Jump to Content
Enterprise Application Access
GuideRelease notesCLIControl Center
TrainingSupportCommunityEnterprise Application Access
TrainingSupportCommunity
GuideRelease notesCLIControl Center

Welcome

  • Welcome to Enterprise Application Access
  • EAA architecture

Get started

  • Introduction
  • Get started with a Bookmark App
  • Get started with a web application
  • Get started with a TCP-type client-access application
  • Access and manage EAA from Control Center

Secure your network

  • Connectors
    • Install connector in VMware
    • Configure network with console menu
    • Install connector in other environments
    • Configure connector
  • Directories
    • Add or edit a directory
    • Sync users in the Active Directory
    • Set password complexity for users
    • Manage user attributes
    • Force Delete of Groups
    • Bulk operations for Cloud Directory
  • Provision users with SCIM
    • SCIM provisioning with Azure
    • SCIM provisioning with Okta
    • Generic SCIM provisioning
  • Identity and identity providers (IdPs)
    • Basic configuration of an IdP
    • Advanced settings of an IdP
  • SAML
    • SAML flows
    • Use EAA as a SAML IdP
    • Configure SAML for an access application
    • Configure EAA as an IdP for a custom SaaS application
    • Use Microsoft enhanced client or proxy (ECP) with EAA
  • OpenID Connect
    • OpenID Connect concepts and terms
    • Configure OpenID Connect for applications
  • Web Services Federation

Authenticate users

  • Manage user access to applications
  • Use EAA as service provider (SP)
    • Integrate Azure Active Directory
    • Integrate Active Directory Federation Service (AD FS)
    • Integrate Okta
    • Authenticate access to applications with OneLogin
  • SSO with other applications
    • SSO for Jenkins using HTTP headers
  • Desktop single sign-on authentication
  • Multi-factor authentication
    • PCI DSS compliant MFA
    • Use Google Authenticator for TOTP on end-user's device
    • Use Akamai MFA
    • Use DUO MFA
    • Use recovery code instead of MFA
    • Add organization name for SMS and email MFA notifications
    • Configure end-user's device to receive MFA tokens
    • Bypass MFA
  • Use certificates for authentication
    • Certificate-based authentication in the IdP
    • Online certificate status protocol (OCSP)
    • Remove a self-signed certificate
    • Check expiration date of a SSL certificate
    • Certificate rotation
    • Certificate-based device authentication or user validation in an application
    • Certificate-based validation of origin servers
  • Network Zones

Create and manage applications

  • Applications
    • Configure and deploy an access application
    • Set up CNAME redirect for an application
    • Authorize access to applications
    • Access applications from EAA Login Portal
    • Application config versioning and rollback
    • Single Host Access for access applications
    • Application groups for rewrite rules
    • Offload web application traffic from EAA Cloud
  • Remote desktop protocol (RDP) applications
    • Create an RDP application
    • Configure RDP client display settings
    • Enable SSO login for RDP applications
    • Store files in RDP portal
  • SSH applications
  • Add access control rules
  • Set up services for an application
  • Set up advanced settings for an application
    • User-facing authentication mechanism for applications
    • Configure TLS Cipher Suite for applications
    • Server load balancing for applications and connectors
    • Kerberos-constrained delegation
    • Configure custom HTTP headers

Login Portal Customization

  • Customize your organization's Login Portal
    • Configure application category
    • Set logos, images and themes
    • Login Portal languages
    • Login portal tab name
    • Customize URLs, labels, and recovery code message
    • Embed login portal in IFRAMEs
    • Customize EAA Access Denied Page
    • Customize EAA Logout Page
  • Create favorite applications
  • Set up MFA to receive tokens on the end-users device

Monitor

  • View EAA dashboard
  • Reports
    • Create a report
    • Download saved report

Automate operations with EAA

  • Legacy EAA-SDK

Use EAA logs with SIEM, API, or Unified Log Streamer

  • Use Unified Log Streamer to integrate EAA and SIEM
  • About EAA logs
  • EAA data feed adopted by SIEM solutions
  • SIEM support with Unified Log Streamer

Create and manage client-based applications

  • About EAA Client
    • Use EAA client with TCP and UDP applications
    • Client-access applications
    • Tunnel-type 2.0 client-access application
  • EAA Client requirements
  • Set up and use EAA Client
    • Configure EAA Client
    • Silent install of EAA Client
    • Uninstall EAA Client
    • Customize the download URL for EAA Client
  • Create UDP and TCP applications
  • View EAA Client reports, user, and application statistics

Use EAA Client

  • EAA Client contextual menu, icons and network states
  • EAA Client basic operations
  • EAA Client run and installation logs

EAA Client for Ubuntu desktop

  • Introduction
  • Set up and use EAA Client for Ubuntu desktop
    • Configure EAA Client (Ubuntu)
    • Configure EAA Client with a forward proxy (Ubuntu)
    • Silent install of EAA Client (Ubuntu)
  • Uninstall EAA Client (Ubuntu)
  • EAA Client run logs (Ubuntu)
  • Limitations for Device Posture support

EAA Client advanced features

  • Enable captive portal support
  • Enable on-premises network detection
  • Access DNS applications with Service Discovery
  • Switch EAA Client to a different IdP
  • Set up services for applications
  • Set up DNS exceptions
  • Support for third-party IdPs
  • Forward proxy support

Device Posture

  • About Device Posture
  • Set up Device Posture
  • Define risk assessment criteria
    • Configure tiers and tags
    • Define device risk tiers
    • Define device risk tags
    • Define versions
    • Configure Device Posture profiles
    • Configure Device Posture integrations
    • Collect signals from SIA integration
  • Control access to applications
  • Review Device Posture dashboard
  • Monitor Device Posture reports
    • Create Device Posture report
    • Download saved report
  • Monitor Device Posture information on desktop devices
  • Device Posture for mobile devices

Performance optimizations

  • Tips for improving performance with EAA

Troubleshoot

  • User Diagnostics portal
  • Troubleshoot EAA
    • Application response codes, login events, and errors
    • Set up help desk email
    • Enable service/debug mode
    • Troubleshoot connectors
    • Troubleshoot directories
    • Troubleshoot IdPs
    • Troubleshoot applications
    • Troubleshoot certificates
    • Troubleshoot reports
    • Troubleshoot IWA
    • Feature previews
  • Troubleshoot EAA Client
  • Troubleshoot Device Posture

Developer tools

  • Enterprise Application Access API v1

Troubleshoot reports

Suggest Edits

If you're unable to run, save, and download EAA reports, EAA Client reports, or Device Posture reports, check that you have the EAA - Reports Admin, EAA - Admin, or a custom role that includes either of these two roles in them. See role-based access control for more details.

Updated 11 months ago