Entitlements contain actions that define the resources that users or devices will be allowed to access on a given Site. Entitlements may also include app shortcuts presented in the Client.
Before you start
Pre-configure the following elements:
Sites. If using URL access (HTTP up Actions), you will need a PKCS #12 file for the URLs you plan to protect. Refer to Tunneling for more information.
Name resolvers. Configure the Site first, so the correct options are displayed when configuring the Entitlement Action. You should also configure the Cloud platform first so that AppGate ZTNA can discover the types of resources and their values, such as tag names.
Entitlement Scripts. Upload scripts you plan to use, making sure any host definitions are correct.
Conditions. Configure Conditions first, so these can be referred to when configuring Entitlements > Access control.
You should also consider the effect on RAM usage in respect of the number of Entitlements you use.
Background information:
See the Application Discovery section for more information to help identify the minimum set of Entitlements required.
For more information on provisioning user rights, refer to the Troubleshooting user and device access section.
For more information on configuring name resolvers, refer to the DNS and name resolution section.
Find out more about best practices in the using Entitlements section.
For more information on the different ways to define hosts, see the following sections:
See the Routing Client traffic section for more information about how to benefit from route optimization.
See the Disable, change or remove access section to learn how to do this with Entitlements.
See the Overlapping Entitlements section to learn how to resolve overlapping Entitlements and information on use cases.
Use the Entitlements page for:
Creating access rules. Create Entitlements that define what traffic is allowed for target hosts on a Site.
Changing access rules. Re-configure permitted actions or attach Conditions to the Entitlement.
Adding an Alert or Blocking traffic to monitor for irregular network traffic.
Cloning Entitlements. Create new Entitlements quickly and avoid errors by duplicating existing Entitlements
Performing actions using the action buttons provided.
Remember DNS. Unless you are using the Client DNS auto-configuration option, you need to add an Entitlement so the user's application can access the DNS server(s) you have specified. Leave access control set to Always Allow Action(s).
When you are ready to start configuring Entitlements, see the Configure Entitlements section.
Settings .png?sv=2022-11-02&spr=https&st=2026-04-16T22%3A51%3A17Z&se=2026-04-16T23%3A03%3A17Z&sr=c&sp=r&sig=pg7UhqyNZLoTWHI%2Bw3CKWduPbpeW1rIEEKNJ6KpFCRc%3D)
In the Settings menu, you can enable the Normal or Details view of the Entitlements page. The Details view displays more information for Entitlements.
Actions
The Admin UI tools page provides more information about the operations that can be performed with the Actions button.
Action Buttons
Action buttons are accessed by clicking the three dots icon (
) to the right of each line item in the page or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item. The action button for Entitlements displays the following options:
Enable/disable Entitlement Status. This switch allows the status to be set to enabled or disabled.
View Policies linked by name. This analyzes the system configuration and determines all Policies by name that include this Entitlement.
View Policies linked by tag. This analyzes the system configuration and determines all Policies by tag that include this Entitlement.