Configure and deploy an access application

Create an Application

Select an application that you want to securely access outside of your enterprise network. For example, try Sharepoint, SAP, Jira, Jenkins, or Confluence. Once created, you can search Enterprise Application Access for an application's name.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

  3. Click Add Application (+).

  4. Select the Application Type, either New Access App, New SaaS App, Client-Access App.

  5. Provide a name and an optional description.

  6. Click Add Application.
    The application details page opens.

Next, configure access parameters for your application.

Configure access parameters for an application

You can configure App Settings, Server Settings, and Connectors for your application for your access applications. For more information on RDP application see Configure and deploy a remote desktop (RDP) application and on SSH application see Configure and deploy a SSH application.

You see a DRAFT VERSION next to the application name, until you deploy it.

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

  3. Click your access application and you go to the Application details page.

  4. In the App Settings section configure these settings:

    1. (optional) Configure an application category.

    2. Akamai Cloud Zone. Select a cloud zone located closest to the data-center where your application resides.

    3. External Host. Provide an external host name for the application where the users can access the application. You can use your own domain or provide an Akamai domain.

  • If you select Use Akamai domain, provide a URL, for example:https://sample-web-app.go.akamai-access.com. You don't need to any certificate.
  • If you select Use your domain, provide your own domain. Add the certificate in the Certificate Preference section. You can use a self-signed certificate (generally for proof-of-concepts) or upload a certificate for your domain. You will need to set up a CNAME redirect for the application.
  1. If you are configuring a VNC application, optionally enter a VNC passphrase or password, if your server is configured to allow access via VNC.
  2. In the Server Settings configure the following for Application Server IP/FQDN:

a. Protocol. Choose https (default) for secure web traffic or http for http traffic.

b. Host: Port. Enter a valid internal IP address for the server or the fully qualified domain name (FQDN) that you use to access this web server when inside your company's network. Also enter an IP port number.

ūüďė

If no port is specified, port 443 is the default port. Check the preview to make sure it's okay.

To configure multiple applications servers for load balancing, click Add New Server (+) . Enterprise Application Access supports various load balancing techniques including round-robin, session or cookie stickiness, and source IP hash in Advanced Settings.

c. For origin server certificate validation, you must provide an FQDN for the Application server. It cannot be done with an IP address of the app server.

You can validate the authenticity of the origin server within the data center perform with the EAA connector.

i. Verify Origin Server Certificate (off-by-default). Allows you to do the origin server certificate validation. (recommended). Also select a root CA certificate.
If you disable Verify Origin Server Certificate, a warning message appears.

ii. ROOT CA Certificate. Choose the root CA certificate with the full bundle you uploaded into Enterprise Application Access. See Upload a ROOT CA certificate for origin server validation.
If you enable Verify Origin Server Certificate and do not upload a ROOT CA Certificate, a warning message appears.

  1. In the Connectors section, add connectors to your application:

Click Add connector. Select one or more connectors and click Add Connector. The associated connector appears in Connectors.
To remove a connector, click Remove Connector next to it.

ūüďė

Note:

The Connector should be running successfully when you deploy the application.

  1. Click Authentication tab, and add the authentication to the application.

i. In Authentication enable Authentication.

ii. In Identity provider, select an identity provider from the list.

iii. Click Assign Directory and select one or more directories from the list.

iv. Click Associate.
The directory appears in Assigned Directories.

  1. To add Access Control Rules, click Access tab, and enable Access.

a. To create a new rule, click Add Rule (+).

b. To edit an existing rule, click Edit Rule.
A modal window appears.

i. In Rule Name enter a name for the rule and click Add.

ii. In Type select Time.

iii. In Operator select either is or is not.

iv. In Value enter the value, if applicable, or select the value for the access control type.

  1. Click Time to configure the time-based settings.

  2. In Start Time and End Time enter a time in hh:mm, AM-PM format.

  3. In time zone select a timezone.

  4. Select the days of the week that you want to deny access.

  5. Click Save.

  1. You can optionally configure the following settings for your access application:
  • Services. Add any services like compression, URL rewrite rules, ICAP, URL path-based policies.

  • Advanced Settings. You can optionally configure advanced settings:

  • If Application-facing authentication mechanism is SAML 2.0., also configure SAML Settings. See Configure SAML for an Access Application.

  • If Application-facing authentication mechanism is WS-Federation, also configure WS-Federation Settings.

  • If Application-facing authentication mechanism is Open ID Connect 1.0., also configure OpenID. See Configure OpenID Connect for an Access Application.

  1. In History leave default configuration and click Save.

Next, deploy your application.

Deploy the application

  1. Log in to Enterprise Center.

  2. In the Enterprise Center navigation menu, select Application Access > Applications > Applications.

  3. Select your application to deploy.
    It has Ready for Deployment status.

  4. Click the Deploy Application.
    Pending Changes appears. All the pending deployment changes are shown. Make sure that application you just configured is selected. If you select any other application, they are simultaneously deployed.

  5. Click Deploy and add a Deploy Confirmation message in the dialog box, and click Deploy.
    The deployment may take several minutes to complete. When it's ready, the completed deployment flow and App Deployed appear.
    When deployed, your application is ready for secure access by your users.

Next, to see your application as user does, log in and access applications in the Login Portal.