An application, or application group, can be associated with only one secure access policy.

1. Log into the Controller as a Tenant Admin, see Logging in as a Tenant Administrator.

2. From the nZTA menu, click the Secure Access icon, then select Manage Applications > Applications.

   The Applications page appears. This page lists all applications defined on the Controller.

   

   This page also includes a built-in application called Application discovery. The Application Detail for this application is *:*, indicating that all applications that it applies to all unlisted applications. This application is used by the nZTA application discovery feature, and cannot be deleted.

3. Click Create Application.

   A form appears enabling you to create the application.

   

4. Enter the Application Name.

5. Enter the Application Details. That is, the URI (Uniform Resource Identifier) you use to access the application. To view a complete list of valid entries for this field, see Defining Applications and Application Groups.

6. For scenarios that require one or more additional domains to be associated with an application, select Allowed Domains:

   

   Add your domains through one of the following methods:

   • Individually, by entering valid domains in the Enter Allowed Domain text box, then selecting Add Domain to add the domains to the list. You can add several domains at the same time by using a comma (,) separator. Repeat this step for each domain you want to add.
   • In bulk, by uploading a Comma-Separated Value (CSV) text file containing the full list of your domains.

   Domains added to this list must conform to the same scheme rules as the URI used in the Application Details field. To view a complete list of valid domain schemes, see Defining Applications and Application Groups.

   In the list of added domains:

   •to edit an entry, click the three dots next to the entry and then select Edit.

   •to remove individual entries, click the three dots next to the entry and then select Delete.

   •to remove all entries, select all check boxes and click Delete.

7. For HTTP/HTTPS applications, the SAML Access setting appears.

   The Controller can use SAML to provide a secure connection to your application or resource. In this scenario, nZTA acts as a SAML Identity Provider (IdP), with the application acting as the SAML Service Provider (SP). To learn more about using SAML, see SAML Authentication.

   • Disable this setting if you are using a application-level login for the application.
   • Enable this setting if you are using SAML single sign-on for the application. Then:
     • Under Download IdP Metadata, click Download the IDP metadata file using the link and save the IdP metadata file.
     • Log into your application and upload the IdP metadata file. Refer to the product documentation for the third-party application for details of this process.
     • In the application, download the SAML metadata as a file. Refer to the product documentation for the third-party application for details of this process.
     • Under Upload the file below, select and upload the SAML metadata file from the application.

     You must keep the SAML metadata up-to-date, especially after renewing certificates. This is essential for a secure and successful SaaS Apps SAML SSO flow. Regularly updating configurations in both the Identity Provider and Service Providers helps prevent authentication failures and ensures the security of the authentication process.

8. (Optional) If you want to add custom SAML attributes, use Attribute and Value to add key-value pairs. Click Add to add an attribute pair, and repeat as required.

   Added attributes are displayed beneath the input fields. Click the corresponding X indicator to remove an attribute.

9. To associate an icon with this application, either:

   • Select an Application Icon from the list of supported icons. This field auto-populates based on the scheme you use in Application Details.
   • Click Upload your own Icon to upload a bespoke image file as the reusable custom icon. Then select the icon from the list to associate to this application. Make sure your icon is in JPEG format using the maximum dimensions 48 x 48 pixels (maximum file size 1 MB). Ivanti recommends you use only square images for your application icons. You can edit or remove the uploaded custom icon.

10. Enter a Description for the application.

11. (Optional) To create a bookmark for this application, select Create bookmark for application.

    Use the Bookmark option, where applicable, to allow the end user to copy the Application Details URI for use with other applications. For example, a TCP URI can be bookmarked to facilitate copy and paste into VNC or similar.

12. (Optional) To enable application discovery for this application, select Enable Application Discovery.

    To use application discovery, your application must be defined as a wildcard-prefixed FQDN (for example, "*.example.com"). To learn more about application discovery, see Defining Applications and Application Groups.

13. (Optional) If you want to add the new application to an application group, select the Add to Application Group check box, and then select the required application group.

    When using SAML authentication, make sure you add to a single application group only those applications that use the same SAML authentication source.

14. To save this application and create another application, select the Create another check box.

15. Click Create Application.

    The new application appears in the list of applications.

    Applications can also be added to the Controller during the Create Secure Access Policy workflow, see Workflow: Publishing Applications to nZTA Gateways.

    After you have defined your applications in the Controller, you can publish the actual applications to your nZTA Gateways, see Workflow: Publishing Applications to nZTA Gateways.

You cannot delete the Application discovery application.

1. Log into the Controller as a Tenant Admin, see Logging in as a Tenant Administrator.

2. From the nZTA menu, click the Secure Access icon, then select Manage Applications > Application Groups.

   The Applications Groups page appears. This page lists all application groups defined on the Controller.

   

3. Click Create Application Group.

   The Create Application Group form appears.

   

4. Enter the Group Name.

5. Select the Applications you want to add to the group.

   You cannot add the Application discovery application to a group.

6. Click Create Application Group.

   The application group is added to the list.

1. Log into the Controller as a Tenant Admin, see Logging in as a Tenant Administrator.

   The Network Overview page appears.

2. Click the Workflows pull-down menu, and then select the Create Secure Access Policy workflow.

   

   The Create Secure Access Policy workflow appears.

The Create Secure Access Policy workflow includes a multi-step workflow:

• Select or Create Applications that you want to publish, see Selecting Applications for Publication.
• Select Device Policies that apply to the application, see Selecting Device Policies for Applications.
• Select or Create User Rules that apply to the application, see Selecting User Rules for Applications.
• Select Gateways to which you want to publish applications, see Selecting a nZTA Gateway for your Applications.
• Summary, a confirmation-only step, see Confirming the Create Secure Access Policy Workflow.

After the Create Secure Access Policy workflow finishes, all selected applications are pushed to the selected nZTA Gateway.

If you are using multiple gateways, you will need to repeat the publication process for each gateway.

1. Access the Create Secure Access Policy workflow, see Workflow: Publishing Applications to nZTA Gateways.

2. In the Create Secure Access Policy workflow, select the Select or Create Application step.

3. Click Select an Application and select Add New Application.

   The add new Application form appears.

4. To add a new Application, follow the steps described in Adding Applications to the Controller.

5. (Optional) If you want to add the new application to an application group, select the Add to Group check box, and then select the required application group.

   The applications in a group can be published as a single action.

   To learn more about the process of creating an application group, see Adding Application Groups to the Controller.

6. Click Next to continue to the next step of the workflow, see Selecting Device Policies for Applications.

1. Access the Create Secure Access Policy workflow, see Workflow: Publishing Applications to nZTA Gateways.

2. In the Create Secure Access Policy workflow, select the Select Device Policies step.

   A list of existing device policies appears.

3. Select a device policy.

4. Click Next to continue to the next step of the workflow, see Selecting User Rules for Applications.

1. Access the Create Secure Access Policy workflow, see Workflow: Publishing Applications to nZTA Gateways.

2. In the Create Secure Access Policy workflow, select the Select or Create User Rules step.

   The Select or Create User Rules page lists all existing user rules.

3. In the list of rules, select each rule that is required by enabling its check box.

4. Click Next to continue to the next step of the workflow, see Confirming the Create Secure Access Policy Workflow.

1. Access the Create Secure Access Policy page, see Workflow: Publishing Applications to nZTA Gateways.
2. On the Create Secure Access Policy page, select the Select Gateways step.
3. Click Select Gateway and select the required nZTA Gateway.
4. Click Next to continue to the next step of the workflow, see Confirming the Create Secure Access Policy Workflow.