Entitlements

Entitlements contain Actions which define the resources that users/devices will be allowed to access on a given Site (firewall rules) and may also include App Shortcuts which are presented in the Client.

Before you start

Pre-configure the following elements:

• Sites: if using URL access (HTTP up Actions)  then you will need a PKCS #12 file for the URLs you plan to protect, refer to Sites Configuration.

• Name resolvers: you should configure the Site first, so the correct options are displayed when configuring the Entitlement Action. You should configure the Cloud platform first so that Appgate SDP can discover the types of resources and their values (ie Tag names).

• Entitlement Scripts: upload any scripts you plan to use, making sure any host definitions are correct.

• Conditions: you should configure any Conditions first, so these can be referred to when configuring Entitlements > Access control.

Background information:

• Use of Application Discovery to help identify the minimum set of Entitlements required

• Provisioning user rights, refer to: User/Device access

• Configuring name resolvers, refer to DNS and name resolution

• Find out more about best practice in using Entitlements

• Defining hosts can be done in several ways:

  • Using IP/hostnames

  • URLs

  • Resource names

  • Entitlement scripts

• Benefiting from route optimization

• Using the Risk model for access control

• Disable, change or remove access to Entitlements

• Dealing with Overlapping Entitlements

Use the Entitlements form for:

• Creating access rules: create Entitlements that define what traffic is allowed for target hosts on a Site

• Changing access rules: re-configure permitted actions and/or attach Conditions to the Entitlement

• Adding an Alert or Blocking traffic eg. to monitor for irregular network traffic

• Cloning Entitlements: create new Entitlements quickly and avoid errors by duplicating existing Entitlements

• Performing actions using the action buttons provided (See below).

Remember DNS. Unless you are using the Client DNS auto-configuration option, you need to add an Entitlement so the user's application is able to access the DNS server(s) you have specified. Leave access control set to Always Allow Action(s).

For details on completing the form, refer to configure Entitlements

Settings

There is the option of Normal or Details view. Details expands the information for app shortcut, Action and Conditions.

Actions

The Admin UI tools page provides more information about the operations that can be performed.

Action Buttons

Action buttons are accessed by clicking the 3 dots to the right of each line item in the table or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item.

• Enable/disable Entitlement Status. This switch allows the status to be set to enabled or disabled.

• View Policies linked by name. This analyzes the system configuration and determines all the Policies (by name) that include this Entitlement.

• View Policies linked by tag. This analyzes the system configuration and determines all the Policies (by tag) that include this Entitlement.