Secure Private Access integration with Monitor (Preview)
The Secure Private Access integration with Monitor allows help desk admin or full admin to monitor and troubleshoot all Secure Private Access sessions in Monitor.
Available actions include viewing the details of the following:
- Secure Private Access active sessions for a user under the Select a Session pop-up > Active Sessions tab
- Secure Private Access failed or blocked enumerations and failed app launches under the Select a Session pop-up > Denied Access tab
- Session and application details view for active and failed app launches
- Session and application details view for failed and blocked enumerations
Service entitlements
To monitor and troubleshoot all Secure Private Access sessions in Monitor, you must have both Secure Private Access and DaaS entitlements.
View a Secure Private Access session by user
-
On the Monitor dashboard, click Search and enter the user name. The Select a session screen appears.
[Optional step]. If you don’t find the entered user name, click Search Directories to find the user name.
-
Select the required user. The Select a session screen appears.
View the Activity Manager for Secure Private Access session
Citrix Monitor offers the Activity Manager view for Secure Private Access sessions which gives you an overall view of the session activities. The Activity Manager provides a comprehensive view of all apps and desktops that are successfully opened, failed to open, and the outcome of the policies set in the Secure Private Access app.
The Activity Manager is displayed with the Available Apps and Launched Apps details. You can find the following session details:
- Launch time
- Resource name
- Resource type
- Accessed resource
- Status
- Transaction ID
To view the Activity Manager, do the following:
-
On the Monitor dashboard, click Search and enter the user name.
[Optional step]. If you don’t find the entered user name, click Search Directories to find the user name.
-
Select the required user. The Select a session screen appears.
-
Select an active session that is opened using the Secure Private Access session. The Activity Manager for the selected session appears.
-
Click Available Apps to view apps that are available in the Citrix Workspace app.
Or,
Click Launched Apps (sessions) to view the apps that are opened in the Citrix Workspace app.
You can filter the resources with the status of the resource set in the Secure Private Access app:
- Allow - Resources that are allowed for a user to access. This status is set using a policy under the Secure Private Access app. This resource is present for the user in the Citrix Workspace app.
- Deny - Resources that are denied for a user to access. This status is set using a policy under the Secure Private Access app. This resource is present for the user in the Citrix Workspace app.
- Error - Resources that are allowed to access for a user under the Secure Private Access app. However, because of some error, the resource isn’t available in the Citrix Workspace app. There are two types of errors such as enumeration error and session error.
View available apps
The apps that are available in the Citrix Workspace app are displayed under the Available Apps section. This section shows the last enumeration attempt of the apps and the status of the enumeration attempt.
You can view the following details:
- Resource name
- Status
- Transaction ID
You can also filter the preceding details with the application status such as Allow, Deny, and Error. You can also sort the details using the up and down arrow.
View launched apps
The apps that are opened in the Citrix Workspace app are displayed under the Launched Apps (sessions) section. You can view the following details:
- Launch time
- Resource name
- Resource type
- Accessed resource
- Status
- Transaction ID
You can also filter the preceding details with the application status such as Allow, Deny, and Error. You can also sort the details using the up and down arrow.
Note:
If an application is accessed multiple times in the same session, only the details of the most recent access are captured..
Application topology view for Secure Private Access apps
You can view the application topology for the apps opened using Secure Private Access. Application Topology view provides the flow of the app launch process. Also, provides complete details about the app. The endpoint connects to the Citrix Gateway and Citrix Gateway connects to the Secure Private Access plug-in. Using the information from the Secure Private Access plug-in, the app is launched.
Click the required app from the Available apps or Launched apps section of the Activity Manager to view the Application Topology of the selected app.
You can also click the required app from the Denied Access tab to view the Application Topology of the selected app.
You can view the following:
- Endpoint - Displays the endpoint where the app is opened. The possible options are Citrix Workspace app and Citrix Secure Agent. The device ID is displayed. You can also view the endpoint OS and location type.
- Citrix Cloud- Displays the number of enumerated apps and the number of configured policies.
- Policy evaluation - Displays the result of the policy that is set on the Secure Private Access app. The different values are Allowed, Denied, Access allowed with restrictions, and Error.
- Public network - Displays the type of apps and the status of app launch. The possible value for app types is Web/SaaS app. Similarly, the possible values for app launch statuses are Allowed, Denied, Access allowed with restrictions, and Error. You can also view the top level URL, app type, and app publishing.
- Resource Location - Displays the type of apps and the status of app launch. The possible value for app types is TCP/UDP app. You can also view the top level URL, app type, and app publishing.
You can now view the following extra details in the Session Topology view for Secure Private Access apps. This change applies to both Web and SaaS apps, in addition to TCP/UDP apps.
Application Topology - Web and SaaS - success:
Application Topology - Web and SaaS - failure:
Application Topology - TCP and UDP - success:
Application Topology - TCP and UDP - failure:
View successfully launched Web apps and SaaS apps
The successfully launched apps are displayed on the Web SaaS and Client/Server Apps section.
Click an app from the Web SaaS and Client/Server Apps section to view the details.
For more information on success codes, see Citrix Director related codes.
View details about the access denied apps
Click the Check Access Details button appears when there is no active session. Or,
Click the Denied Access tab to view the apps for which the access is denied.
The Denied Access tab opens.
The session details such as time, resource, endpoint name, and reason for failure are displayed. For more information on error codes, see Citrix Director related codes.
Currently, the following issues are identified:
- Enumeration denied due to policy conditions
- App launch error
- Enumeration errors
- App launch denied due to policy conditions
Select an app from the Denied Access tab > Resource column to view the details:
The following details are displayed for the successful or failed sessions:
- About the app
- Policy evaluation
- Session details
About the app
The name of the successful, failed, or denied app is displayed. Along with it, the following details of the app for the success or failure are displayed:
| Field | Description |
|---|---|
| Transaction ID | Citrix Transaction ID during the session or enumeration. |
| Resource Type | Displays the type of the resource. The possible values are Web, SaaS, TCP/UDP (Server to Client), and TCP/UDP (Client to Server). |
| Accessed Resource | The URL of the accessed resource during the session or enumeration. In the case of a TCP or UDP app, it shows whether the type of accessed resource is TCP or UDP. |
| Configured policies | The number of policies that are used within a session or enumeration. |
| Reason | The analysis of the session or enumeration activity. |
| Applied Security Restrictions | Displays the applied security restrictions which are applied in the Secure Private Access app. |
Policy evaluation
Displays that no issues found during evaluation for a successful session. For a failed session or enumeration, the following details of the policies evaluated are displayed:
| Field | Description |
|---|---|
| ID | Citrix Transaction ID. |
| Policy Name | The name of the policy. If there are multiple policies, the first policy that is matched with the set condition appears. |
| Rule name | The rule that is added for a policy. |
| Status | The status of the policy. |
| Action applied | The action applied on the policy. For example, deny access. |
| Policy Condition Evaluation | |
| Type | The type of the policy condition. |
| Condition Criteria | The condition criteria of the policy applied in the failed session or enumeration. |
| Value | The value of the policy. |
| Evaluation Status | The evaluation status of the policy. The different values are Allowed, Denied, Access allowed with restrictions, and Error. |
Session details
For a failed session, the reason for session failure is displayed. For a successful session, the following details are displayed:
| Field | Description |
|---|---|
| Session State | Displays the state of the session whether it is active or inactive. |
| Start time | Displays the session start time. |
| Last active time | Displays the last active time of the successful session. |
| Gateway Virtual IP | Displays the virtual IP address of the gateway to which the successful session is connected. |
| Contextual Tags | Displays the contextual tags. The contextual tag on the Secure Private Access plug-in is the name of a NetScaler Gateway policy (session, preauthentication, EPA) that is applied to the sessions of the authenticated users. |
| Domains visited (Internal) | Displays the internal domains accessed using the successful session. |
| Domains visited (External) | Displays the external domains accessed using the successful session. |