Additional References¶
To see a list of the default secure access policies:
Input Payload : {'type': 'application'}
Request URI : ``https://<tenant_domain>/api/v1/policies/secure-access-policies``
Returned Status Code : 200
Returned JSON Response : {'items': [], 'total': 0}
To retrieve the default User Auth Server ID:
Input Payload : {}
Request URI : ``https://<tenant_domain>/api/v1/policies/auth-servers``
Returned Status Code : 200
Returned JSON Response : {
'auth_servers': [{
'id': '4a02312f7b1f4dd89f5350966feb528d',
'name': 'Admin Auth',
'type': 'Local'
}, {
'id': '706960d40e43451786f6f5d6c598d7fa',
'name': 'User Auth',
'type': 'Local'
}],
'total': 2
}
Retrieving a list of the default user policies:
Input Payload : {'type': 'sign_in'}
Request URI : https://<tenant_domain>/api/v1/policies/resources
Returned Status Code : 200
Returned JSON Response : {
'items': [{
'description': 'Admin Signin',
'id': 'f87680b7292242b9af247fec1b17347c',
'name': 'Admin Signin',
'sign_in_config': {
'id': 'f87680b7292242b9af247fec1b17347c',
'policy_type': 'admin',
'primary_auth_server_id': '4a02312f7b1f4dd89f5350966feb528d',
'realm': 'ZTA Admin Users',
'url_pattern': '*/login/admin/',
'use_as_saml_idp': False
},
'type': 'sign_in'
}, {
'description': 'Enrollment Signin',
'id': 'cb8753de76fb45d581e07d4bc700cb67',
'name': 'Enrollment Signin',
'sign_in_config': {
'id': 'cb8753de76fb45d581e07d4bc700cb67',
'policy_type': 'enroll',
'primary_auth_server_id': '706960d40e43451786f6f5d6c598d7fa',
'realm': 'ZTA Enrollment',
'url_pattern': '*/login/enroll/',
'use_as_saml_idp': False
},
'type': 'sign_in'
}, {
'description': 'User Signin',
'id': '21ff78e93fda4b0c86e7af96dfa75680',
'name': 'User Signin',
'sign_in_config': {
'id': '21ff78e93fda4b0c86e7af96dfa75680',
'policy_type': 'user',
'primary_auth_server_id': '706960d40e43451786f6f5d6c598d7fa',
'realm': 'ZTA Users',
'url_pattern': '*/login/',
'use_as_saml_idp': False
},
'type': 'sign_in'
}],
'total': 3
}
Adding a new user authentication server “auth_server_1” of type “local”:
Input Payload : {
'name': 'auth_server_1',
'type': 'Local',
'local_config': {
'users': []
}
}
Request URI : ``https://<tenant_domain>/api/v1/policies/auth-servers``
Returned Status Code : 200
Returned JSON Response : {
'allow_delete': True,
'id': '0b634b96bcb04dc98072cf28c5129a91',
'name': 'auth_server_1',
'type': 'Local'
}
Editing the user policy user signin by changing auth server to “auth_server_1”:
Input Payload : {
'name': 'User Signin',
'description': 'User Signin',
'sign_in_config': {
'policy_type': 'user',
'primary_auth_server_id': '0b634b96bcb04dc98072cf28c5129a91',
'realm': 'ZTA Users',
'url_pattern': '*/login/',
'use_as_saml_idp': False
},
'type': 'sign_in',
'id': '21ff78e93fda4b0c86e7af96dfa75680'
}
Request URI : ``https://<tenant_domain>/api/v1/policies/resources/21ff78e93fda4b0c86e7af96dfa75680``
Returned Status Code : 200
Returned JSON Response : {
'allow_delete': False,
'description': 'User Signin',
'id': '21ff78e93fda4b0c86e7af96dfa75680',
'name': 'User Signin',
'sign_in_config': {
'id': '21ff78e93fda4b0c86e7af96dfa75680',
'policy_type': 'user',
'primary_auth_server_config': {
'id': '0b634b96bcb04dc98072cf28c5129a91',
'name': 'auth_server_1',
'type': 'Local'
},
'primary_auth_server_id': '0b634b96bcb04dc98072cf28c5129a91',
'realm': 'ZTA Users',
'role_mapping_rules': [{
'attribute': 'is',
'id': 'bb77d22ae3b440bbb3d464f0df50f4af',
'name': 'AllUsers',
'type': 'username',
'value': '*'
}],
'url_pattern': '*/login/',
'use_as_saml_idp': False
},
'type': 'sign_in'
}
Adding user rule “user_rule_1” of type “username” for an expression matching:
Input Payload : {
'name': 'user_rule_1',
'type': 'username',
'value': 'user_rule_1',
'attribute': 'is'
}
Request URI : ``https://<tenant_domain>/api/v1/policies/role-mapping-rules``
Returned Status Code : 200
Returned JSON Response : {
'attribute': 'is',
'id': 'b48d02408ad14992bfde266e9b5a43a8',
'name': 'user_rule_1',
'type': 'username',
'value': 'user_rule_1'
}
Adding a user group “user_group_1” of authentication policy type “user”:
Input Payload : {
'name': 'user_group_1',
'sign_in_policy_id': '21ff78e93fda4b0c86e7af96dfa75680',
'description': 'user_group_1',
'rules': []
}
Request URI : ``https://<tenant_domain>/api/v1/policies/user-rule-groups``
Returned Status Code : 200
Returned JSON Response : {
'allow_delete': True,
'description': 'user_group_1',
'id': '71bc234b6c8f46a9806dfdc0e33df05d',
'name': 'user_group_1',
'role_config': {
'id': 'a44e4ac7ae114e009fd2f2bd457c1480',
'name': 'user_group_1',
'redirect_url': '/user',
'type': 'user'
},
'role_id': 'a44e4ac7ae114e009fd2f2bd457c1480',
'sign_in_config': {
'id': '21ff78e93fda4b0c86e7af96dfa75680',
'policy_type': 'user',
'primary_auth_server_config': {
'id': '0b634b96bcb04dc98072cf28c5129a91',
'name': 'auth_server_1',
'type': 'Local'
},
'primary_auth_server_id': '0b634b96bcb04dc98072cf28c5129a91',
'realm': 'ZTA Users',
'url_pattern': '*/login/',
'use_as_saml_idp': False
},
'sign_in_policy_id': '21ff78e93fda4b0c86e7af96dfa75680'
}
Editing user group “user_group_1” by adding user rule “user_rule_1”:
Input Payload : {}
Request URI : ``https://<tenant_domain>/api/v1/policies/user-rule-groups/71bc234b6c8f46a9806dfdc0e33df05d/rule/b48d02408ad14992bfde266e9b5a43a8``
Returned Status Code : 204
Editing user authentication server “auth_server_1” by adding user “newuser1”:
Input Payload : {
'name': 'newuser1',
'full_name': 'newuser1',
'password': 'dana123'
}
Request URI : ``https://<tenant_domain>/api/v1/policies/auth-servers/0b634b96bcb04dc98072cf28c5129a91/users``
Returned Status Code : 200
Adding device policy rule “device_rule_1” of type network rule:
Input Payload : {
'name': 'device_rule_1',
'description': 'device_rule_1',
'network_config': {
'ip_address': '192.168.1.1',
'netmask': '255.255.255.0',
'mode': 'allow'
},
'label': 'moderate',
'type': 'network'
}
Request URI : ``https://<tenant_domain>/api/v1/policies/device-policies/rules``
Returned Status Code : 200
Returned JSON Response : {
'description': 'device_rule_1',
'id': 'aab467febf0b45af99be71f25cb0fdbc',
'label': 'moderate',
'name': 'device_rule_1',
'network_config': {
'id': '98e55fe902b64d6abe45ec38012a64af',
'ip_address': '192.168.1.1',
'mode': 'allow',
'netmask': '255.255.255.0'
},
'network_config_id': '98e55fe902b64d6abe45ec38012a64af',
'type': 'network'
}
Adding device policy “device_policy_1”:
Input Payload : {
'name': 'device_policy_1',
'description': 'device_policy_1'
}
Request URI : ``https://<tenant_domain>/api/v1/policies/device-policies/groups``
Returned Status Code : 200
Returned JSON Response : {
'description': 'device_policy_1',
'id': 'deb6e20a2f1a4c5dac98772525a7d350',
'name': 'device_policy_1',
'rules': []
}
Editing device policy “device_policy_1” by adding device policy rule “device_rule_1”:
Input Payload : {}
Request URI : ``https://<tenant_domain>/api/v1/policies/device-policies/groups/deb6e20a2f1a4c5dac98772525a7d350/rules/aab467febf0b45af99be71f25cb0fdbc``
Returned Status Code : 204
Adding a new Application “app1”:
Input Payload : {
'type': 'application',
'name': 'app1',
'description': 'app1',
'app_config': {
'access_type': 'application',
'name': 'app1',
'resource': 'https://www.intuit.com',
'resource_type': 'url',
'bookmark_config': {
'name': 'app1',
'type': 'web',
'description': 'app1',
'launch_window': True,
'url': 'https://www.intuit.com',
'icon': '/admin/static/media/intuit512.2fdd1f2f.svg'
}
}
}
Request URI : ``https://<tenant_domain>/api/v1/policies/resources``
Returned Status Code : 200
Returned JSON Response : {
'allow_delete': True,
'app_config': {
'access_type': 'application',
'bookmark_config': {
'description': 'app1',
'icon': '/admin/static/media/intuit512.2fdd1f2f.svg',
'id': '79418be3ce3a4ae4895d2d0223c2bf49',
'launch_window': True,
'name': 'app1',
'type': 'web',
'url': 'https://www.intuit.com'
},
'id': 'd3328c9a86ed42d0aa1d90432e4f7fb7',
'name': 'app1',
'resource': 'https://www.intuit.com',
'resource_type': 'url'
},
'description': 'app1',
'id': 'd3328c9a86ed42d0aa1d90432e4f7fb7',
'name': 'app1',
'type': 'application'
}
Adding a new gateway “gw1” of type vsphere with manual settings:
Input Payload : {
'name': 'gw1',
'orchestration': {
'type': 'vsphere'
},
'location': {
'city_id': 97
}
}
Request URI : ``https://<tenant_domain>/api/gateways``
Returned Status Code : 200
Returned JSON Response : {
'auto_upgrade': True,
'created': '2020-09-10T05:29:39Z',
'id': 'b7c3fca3993a4addaa4fe08958afa013',
'is_ready': False,
'location': {
'city_id': 97
},
'name': 'gw1',
'notification_channel_status': 'offline',
'orchestration': {
'mode': 'manual',
'type': 'vsphere'
},
'sdp_mode': 'pzt-gateway',
'state': 'unregistered',
'updated': '2020-09-10T05:29:39Z'
}
Input Payload : {
'service_account_id': None,
'appliance_config': {
'external_gateway': '<ip_address>',
'external_ip_address': '<ip_address>',
'external_subnet': '255.255.255.0',
'external_vlan': '-1',
'internal_fqdn': '',
'internal_gateway': '<ip_address>',
'internal_ip_address': '<ip_address>',
'internal_subnet': '255.255.255.0',
'internal_vlan': '-1',
'management_gateway': '<ip_address>',
'management_ip_address': '<ip_address>',
'management_subnet': '255.255.255.0',
'management_vlan': '-1',
'primary_dns': '<ip_address>',
'private_domain_name': 'psecure.net',
'secondary_dns': '<ip_address>',
'dns_search_domain': '<domain>',
'public_ip_address': '<ip_address>'
},
'deployment_config': None
}
Request URI : ``https://<tenant_domain>/api/gateways/b7c3fca3993a4addaa4fe08958afa013/orchestration``
Returned Status Code : 200
Returned JSON Response : {
'appliance_config': {
'dns_search_domain': 'psecure.net',
'external_fqdn': '<server>',
'external_gateway': '1<ip_address>',
'external_ip_address': '1<ip_address>',
'external_subnet': '255.255.255.0',
'internal_fqdn': '',
'internal_gateway': '<ip_address>',
'internal_ip_address': '<ip_address>',
'internal_subnet': '255.255.255.0',
'management_gateway': '<ip_address>',
'management_ip_address': '<ip_address>',
'management_subnet': '255.255.255.0',
'primary_dns': '<ip_address>',
'private_domain_name': 'psecure.net',
'public_ip_address': '<ip_address>',
'secondary_dns': '<ip_address>',
'use_dhcp': True,
'wins_server': 'localhost'
},
'appliance_id': 'b7c3fca3993a4addaa4fe08958afa013'
}
Adding a new Secure Access Policy for the above configurations:
Input Payload : {
'type': 'application',
'resource_type': 'single',
'user_rule_group_id': '71bc234b6c8f46a9806dfdc0e33df05d',
'gateway_type': 'single',
'gateway_id': 'b7c3fca3993a4addaa4fe08958afa013',
'resource_id': 'd3328c9a86ed42d0aa1d90432e4f7fb7',
'device_policy_id': 'deb6e20a2f1a4c5dac98772525a7d350'
}
Request URI : ``https://<tenant_domain>/api/v1/policies/secure-access-policies``
Returned Status Code : 200
Returned JSON Response : {
'device_policy_config': {
'name': 'device_policy_1'
},
'device_policy_id': 'deb6e20a2f1a4c5dac98772525a7d350',
'gateway_id': 'b7c3fca3993a4addaa4fe08958afa013',
'gateway_type': 'single',
'id': 'c90a3e348a0f4fed868d5acd09655aa6',
'resource_config': {
'name': 'app1'
},
'resource_id': 'd3328c9a86ed42d0aa1d90432e4f7fb7',
'resource_type': 'single',
'type': 'application',
'user_rule_group_config': {
'name': 'user_group_1',
'role_config': {
'id': 'a44e4ac7ae114e009fd2f2bd457c1480',
'name': 'user_group_1',
'redirect_url': '/user',
'type': 'user'
}
},
'user_rule_group_id': '71bc234b6c8f46a9806dfdc0e33df05d'
}