On the App Gateway page, you can configure the application so that your users can access it whether they are logging in from an internal or external location. For applications configured for the App Gateway, users do not have to use a VPN connection to access the application remotely.

Note:    The App Gateway feature is a premium feature and is available only in the Privileged Access Service App+ Edition. Please contact your Centrify representative to have the feature enabled for your account.

Note:    Some applications may not be compatible with App Gateway.

  1. (Optional) To enable App Gateway mode, select Make this application available via the internet.

    The Privileged Access Service verifies the application settings and displays the URL that you provided in application settings as the internal URL for the application.

  2. Specify the external URL that users open to access the application from external locations. You can use an existing external URL or use one that the Privileged Access Service generates automatically for you.

    If you use an existing external URL, any links to the application URL do not need to change and will continue to work as is.

    • To use your existing external URL, select Use this external URL for application access on or off the corporate network and do the following:
    1. Enter the existing URL. You can enter an internal or external URL here.
      Login URLs with IP addresses are not supported.
    2. Click Upload to browse to and upload your SSL certificate with the private key for the URL that you entered.
      The certificate file has either a .PFX or .P12 filename extension.
    • To use the auto-generated URL, select Use this Centrify generated external URL for application access on or off the corporate network.
      Later, you’ll need to notify your users of the updated URL to use.
  3. In Gateway Options, select Pass the requested URL to the application without decoding.

    This option passes the raw URL to the application, which is sometimes necessary for compatibility.

  4. Select a connector to use with the application at the Cloud connectors to use with this service section. Choose one of the following:
    • Any available

      Select this option to allow the Privileged Access Service to randomly select one of the available connectors for your App Gateway configuration. Click Test Connection to make sure the connection between the connector and the application is successful.

    • Choose

      Select this option to specify one or more cloud connectors to use for your App Gateway configuration. If you select more than one connector, the Privileged Access Service randomly chooses one of the selected connectors to use for the application. Once the configuration is saved, each future App Gateway request uses a random connector from those selected, as long as the connector is online.

      Once you select the connectors you want to use, click Test Connection to make sure the connection between the selected connectors and the application is successful. At least one connector must succeed in order to save the configuration.

      Note:    If any of the cloud connectors are offline, they are not displayed in the list of available cloud connectors.

  5. Click Save to save the App Gateway changes.
  6. If you configured the application to use an external URL, next you edit your DNS settings to accommodate the App Gateway connection to this application. You’ll enter a CNAME record to map this URL to the application’s gateway connection URL, such as <guid>-gw.gateway.Centrify.com. For more information about configuring App Gateway and troubleshooting App Gateway connection issues, see Configuring an application to use the App Gateway and App Gateway Troubleshooting .