Learn about the main features and components of SIA.

Locations

A location identifies the network or the regions in your network where Internet traffic originates from. You can identify locations by static IP addresses or CIDR blocks, dynamic DNS host for dynamic IP addresses, or by the IKE ID and public shared key (PSK) for an IPsec tunnel. For more on locations, see About locations.

Policies

A policy is a group of settings that define how SIA handles known or suspected threat events and access control events. It’s also where you enable or configure other important features of SIA. For more on policies, see About policies.

Lists

SIA allows you to create two broad categories of lists: block lists and exception lists. For more on lists, see About lists.

Identity providers

An identity provider (IdP) is a service that creates, manages, and saves user identity information. With an IdP, you can enable authentication, and configure the users and groups who can access websites, web applications, specific file types, and sensitive data. For more on IdP, see About identity providers.

ETP Client

ETP Client is a client agent that directs DNS and web traffic to SIA for analysis. For more on SIA client, see About ETP Client.

Enterprise Security Connector

Enterprise Security Connector is a virtual machine (VM) you deploy in your network to act as one of the following:

an internal DNS resolver that forwards traffic to SIA.
a DNS sinkhole that receives malicious or suspicious traffic.
an HTTP forwarder that forwards web traffic to SIA Proxy.

For more on Security Connector, see About Security Connector.

SIA Secure Web Gateway

The Secure Web Gateway (SWG) is the full web proxy configuration of SIA Proxy. SWG performs URL filtering, anti-malware scanning, and applies acceptable use policies to each user. For more on SWG, see Full web proxy.

Access Control

You can define the websites, web applications, file types, and sensitive data that your users are allowed to access. For more on access control, see Configure access control.

Dashboard

Use the Dashboard to apply interactive widgets that allow you to view and track network traffic, events, and other activity across your organization. For details, see Dashboard.

Reports

View data on events and network activity. You can also schedule a daily or weekly report to show alerts, events, or other data. For more information, see Events, Activity, and Scheduled reports.

Roles

Roles include permissions that let you act on objects in Control Center. These roles are available for SIA. Contact your Control Center administrator to assign one of these roles:

Role	Permission	Description
SIA Administrator	etpAdmin	Can perform all operations, view all reports, and see all reporting data in SIA.
Delegated Administrator	etpDelegatedAdmin	A delegated administrator can: Create locations, sub-locations, policies, and custom lists. Manage assigned locations, sub-locations, policies, and custom lists. View locations, sub-locations, policies, and custom lists created by other administrators. Deploy assigned locations, sub-locations, policies, and custom lists, as well as locations, sub-locations, policies, and custom lists they created. For more information, see Delegated access. If the delegated access feature is enabled, an SIA administrator can assign the delegated administrator role to a user. A delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location. For more information, see Assign a delegated administrator role.
Strict Delegated Administrator	etpStrictDelegatedAdmin	A strict delegated administrator can: Create locations, sub-locations, policies, and custom lists. Manage assigned locations, sub-locations, policies, and custom lists. A strict delegated administrator cannot change the IP addresses or CIDR blocks that are configured to an assigned sub-location. Deploy assigned locations, sub-locations, policies, and custom lists, as well as locations, sub-locations, policies, and custom lists they created. For more information, see Tenant access. If the tenant access feature is enabled, an SIA administrator can assign this role to a user. For more information, see Assign a strict delegated administrator role.
Tenant Administrator (for Multi-tenancy feature)	etpTenantAdmin	Can perform all operations, view all reports, and data associated with their tenant. A user must have this role to manage a tenant. When you assign a user to a tenant, they are automatically assigned this role. For more information, see Multi-tenancy.
Tenant Viewer (for Multi-tenancy feature)	etpTenantViewer	Can view specific reports and filter data in those reports. A tenant viewer can also view settings for most configuration items in the tenant. To learn what’s available to a tenant viewer, see Tenant viewer.
Report Viewer	etpReportViewer	Can view reports and reporting data in SIA. A report viewer cannot view configuration settings. By default, a report viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.
Viewer	etpViewer	Has read-only privileges. A viewer can view report data and configuration settings. By default, a viewer cannot see the DNS Activity, Summary of Proxy Activity, Proxy Activity, and Identity Provider Activity reports. The etpRestrictedPageViewRole permission is required to view these reports.
N/A	etpRestrictedPageViewRole	Grants access to the DNS Activity, Proxy Activity, Summary of Proxy Activity, and Identity Provider Activity reports. This is a permission that your Control Center administrator can assign to any SIA role. Unlike other permissions in SIA, this permission cannot be the only one assigned to an SIA user. For example, your Control Center administrator cannot create a role that only has this permission assigned. If you want a Report Viewer to also see these reports, make sure your administrator assigns this additional permission to the user.