Preliminary information before configuring Device Claim Scripts

Device claim scripts create scripted (formerly on-demand) device claims and are selected in Identity Providers (IdPs). Device claim scripts are stored on the AppGate ZTNA system and execute on a user's device. Scripts are pushed to the Client and run every five minutes, after which any changes to the claim are reported. The Client downloads device claim scripts at authentication if they have not already been downloaded.

In AppGate ZTNA version 6.6 and beyond, device claim scripts are no longer enabled by default and the Client will only execute scripts from profiles with verified DNS names.

WARNING
If you have not yet updated to version 6.6 and you intend to continue using device claim scripts after you upgrade, you must obtain an updated license file before upgrading your Collective to 6.6.

Before you start

Take the following into consideration before configuring device claim scripts:

Device claim scripts will not be executed until profile DNS names are verified by AppGate Support.
Device claim scripts will not be executed if the client is running in elevated/administrator mode.
Device claim scripts need to able to execute on the target platform and run without the user requiring admin rights.
Device claim scripts should return values through std out which will subsequently be evaluated for true/false.
The following platform-dependent script formats are supported: .exe, .sh, .bat, .vbs and .ps1. Others may run but are unsupported.

Review the following background information before configuring device claim scripts:

Get a better understanding of device claims including details relating to device claim scripts.
Reveiw the general background on the use of scripts.
Refer to the claims in detail section for information about claims used in the system.
Verify your profile DNS name(s).
Prepare your device claims script for uploading.
Check the Client compatibility matrix to make sure the device claim script can be used on your target platforms.

Use the Device Claim Scripts page to:

Add a new device claim script.
Edit an existing device claim script.
Download a device claim script.

When you are ready to add a device claim script, see the Configure Device Claim Scripts section.

Action Buttons

Action buttons are accessed by clicking the three dots icon ( Three circular shapes stacked vertically on a dark background, selected to access a menu. ) to the right of each line item in the page or from the <Actions> button within the item. They are contextual, changing depending on the type of item and the state of the item. The Action button for device claim scripts displays the following option:

Download Script. Downloads the script to your machine.