This section outlines the steps you need to take to prepare AppGate ZTNA appliances prior to configuring user access. You might be familiar with many of the steps, such as integrating with primary authentication and multi-factor providers:
Identity Providers: Designed for multi-tenant deployments. Because a different tenant would likely use a different Identity Provider (IdP), several of the configuration options are tied to the IdP. Currently, AppGate ZTNA supports connections to LDAP/AD, LDAP Certificate, RADIUS, OIDC, and SAML IdPs. The Controller also maintains a local database providing an additional directory for local user accounts. The first thing to do is set up your IdP. Once this is done, you can test this by setting up some new admin roles and users, and then see if you can log in to the admin UI using credentials from your chosen IdP.
MFA Providers: Enable one of the key aspects of AppGate ZTNA's security model: Multi-stage authorization. This is not reliant on additional authentication, such as OTP, but AppGate recommends that one or more MFA Providers are configured because the system can use them in three different ways: administrator access, registering devices at sign-in, and user interactions. Configure a RADIUS-based MFA Provider. If you do not have one, you can use the built-in default, time-based OTP provider which works with most authenticator apps. You can test this is by enabling this for your admin users since you have set these up already. Exclude the built-in admin to make sure you don't lock yourself out.
Other configurations might be less familiar, so it might be worth looking at DNS and name resolution, Portal, and Connector to understand how to best integrate the AppGate ZTNA solution into your network environment.
