Add an application

Select an application that you want to securely access outside of your enterprise network. For example, try Sharepoint, SAP, Jira, Jenkins, or Confluence. Once created, you can search Enterprise Application Access for an application's name.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Click Add application.

  4. Select the application profile.

  5. Enter application name, and an optional description.

  6. Click Create App and Configure.
    The application configuration page opens.

Next, configure access parameters for your application.

Configure access parameters for an application

To manage access to your applications configure access parameters such as the server's private IP address or fully qualified domain name, whether your server runs HTTPS or HTTP, add external domain certificate, origin server certificate for HTTPS traffic, and the nearest cloud zone for an application. For more information on specific application types, see Configure and deploy a remote desktop (RDP) application and Configure and deploy a SSH application.

You see a DRAFT VERSION next to the application name, until you deploy it.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Select your access application.

  4. In Settings > GENERAL Application Server IP/FQDN is set to default application profile data. Configure the following:

    1. Protocol. Choose https (default) for secure web traffic or http for http traffic.

    2. Host: Port. Enter a valid internal IP address for the server or the fully qualified domain name (FQDN) that you use to access this web server when inside your company's network. Also enter an IP port number.
      For origin server certificate validation, you must provide an FQDN for the Application server. It cannot be done with an IP address of the app server.


      If no port is specified, port 443 is the default port. If your application doesn’t normally redirect you to the login page, you may need to include a suffix (for example, /login) in the last field of Host: Port.

    3. To configure multiple applications servers for load balancing, click Add More.
      Enterprise Application Access supports various load balancing techniques including round-robin, session or cookie stickiness, and source IP hash.

    4. Verify Origin Server Certificate (on-by-default). Allows you to do the origin server certificate validation (recommended). Also select a root CA certificate.
      If you disable Verify Origin Server Certificate and choose https, a warning message appears.

    5. ROOT CA Certificate. Choose the root CA certificate with the full bundle you uploaded into Enterprise Application Access. See Upload a ROOT CA certificate for origin server validation.
      If you enable Verify Origin Server Certificate and do not upload a ROOT CA Certificate, a warning message appears.

  5. If you configure a VNC application, optionally enter a VNC passphrase or password, if your server is configured to allow access via VNC.

  6. Select External Host Name domain type, and enter an external host name for the application.

    • If you select Use Akamai domain, you don't need to configure certificates.

    • The example of complete external URL to access application is If you use the Akamai domain (like, you don’t need to configure certificates or your external DNS.

    • If you select Use your domain, provide your own domain.


    If you use your own domain, you need to add a certificate and associate the certificate for your own domain and set up a CNAME redirect for the application.

  7. In Akamai Cloud Zone, select a cloud zone located closest to the data-center where your application resides.

  8. To associate a connector with your application click Add/Remove connector and select connector, and click Done.
    To remove a connector, click Disassociate next to it.
    To associate next connector, repeat this step.


    More than one connector is recommended for high-availability and load balancing.

  9. Click Save and go to Authentication.
    The Authentication tab opens.

Next, add authentication to the application.

  1. To configure authentication:

  2. Click Save and go to Services.
    The Service tab opens. If you want to configure these optional services, see Set up services for an application.

  3. Click Save and go to Advanced Settings.
    The Advanced Settings tab opens. If you want to configure these optional advanced settings, see Set up advanced settings for an application.

  4. If you use SAML as the Application-facing authentication mechanism, click Save & Go To SAML Settings. For more information, see Use EAA as a SAML IdP.

  5. Click Click Save and go to deployment.

Next, deploy your application.

Deploy the application

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Select your application to deploy.

  4. In Settings > DEPLOYMENT > click Deploy Application. You can enter any description for this deployment. It appears as a comment in Deployment History.


If Deploy Application is not visible, and instead you see APPLICATION STATUS: APP NOT READY, correct the items listed on the DEPLOYMENT page and try again.

The deployment may take several minutes to complete. When it's ready, the completed deployment flow and APPLICATION SUCCESSFULLY DEPLOYED appear. When deployed, your application is ready for secure access by your users.

Next, to see your application as user does, log in and access applications in the Login Portal.

Application configuration versioning and rollback

View deployment history to track application configurations, compare and rollback to older configurations.

Every time you deploy or redeploy an application, a new version is created. After it is successfully deployed, you can go to the deployment history to view the history of all the configurations. This can help you track which configurations are deployed, who deployed them, when it was deployed, and see any comments you provided while deploying the version.

In addition, you can compare configuration between two versions. You can also rollback to an older configuration by copying it to draft and redeploying it, with or without additional changes.

The application card shows the date and time of the last deployed version and the version number of the deployed version in production. You can click on the version number to go to the deployment history of the application.

The versioning of application configurations and rollback, is based on this state diagram:

App state diagram

Every time you create an application, edit any configuration parameters, save it and do not deploy it to production, it stays in the Draft status. After you're finished configuring the application, you can enter comments for this version in the deployment description. Then, if you deploy the application to production for the first time, it goes to the Deployed status. It gets a version number under Version in the History with deployment comments.

For example, TEST APP is in draft version initially when deployment is still pending, the version is Draft.
After being successfully deployed to production, the app goes to Deployed status.
If you make any further configuration changes to the app, a draft version is automatically created in the History.
After you deploy the app again, the earlier Version 1 moves to Archived status and the latest Version 2 is in the Deployed status.

When you hover over the Deployment Time for each version in the Deployment History section, you also get details of when the deployment started, the time taken to deploy the connector, to deploy the cloud, and the time taken to deploy the application in the EAA Cloud. This is useful when you debug application deployment issues. If you have multiple connectors associated with an application, the Connector deployed in time, is the time taken to deploy the first connector successfully.

Configuration rollback

If for any reason the latest version of the application does not work due to any mis-configuration issues, the admin can restore an older configuration. You can copy any of the archived versions, and you get a new version in the draft state. You can then deploy this draft version to production.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Go to the selected application and click the version number hyperlink (next to the Last Deployed date).
    The Deployment History tab opens.

  4. In Deployment History, click the Copy to draft icon on the version you want to rollback your configuration to.

  5. You get a warning message that the configurations will be saved to draft. Click Yes.

  6. The configuration gets copied to draft. You can deploy this version in DEPLOYMENT by clicking Deploy application. Or, you can make any additional changes to the older version (your draft) and the redeploy in DEPLOYMENT by clicking Deploy Application, after you enter any deployment comments in the description.

Compare configurations of two versions

You can do a side-by-side comparison of the configurations of any two versions of an application. It shows the changes you have made in the configurations, which sections have changes, and who (admin's email is shown) has made the changes.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. Go to the selected application and click the Deploy label.
    The Deployment History tab opens.

  4. In Deployment History, click the Compare version icon in the row you want to compare.
    By default that version is compared against the latest version (regardless if it is a draft or a deployed version).

It shows the total number of differences between the two selected versions. You can also select any other versions from the two dropdown lists, click Compare, to compare them. If you click on the section, you can see the details of what was changed and who made the changes. You can view only the changes between the two versions by checking Only changes or you can click View all to see the entire two versions. The differences are highlighted between the two versions.

Incompatible versions

If you delete any connector, IdP, directory, device posture tiers or tags that are being used in an archived configuration version then that version of your application moves to an incompatible state since it cannot find the dependent objects associated with the application. Then, this incompatible version of the application cannot be copied to draft, edited and deployed again. It can only be used to view and compare with other versions. Archived and deployed versions of the applications can be used for copy and compare operations.