Single Host Access for access applications

Enable accessing multiple access applications using a single fully qualified domain name (FQDN). When you configure an access application provide a unique external FQDN (fully qualified domain name) for each internal hostname. For example, if you want to access these three applications app1, app2, and app3 using ‚ÄčAkamai‚Äč domain as the external hostname, you have to configure three unique external hostnames.


Single Host Access requires a special feature key. Please contact support.

Prerequisites (ION/DSA or Proxy):
Organizations should use ION/DSA or an equivalent proxy in front of Enterprise Application Access. The proxy need to redirect.

Application URL patterns. Organizations that have a large set of applications follow these URL patterns to identify them. They may use a FQDN-based (fully qualified domain name) or a URL path-based approach.

Most organizations use a fully qualified domain name (FQDN) to identify applications, for example:

  • CRM App -
  • Payroll App -
  • HRMS App -

Other organizations use a URL path to identify applications, for example:

  • CRM App -
  • Payroll App -
  • HRMS App -

Enterprise Application Access Cloud, an identity aware proxy, was supporting the FQDN-based approach. If an organization was using a URL path-based approach, they had to re-factor all the applications, test and validate the changes, notify the users of the changes, before up-taking a migration to Enterprise Application Access Cloud to enable zero trust access. This causes additional resource, budget, and time overhead for organizations.

Enterprise Application Access supported only the FQDN-based approach. With ION/DSA and the Single Host / Multiple Apps feature which is under Controlled Availability, Enterprise Application Access also supports the URL path-based approach. This feature enables organizations to retain their existing application URL patterns, move to a modern Enterprise Application Access Cloud, without requiring IT to refactor existing applications. The combination of Enterprise Application Access and ION/DSA gives organizations a complete solution through which they can deliver a superior digital experience, optimize performance through acceleration and enable secure remote access using zero trust principles.

Single host access to aps

Internal HostnameExternal Hostname

With single host access, you can configure a single FQDN, and access all the access applications with a unique URL path for each application, after they are added to the application group. Single host access feature does not work with RDP, SSH access applications.

If the organization URL is, you can set as the single host access FQDN, add these three applications to a single application group, and configure the URL paths. Then you are able to access these three access applications using the modified external hostname:

Internal HostnameURL pathModified External Hostname

This enables Enterprise Application Access to do an automatic redirect to all of the modified external hostnames, allowing the user to access all the three applications from Enterprise Application Access Cloud after you SSO to the login portal. You can expose a single host and route the users based on the URL path. This provides ease of use and improves productivity for an organization.

If you have a proxy server like ION, you need to configure the following:

  1. Add the single host FQDN as the property hostname. For example,

  2. Configure rules based on path matching, for each EAA application. For example, configure these three rules:

Application NameRule in ION
app1If path matches /app1/*
app2If path matches /app2/*
app3If path matches /app3/*
  1. Configure the Origin Server Hostname in the Origin Server. It is the application URL in EAA. For example, configure these three origin server hostnames:
Application NameOrigin Server Hostname in ION
  1. Set Forward Host Header to Origin Host in Origin Server.

Now, when ION receives a request from the user's browser to access an application using the modified hostname, ION knows what rules to follow, and where to forward to the Enterprise Application Access Cloud service. Enterprise Application Access rewrites URL to provide access to the correct application in the data center.

For more information, see ION documentation.

Configure single host access and application groups for accessing HTTP access applications

  1. Create and [configure] (doc:add-app-eaa) HTTP, HTTPS access applications or web applications.

  2. Create an application group, enable single host access, provide the single host FQDN, add the URL paths, and add the EAA applications to this application group.

  3. Log in to Enterprise Center.

  4. In the Enterprise Center navigation menu, select Applications > Application Groups.

  5. Click Add New Group (+).

  6. Enter a group name and description.

  7. In Single Host FQDN select Enable Single Host Access.

  8. In Single Host FQDN enter the single host fully qualified domain name for all your applications, like your organization URL.

  9. In Applications click Associate Applications with this group.
    The assigned application window appears.

  10. Select one, many or all access applications from the list. You can also search for applications from the list. Provide the URL path for each of the selected application and click Associate.

  11. Click Save Group.

  12. Click Deploy Group.
    Wait for all applications to be deployed.
    App Deployed status appears for each application in this application group.

  13. Configure proxy rules in ION/proxy to redirect all Single Host URL requests to specific EAA Application URL based on the URL path in the request. For more information, see ION documentation