Prerequisites and preliminary information for Client Profiles

Profiles 'seed' clients allowing them to connect to the Controllers. They can be installed manually, managed by a device policy, or used in client profile groups. Profile groups are used for cross-Collective high availability (HA). The client will automatically try the next profile when none of the Controllers are available for the current profile.

Client profiles include a profile name plus the minimum amount of information required for a client to connect to an AppGate ZTNA Controller. This information includes:

The DNS name for the Controller(s)
An IdP which the user will authenticate against
The profile name that appears in the client
The SPA details (name and key) used to establish a TCP connection to the Controller
The fingerprints of the current certificate authority (CA) and next CA as a means to verify the Controller is genuine

The first two items—the DNS name and the IdP—are what defines a unique profile. When a profile is updated, if the DNS name and IdP are unchanged it will replace the existing profile. If a new profile is created with a unique DNS name and IdP, it will be treated as an additional profile.

When you delete a client profile the SPA details will be removed from the Collective. Any users with this profile will no longer be allowed to connect to the system. If you do this by mistake, create a new profile using exactly the same profile name and users should be able to connect again.

Before you start

You will need the following information before configuring a client profile:

Check the global client profile DNS name configured in Global Settings.

Background reading:

For a full explanation of client profiles and how and where to use them, see the Client profiles section.
Find more details about the use of profile DNS names in the HA section.
For detailed information about Single Packet Authorization, see the SPA section.

When you are ready to configure profiles, use the Client Profiles page to:

Configure a new client profile for subsequent distribution; or
Configure a new client profile group to set up cross-Collective HA.

Action Buttons (client profiles only)

Action buttons are accessed by clicking the three dots icon ( Three circular shapes stacked vertically on a dark background, selected to access a menu. ) to the right of each line item in the page or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item. Client profiles can be exported or re-exported at any time.

Copy Profile Link. Copies the link for that profile.
Copy Email Template (RTF). A pre-formatted email message that includes the profile link.
Download Profile Link as QR code. Exports the profile link as a QR code. Optimized for mobile clients.
Download Client On-Boarding Web Page. Downloads a pre-formatted web page for third-party users.