Profiles 'seed' the Clients allowing them to connect to the Controllers. They can be installed manually, managed by a device Policy or used in Client Profile Groups. Profile Groups are used for Cross-Collective HA. The Client will automatically try the next profile when none of the Controllers are available for the current profile.
The Client profile
Client profiles include a profile name plus the minimum set of information required for a Client to be able to connect to an Appgate SDP Controller. The resulting elements are:
the DNS name for the Controller(s)
an IdP which the user will authenticate against
the profile name (which appears in the Client)
the SPA details (name and key) which are used to establish a TCP connection to the Controller
the fingerprints of the current CA and next CA as a means to verify the Controller is genuine
The first two underlined items are what defines a unique profile. When a profile is updated (changed name, SPA or CA), then because the underlined items are unchanged it will REPLACE the existing profile. If a new profile is created (with a unique DNS name / IdP), then it will be treated as an additional profile.
When you delete a Client profile the SPA details will be removed from the Collective. Any users with this profile will no longer be allowed to connect to the system. If you do this by mistake, then create a new profile using exactly the same profile name and users should be able to connect again.
Before you start
Information you will need:
Check the global Client profile DNS name configured in Global Settings
Background reading:
For a full explanation of Client profiles and how and where to use them, refer to Client profiles
There are more details about the use of Profile DNS names in HA
For detailed information about Single Packet Authorization refer to SPA
Use the Client Profiles form to:
Configure a new Client profile for subsequent distribution
Configure a new Client profile group to set up Cross-Collective HA
Action Buttons (Client Profiles Only)
Action buttons are accessed by clicking the three dots to the right of each line item in the table or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item. Client profiles can be (re)exported at any time.
Copy Profile Link. Copy and then sent by chat, email, etc (for all Clients). You can edit the server's hostname if for instance you need to use an IP address in a test environment.
Copy email template (RTF). A pre-formatted email for all users.
Download Profile Link as QR code. Exported as a QR code. Optimized for mobile Clients.
Download Client On-Boarding Web Page. A pre-formatted web page for third party users.