Duration 43:38
16+
Play
Video

Citrix Synergy TV - SYN132 - Geek's guide to the workspace (part 3): protecting your SaaS

Matt Brooks
Senior Technical Product Marketing Manager at Citrix
+ 1 speaker
  • Video
  • Table of contents
  • Video
Citrix Synergy Atlanta 2019
May 22, 2019, Atlanta, GA, United States
Citrix Synergy Atlanta 2019
Video
Citrix Synergy TV - SYN132 - Geek's guide to the workspace (part 3): protecting your SaaS
Available
In cart
Free
Free
Free
Free
Free
Free
Add to favorites
278
I like 0
I dislike 0
Available
In cart
Free
Free
Free
Free
Free
Free
  • Description
  • Transcript
  • Discussion

About speakers

Matt Brooks
Senior Technical Product Marketing Manager at Citrix
Scott Fanning
Senior Director of Product Management - Security / SD-WAN at Citrix

About the talk

SaaS apps are great. They are extremely easy to buy, easy to deploy and easy to access. Regardless of the user's endpoint and location, they can access the app without relying on IT to deploy complex VPNs. Unfortunately, each SaaS app introduces a new identity for the user to remember. User accounts can be easily compromised with a weak password, resulting in stolen data. We have no easy way to disable access to SaaS apps when users leave the company. This session will demonstrate how to incorporate single sign-on, enhanced security, and website filtering for SaaS and web apps into the Citrix Workspace experience.Note: This session will be live-streamed during the event and available for on-demand viewing post-event on Citrix Synergy TV.

Share

Okay, let's get started. Welcome to protecting your sass. I'm at Brooks. I'm a text with Civics technical marketing. I've been with lyrics about eight years and I've been in a lot of different roles for his work in the customer side and the product side and has some good exposure to work networking technology, which we going to talk a lot about today and I'm honored to be doing my makeup my calling Scott Heim. Stop adding. I've been running product management for security at Citrix specifics for a whopping 14 months. I think at this point and I'm really

excited to work with him. And I think it's going to be great. So previously in the geek's guide to the workspace and I should recap if you're not familiar with this week. We're doing a 10-part session Series. So this is the third of 10 we talked about identity and I'm basically the importance of its significance of it and lot of complexities and challenges with maintaining password making them komplex having multiple passwords for different. And so that's really the first thing we talked about writing but it's probably one of the most important to your key to open the door,

if the if the Bad actors get in your house through the front door, those other protections aren't really going to help you but I'm working at to take the identity and build on that. I'm going to talk about single sign-on the lot. So we're going to talk about single sign-on for SAS apps web apps and mobile apps and we really need the importance in Need for using those passwords that users forget her. You know, what are always have trouble making complex? For we get into those we're going to talk a bit about Citrix access control and Gateway service. These are really foundational Technologies

to enable and I'm providing single sign-on as well as additional protections for one mobile app store keep cats off after quick NDA delivered product manager. I'm always be predisposed to disappointment on delivery date, so don't want to attend because today right? So good luck here. You have your Enterprise apps on your data center and usually have a proxy a DMZ the kind of pill office Kate your access to your sass aplicare your web applications all your

on-prem data center and remote access to your typical VPN kind of explains what applications and actually in some cases more complex. You have a nice ass in public cloud. Different kind of Hosting opportunities different kind of cost structure is different kind of geography footprint different type of regulatory environment or regular regulated in the healthcare industry and what they do to try to consolidate that make it easier to do single sign-on. So 1password get taxes all these apps because obviously if you had to sign into every one of them the user experience it for your

password to get weaker because you're probably going to replicating these passwords against multiple properties. And then if you look at unsanctioned fast and internet apps typically, you know, they'll put a all web filter in place and say hey this is applications that you can go to these applications. You can't go to be a fairly binary decision about what to do and also give some insight to you're that kind of Shadow it know where the apps are how you tried to access these things. What we are trying to offer here is a consolidation of all three of those things when

filtering a proxy single sign-on and Call app control through the difference in architecture. What were the benefits and all the different capabilities around this and that will also have some video demos as well. Not so it's going to be pretty good getting past the point Solutions got it all so I don't not only improves user experience. It improves your security Foster. I think right there. So there's less chance for admit mistakes and what by consolidating all that technology in ones by absolutely you typically if you allow the Enterprise themselves to do that kind of consolidation

on their own, you know, you're burdened with Ashley doing all that infrastructure hooking all these different parts together and some of these parts have some overlap so I can start to question, you know, which has the priority events versus the other capability known average Enterprise has anywhere from Yale 6290 security controls in it, and the outcome is about protection and that's what we're trying to deliver here. So if the complexity definition the front of security in terms of administering an absolute like then So if you look at the end user experience with the

workspace app, so you saw what happened with the intelligent workspace in the work space. This is this is kind of talking that what current present state. So, you know, if you want to go on to a science application you open up with enhanced security off and you opened up your browser you go right to the internet. Okay. Now if you happen to have enhanced security on this allows us to leverage the control point that is the workspace app to afford controls on top of the SAS application. And what's really interesting about. This is that this is not like a deep integration type SAS security. It's

an overlay on any of the staff applications you happen to have because we're doing it through a browser environment that we control and so we can do things in this example. We're running a watermark and this Watermark, it would have to be done and rendered to our browser environment. And then are based upon those policies. We say, you know what we put enough conditions around for the end user to be able to access ask property. And now we will allow you to go to the internet and click on those things and those controls are done in line and continuously monitored during the session in

which to the SAS application. The web filter is pretty important for regulatory reasons and avoid those those Bad actors that does know that's why she wanted to avoid having to use as go there and they're explicitly right there by accident, you know, maybe there's some kind of phishing attempt where there's a link in there trying to do it and also, you know, it's about you know, your own policies and Regulatory environment. You're the primary reason people put security controls in this because the regulations tell you that have to do it and you know, if it's important to that this is fed

with real-time threat intelligence to make sure that is timely because he cites come up and down various URL. Look at me a munge different ways. So the ability to be able to retail have an active threat intelligence feed into this is also important to allow something or do I block something but sometimes you want to allow shade of bread. So this is a case where maybe you want to go on Facebook and you're saying look, you know by users want to go on Facebook by Sia. I want to retain control and still want to make sure that there's any threats

that happened to materialize during that session that they're contained in real time. And so this is going to redirect to secure browser service is kind of giving you that ability to manage the shade of gray. I mean, if you look at it from employee experience perspective, you know, one of the things bad is that you know, when people go to work they want to use the tools are used to doing and sometimes you as as the IT department and put all the policies in place to get the finer granularity of control. So this is great in terms step as well as while you're trying to understand you laugh

easily station to really take advantage of students virtualization technology. And if they do get kind of a phishing email get past when I was with filters any threat to the endpoint is mitigated, right? We're going to leave that out in the cloud to someone send session goes away all traces of it goes way as well. So it's it's a it's a great way. So that way service by so we have a Gateway service in the cloud is a 10 m solution users get into it. We access it. We interrogated. It's elastic and Ice consumption pricing and you don't have to worry about managing it. So if you're looking for a

solution that you'll for single sign-on and you want to go to the Gateway services at Fantastic answer for that. We do all the upgrades. It's just a low-cost way of doing it and you know what it has all the cloud service benefits, you know during the Black Friday if your retailer got that a person consumption model, so you have to first out you can still he'll be able to do that kind of in a massive deal with scheduling and you know what you don't have to worry about all the training of somebody that have to manage one of these devices. So from employee recruitment retention,

this is a much simpler consumption model. Workhorse for years, but I'll be said that that's more complexity for the administrators right now. Yeah, absolutely. If I can just added two more Pops. I want an Indian one in South Africa as well and we're constantly re-evaluating your where we have to put these Paws because the user experience matter so you won't be close to where your applications are what they say is not though is a managed netscaler. That's not the goal of this

product. The goal is to provide services to our customers. We take care of this the patches in the exact exact as kind of the Swiss army knife in the creativity that are some things that we think about so they have at the clouds or prescriptive. So it's a really experienced. Yeah, so, you know, I don't know what we are Intelligent Traffic manager. The right here is doing this for us so we can take advantage of all these millions of Thieves that we have to be able to orchestrate the user experience and we will redirect IL Duomo balancing based upon the itm sensors. And

so this gives us this is kind of representation of times the user experience in Lane C from different parts of Geo and you'll just like I can do this for Global server load balancing. We actually take advantage of it for ourselves in our own service to make sure we get the best user experience. I think we have maybe a hundred of predictive going to get a quick response and then didn't respond with the pop is closest to users going to figure it out based on kind of the complex algorithms that i t m 18 is another position we can dynamically obscure that traffic to

make sure that we still maintain a great user experience. Lyrics. That's right. If you look at things like Office 365 and other kind of applications, you know, the user experience is really important meal. You look in your own day-to-day you're using the web. You know, if every time you hit the refill to retry button all the time cuz you're trying to get hurry up. Hurry up. Hurry up. You don't want to be in the middle of that user experience. You want to make sure the optimal makes sense. I just love saying that

so there's a lot of sass out there. And in fact, you know, if you look at the workforce that's her coming into the workforce, you know, they're very used to say applications. And so when the employees come to your Enterprises and your company's they're going to expect to speak with a bunch of tools that they're kind of used to as they come in and part of job satisfaction is being able to do that. So this is a charge of showing that hate is 70% of our organization. They nearly all the wraps will be sassy by 2020 and you know, I think the rate in case of this depends on the industry of

depends on the We have a large medical customers that have a much slower Pace to doing this the other night pick certain apps that are facing apps highly regulated environment might be slower. But you know to look at retail SMB different type of Articles elsass applications. Take a credit card. You wipe it off Hugo doesn't need to be involved that were the case, but that's not the case because you're still ultimately responsible for the perimeter. So how do you enforce the perimeter when

there isn't any right because he got all these different properties regulatory environment gdpr y'all bunch of different things happening and you know a performance at least getting to the app, you know, you still have the only thing getting to those app data governance. You can look at the shared-responsibility model that most Cloud providers provide data responsible East arrest with you on the Enterprise single sign-on to Prudential management for the eye can see Your responsibilities as well. And then you need you need some help to be able to kind of stole those things together.

And so that's why they analytics and visibility tools are important because if you can't see it, you can't protect it and use those apps that need to make sure they maintain their intellectual property and keep track of who's using what absolutely so take a look at the user experience with this s sure so you know what the first thing you have to do is sign on right? So here's a case where were chicken and Humanity app to the work space and it's booting up. And then you're on the app it all look. It's a watermark in the middle of my app. And the reasons do NASA policies tell you to do that.

One of the reasons we have that is photography is actually a Threat Vector. I just came from a legal team. Actually. This is on the request that they had for us and he tried to click on the link in the ice is restricted because it wasn't inappropriate like but we're going to the internal site we clicked on that. And look, you know what there is no watermark. It was okay cuz internal site pause. He said it was fine. If you can do that or perhaps faces, does it have to be a global policy cuz you got too much friction and everything is bad and there was a case where I went through

Facebook and I was done to secure browser the session so it's safe. It's contained and you still didn't use are still get to participate music portal. You're in an e-mail right? Very very seamless. I'll take a look at the architecture and bear with me on this if it's not, you know, watch Groundhog Day. OK Google have a workspace app. It's going to connect to the workspace service. What's the afternoon rated in the primary? If medications done to the contact the Gateway service it's going to get and it's going to get a preferred browser in a euro. This point this browser is going to use ATM to

figure out which is the closest Gateway going to talk to the Gateway and Gateway is going to communicate with a single sign-on service is going to get it and assertion for the browser to be sent to the service provider Silverspot is going to validate with that with the Gateway service and then they single sign-on is complete and likewise with enhanced security office for defusing a browser. Right? We don't have work space app similar process within a log into the workspace. It communicates with Gateway service. And it's going to reach Gateway Services going to talk to

single sign-on service return the assertion that spell audited by the service provider and we have single sign-on all driven by policy very granular. So that's all going to happen to know a split-second weekend and walk through it slowly there. Now, it's let's change it up and we'll notice to the devil is in the details. So we're doing with doing enhance security on so now with with a workspace app going to talk to the workspace service. It's going to talk back to the Gateway service. And in this case, it's going to recommend using the the browser integrated in workspace at right we're

using an enhanced security. So he gave me Services can both talk to single sign-on service and access control and figure out which of those additional policy if you want to fly to the browser. It's going to be presented still with the assertion to work later browsers going to talk to the service provider and validates that this is a saml 2.0 Dance and they have a session and likewise if it's going to be a bit different with the native browser here. We logged into work space for the browser. It's talking to Gateway service. This case is going to recommend to use the secure browser service

and secure browser service steps and it's going to proxy taking that assertion contact the service provider and validating that validate and then he'll completing the single sign-on. I'll take a look at the admin experience. So we're going to start with the Tempest cloud in a Gateway single sign-on will see this polite. Here's our list of templates. I'm not sure how many we have this all the time. So I'm going to drop down into the humanity of the first thing we'll find if you need to get us some information about the

app itself in the Euro with an actual enter the actual Domaine that we created on that site. Once we have that we can move on here so we can select or deselect enhanced security settings. Move on their last step. Set up for single sign-on settings for the searching. You're all going to enter a specific domain for the site. And I were going to open this XML file which has R Us a more specific information that right that we need to share with this site. It's just got when we go to the humanity.

We're going to go to a single sign-on section. This is going to vary a bit by service provider, right? It's it's not all the same as soon as we don't have microwaves for this day. All the fine is easy. So we'll never get to the admin section in here. We'll find details that we're going to pull out of that. We have a entity ID. We're going to copy and paste into the site. And also the law got gyro. Then we'll take the Dostoevsky the exiled 509 stiff and face Thailand. I want those are base64 encoding they can read that right that's good for

user-friendly the browser the wizard to it. So now we can go ahead and provisioners subscribers and the same manner we do all of our other apps will drop into the into the app many subscribers and select a Active Directory Group or individual user. And there we've provisioner single sign-on up it'll be available in their work space after this point. I wouldn't go ahead and take a look back into Access Control we can do some customization. So here we can we can go in and we can either select a

specific categories that we wanted Blacklist write. These are these are list of lots of known sites that are may have been maintained by back there. That's correct. You can go ahead and add those. And then likewise weekend we can select strip bars categories are once we wanted there in that gray or a want to be hosted in the club. Then we can also add specific websites that we want to wait list, for example, or what have you totally internal websites that you're like, you know what we're trusting that for now.

And here's a quick look at doing this with D3. So we'll split skip ahead hair back the same way and see if we can do a search for G. Suite will select it. And will again with the same passholder center with the Beatles. You can do to use to do on his security. It's a woman notice in this case is going to be able to look at it. Again our domain specific information in the Euro Fields will let us in this case. We can actually download an important to the site. So just another look at a different type of SAS Administration if you will will

see where in that we're here in the same page and we will go ahead and just don't know copy and paste a little bit cleaner set up there. Personology shifters book about webs got weed that we we saw in the SAS 4 after that a lot of companies moving to SAS, but they still need to maintain some of those apps that they have in their internet, right? I think that. Cloud Journeys I'm going to be a little bit exaggerated because you'd hear about Cloud all the time. But a lot of our customers have any all large on Prime premise particularly more regulated Industries and but they still want the

same contextual access controls and flexibility and consistency of policy between staff and he's apps so absolutely so it when we use apps on a Land Rover kind of spoiled their security taking place, but it's just kind of works for us. Right if you're not machine, that's the main Joe and you might have Kerberos enabled and you don't know it right you're getting to your services without having to enter into details and eyesight. If we didn't Queen able to until M user connect to it. He's not in the demesne. He's going to be presented with a need for

credentials and this gets back to what we kicked it off with. No not nice when you need to get to enter enter password Ray Wright. And then what to do after the Rayville to get to that site? What's take a look at the web SSO architecture went to see a similar diagram here similar beginning as to Woodside stops going to start with a workspace app. We connect to our work space is going to communicate with the Gateway service. And it's also also includes app control, right so we can access control who can apply those same kind of controls to the web app in this case a

different series sample to a service provider reach out to Gateway connector. What is happens is when the workspace app browser browser receives the Seas a token from is it has a resource location identifier that allows the Gateway service to communicate with that research location and tell and tell a Gateway connector to communicate back with us to give me connector right? It's a new printing machine DC code or in gate code for a Jones for the future development.

It's all then we have our complete the connection after that that connection to set up from the Gateway service to the Gateway connector. And then at Gateway connector is going to negotiate the authentication for us. It knows until Kerberos for or forms if you will. I was on service prior. I must think the same role as the as he has to be part of it up the whole SSO process right across a log into a workspace in this case would be asked to use the secure browser service and it will communicate with Gateway service which will check with access control and still set up that proxy to the

premises and the Gateway connector will negotiate the Authentication. So that's a real true Hybrid used case. Right? I mean we have no known prime asset like the other interests ATC acting as a Gateway get the Gateway service than the cloud and they're both working together provide you that kind of native web app experience and Sasha Paul Simon taneously. So, you know your digital transformation on your Enterprises doesn't cooperate. This isn't a choice between do I do a SAS or do do you unfriend someone consistent user experience across both those demands? So this this is a doctor do

for you to introduce ass properties and get more comfortable with those or at least he'll respond to what you were going to deliver. Users are selecting their app and they're working and being productive exactly. His let's take a look at the diamond experience now for web SSO. I'm going to start again with the with Gateway hair will select single sign-on. It's so this this list of templates we have is it's really for SATs, right? We're repopulating some links for you, but I was so we can we can shoot we can select one this case. I slept SharePoint we can just skip

at this point right? We're going to have to enter some information specific about our web app in our internet. Change the icon of cashews. And also getting the same enhanced Securities, you know, the inconsistency in the admin experience same access control settings. And then here's where we differ from the disaster. That's right. We're not going to answer it the same with Mission here who's real going to configure Gateway connector. So again, this is a virtual machine. We're going to download you going to pick your

hypervisor. This case I'm using going to use Citrix hypervisor. So will I will say that off. Skip ahead a bit here in the download. Until we're going to import our experience. It's this simple and we won't go through all the configuration steps, but we'll see once once his lunches will look at the council screen and you noticed it's very I almost identical it is identical to netscaler ATC VPX putting up right address. I'm going to connect on 48443 minor difference. They're going to drop into a browser

will connect to that. So pretty appreciate forward to set up and then there's just a handful of things. We need to enter once we connect to the to the gooey. We're going to have a default administrator username and password for single gas tank change that change that password place. That would be very good news Kerberos. We need to enter some credentials right to Manor service account. Can you use reuse ENT lamps with skip that last step is to get activation

code back in the cloud will resetting this awful going to get kind of a long long string here that we just get a copy and paste long the alphanumeric string there. And once once you paste this in and save it off a little bit of consult or we can monitor some details of the the virtual machine will see that it turns green. Then we go back to the cloud. We we detected in a movie or anyone else. Where can I get some kind of a reverse connection from the Gateway connector back to the Gateway Service setup. No, we can complete in a week. We're going to set

up basica SSO here. This is the end till I'm now we complete our Wizard and then we're back to her standard in a process for revision new subscribers. So in a pretty straightforward setting up access to your internet site seamlessly from your your web at your workplace out if you're familiar with this is not much here. Listen. News. I don't think it'll take another look at doing this with with forms authentication. What will get some steps are going to go through in the beginning of the route of the setup will skip will make sure he

slick inside my corporate Network. This is what we do for for web apps. Going to give name Euro to get to the site change the icon. backdoor enhanced security settings and her words were selecting are a Gateway connector. So once we have one or place for every time we watch them should be at other webapps reason we can use that same Gateway connector rub portion to recommend two or more right for for backup purposes are going to enter specific Euro information about logging into the URI portion to login into that web app. And once that saves off from the know that was for

reforms right there a little bit different. So go ahead and provision our users same same process. I'm going to tell what wash rinse repeat, you know, it's easy to avoid mistakes from the administration and prospective similar economic. You look at the a user experience. We're back in at work. We see video after you go ahead and watch it. We still receive the watermark show up. So we're still using those access controls of the web app. And then we see for example here. We have an email if we get to know those fishing links we can go ahead and block it. If it's in the access control your the case

where we have it on Prime application being protected the same way of classification is with all the same threat intelligence backing it up and the same consistency of policies and you don't have to set these policies the same across every every app. You can have a different policy selection to be able to do it and it also feeds into our analytics service. So you get a lot of Rich Telemetry out of that as well. So yeah, it's a it's a great true hybrid Cloud story, except. Yeah, this is really what the work spaces is about Ray bringing together all of our technology and capabilities. Throws

cat with shift gears and talk about our last of the three areas were focused and we talked about sass apps web apps not working anymore, I forgot a millennial. I guess. I don't know. How can we can passwords because no one wants to spend the time and energy button complex password that tiny little keyboard session is actually the mobile device. So we talked about with you again, we get to we can get us a table so we can talk about it. After that. We talked about SSO using the workplace app.

So we're doing this with Mater mobile apps free apps that sitters doesn't own but we're going to install it from public at stores and went to provide the ability to do single sign-on through the workspace service. It's all we're not seeing this week Tech preview for mobile SSO. It's going to take a look at the user experience. I'm still here. We're on our mobile device with launch the workspace app and we're connecting to our site and during our credentials.

Here we see we have we have the slack XO so the slack app if if we don't have any other mobile apps installed first thing we'll have to do is install secure Hub. Right then we have to get that device enrolled. Who was we skip ahead kind of threw the enrollment process but once the app is installed will see that here. We have a VPN connection. And so any mobile as the snow is going to utilize Citrix SSO technology will see you once a VPN at set up. The user is able to log into slack and no need to enter their credentials. In fact, when we entered entered the demesne there. We're

just kind of dumb Wayne mobile SSL, but we can we can alleviate that with another endpoint management policy. New York uses Flack Okay. So let's take a look at the architecture behind that again similar kind of diagram and that you're going to be similar steps. Are we going to start with the workspace App log into the workplace diversity that initial active directory. Is there active directory Authentication? Never going to get them the mobile app push down. This is something in point management can do. I'm in here somewhere secure help comes into play roster need secure

Hub on that device is going to roll with your role in the endpoint management instance. And then at this point what will get into the admin details in a bit? We're going to push down a policy and if it's not already on there going to push down the Civics ssof and so what we're going to do is it when when the slack at starts when I intercept that call and we're going to setup a VPN to the Gateway service using the Citrix SSO app and at this point we're back. This is similar steps with the disaster. So Gateway Services going to get it in a prescription and it's texting a

proxy and and communicate with the service provider on behalf of that app return the assertion to the the slack app for the any of the Republic app for providing answer. So for you to communicate with a service provider validate that and then at this point, we have two options one is that the traffic continues to flow through Gateway service, we can proxy that connection through the service provider other option is a we can do a split Gateway, right so we can we can avoid that and have the app go directly to the service provider. If you choose to take that route to Sky you'd

mentioned using a lot of different elements of Technology. This is River a great example that I were talking in point management Gateway work space by the technology orchestrating working together here. Yeah, you know, what's really interesting is he gone to all these different use cases? Diagrams are all relatively simple. You're probably already bored seeing the same lines have been drawn and advantages of having that is that that's a well-tested well architected infrastructure and that consistency also translates to like it kind of a concealed consistent user experience as well. So

until we actually works to make sure that it was actually the same as we can make it and the exceptions like the endpoint enrollment and things like that was our device specific needs for the actual authentication portion of it the inline control portions of it. That's all similar which means we can afford that, Talia policy make Ashley Neal the management of this a lot easier. Good deal. Okay until it's it's Rhonda South today. Let's talk about the the admin experience for this. So we're going to start and sit

as cloud and first one is doing to our endpoint management and we have to do a few steps here. First thing we're going to do is add an entry for the the public after we want to push to the Indian Point. Right? So in this case, it was slack will get in search of that for free iPhone. Select that move to the wizard and then fly to the iPad as well was going to show the iOS or so beyond select other platforms we go to the flight at 2 delivery group. And I will go ahead and will credit app inventory policy. This is needed for the endpoint management to know what apps are on the

device. And which one is going to push the VPN policy to renew some instances. This is already created for you. Now we're going to go and create a VPN policy in this is really one of the most important steps here. We're going to set it to Citrix SSO. I'm going to give a f e d and are sold as of the tech preview. It's going to be VPN. Netscaler Gateway than that, but that that can be subject to change. This is where you know if it's going to know which of those doesn't now 14 Pops to connect to a VPN. Right? We don't want this for the whole device.

It's going to be for this specific app were going to specify select on demand. We only wanted to get set up when the actors in use when we open the app. I'm going to send it to pack a tunnel and then we're going to answer is fire demand. It could be the same after this is so that if the app uses Safari Network capabilities in those to intercept it bad as well. We'll save it off when they're going to do but that's proven in a flag if you wanted to split tunnel and avoid proxying that dated traffic through Go ahead and go to the Wizard and I can

apply this to the user group. And so this is going to be pushed to any users that are part part of that User Group. It's the last appearance. We need to add a app after view policy. And this is just required to Miss Israel West right? We're going to map the VPN policy back to that specific slack app on the on the endpoint. We select our VPN policy right there and that that's it on the endpoint management side. It's an hour equal navigate back to Citrix cloud and we'll will drop into

Gateway and I will back to her single sign-on wizard right we're doing the same identical set up right now at that we did for SSO apps in the app on the mobile device is going to be no use of VPN to get transported to the Gateway. And then it's going to utilize the settings to do that. Say Melissa phone negotiation on behalf of the surrounding are specific to mean for slack right there. And these are steps. You would add just for the SAS the slack app. Anyway, you're just doing it again the show yo got it to the mobile device. You're going to be

able to take So here we are in the black face or entering our family Tales. This is the same old and help you search neuro will putting in our specific slack the main. And then here's our XML file again with family Tales. So I'm going to get some similar similar stuff, you know, the devil's in the details a little bit slightly different steps are right for each one a little bit different. We have to repay stick it in for a few when I can import that are going to put in the The Entity ID. That was a string of the very top of the XML

file. Here, we we put in the afternoon, right? This is this is for our actual Gateway Mexican or gateway. Gateway. Pop star Steph Curry are user-friendly certificate and round out the configuration on the service provider side. And yeah, I'm really proud of the beginning and certificate because I was on Twitter and sell it to someone who's complaining that that wasn't there and it's not working. So I actually took that feedback and make sure to put it is okay. If you can thank you for the provision that way and then finally to see we're

back in the library easy peasy. We're going to subscribe to select auto group in out for the users on the influence that are going to have this lack a provision. Then they're ready to open the app and have single sign-on. So is that that does it for us now? We're going to go ahead and wrap things up. We talked about, you know, SAS, it's really important keeps growing and Enterprises and we make it simple to configure an easy for the end-users absolutely in becoming more popular in

every cloud digital transformation conversation. I had with customers or never in the same place. Every one of them is in a different place. And so we're trying trying to be prescriptive out what the journey should be for sure why this is why this is so flexible. And then where it worse at doesn't work if you still need those back and that's right. We make it easy to get to them using the Gateway connector based on, you know years of civics ADC technology Access Control policies on top of it. So you're not losing any control rachio

adding more. I security controls on top of all your apps that way, you know using similar configuration process were bringing that singles. Everybody's the mobile app so that consistency of configuration for those mobile app. Hopefully it's easier for your administrators. It kind of quickly provision these thing it's another sessions check out text Zone. Said, it's not calm. There's a couple out there and access control in the one on mobile SSO and they can get the sticker after another funny stickers to put on your back your

PC or mobile device pretty cool stuff 4th episode. We're going to talk about content, right? So now we ever see you. Can you get your apps on your in points you need content to do stuff and we're going to talk about how we can manage that story songs and over there connectors we can get access to that content wherever it's stored and provided security and provide a great and user experience with the workplace service. Nice working with you. And then so before you leave,

please be sure to fill out those surveys in your your app and the sessions are actually I think Up On Demand on the subjects. Com website and by June 3rd, you be able to download the presentations and please do rate this app and give us any feedback. You can for future sessions look for session feedback in the mobile app and be sure to play a game on App and take advantage of the early other the field the trials as well. And I know it's there there's a lot of stuff going on and stays here but Hands-On is definitely the best way to learn this stuff. So they'll be plenty of

opportunities hopefully for you to do that has a sister. So it's also Sun itself face near The Learning Center in so you can go do a self play slap to get Hands-On to do this while you're here at Cinergy. Obsession hashtag Citrix Synergy, or he's got to the workspace can give you some feedback quickly good feedback. And that's a wrap. I think we have a minute or two for questions for anybody has any questions feel free to use the microphone to be up this being

recorded So I meant wants to dancing questions. Awesome, if you don't yes legis in the front hair after we're done. So thanks for your time today.

Cackle comments for the website

Buy this talk

Access to the talk “Citrix Synergy TV - SYN132 - Geek's guide to the workspace (part 3): protecting your SaaS”
Available
In cart
Free
Free
Free
Free
Free
Free

Access to all the recordings of the event

Get access to all videos “Citrix Synergy Atlanta 2019”
Available
In cart
Free
Free
Free
Free
Free
Free
Ticket

Interested in topic “Software development”?

You might be interested in videos from this event

September 28, 2018
Moscow
16
129
app store, apps, development, google play, mobile, soft

Buy this video

Video

Access to the talk “Citrix Synergy TV - SYN132 - Geek's guide to the workspace (part 3): protecting your SaaS”
Available
In cart
Free
Free
Free
Free
Free
Free

Conference Cast

With ConferenceCast.tv, you get access to our library of the world's best conference talks.

Conference Cast
525 conferences
20515 speakers
7489 hours of content