and Crowdstrike. Refer to Configure Device Posture integrations for more details.