The following table describes the shared responsibilities between AppGate and your company for the configuration and operation of the Zero Trust Platform (ZTP) and any hosted AppGate ZTNA Collectives.
Responsibility | Description | Customer | AppGate |
|---|---|---|---|
Access policies | You are responsible for the policies, entitlements, and conditions that AppGate ZTNA administrators use to grant or restrict access to corporate resources. | X | |
Accounts and identities | You are responsible for managing accounts and identities—both local (for example, AppGate ZTNA users) and from external identity providers (for example, Azure AD and Okta). | X | |
Roles and privileges | You grant access privileges to the ZTP account and any other purchased products or services. | X | |
Client installation and updates | You are responsible for installing AppGate ZTNA clients on end-user devices and, where applicable, server and Kubernetes environments. | X | |
Third-party integrations | You are responsible for any integrations beyond the adapters used by the Risk Engine and supported external identity providers and log forwarders. | X | X |
Infrastructure | You are responsible for procuring, configuring, monitoring, and operating any resources outside the ZTP. AppGate is responsible for provisioning, monitoring, and operating all infrastructure within the ZTP environment. | X | X |
Appliance configurations | You are responsible for configuring all appliances except hosted appliances, which AppGate configures. | X | X |
Appliance monitoring | AppGate monitors the health of all hosted appliances. You are responsible for monitoring the health of all appliances within your environment. | X | X |
Appliance upgrades | AppGate keeps all hosted Collectives up to date. Upgrades are non-disruptive and typically occur during periods of limited activity with prior notification. When necessary, AppGate coordinates upgrades with customers who have special requirements. | X |
NOTE
To maintain the integrity and availability of hosted Collectives, AppGate ZTNA administrators are restricted from deploying additional appliances into the ZTP, managing or modifying Controllers, and applying appliance customizations.