Configure access policies for the applications

Access policies allow you to enable or disable access to the apps based on the user or user groups. In addition, you can enable restricted access to the apps (HTTP/HTTPS and TCP/UDP) by adding the security restrictions.

  1. In the admin console, click Access Policies.
  2. Click Create Policy.

    Create policy

    1. In Policy name, enter a name for the policy.
  3. In Applications, select the apps for which you want to enforce the access policies.
  4. In Users conditions – Select the conditions and users or user groups based on which app access must be allowed or denied.

    • Matches any of: Only the users or groups that match any of the names listed in the field are allowed access.
    • Does not match any: All users or groups except those listed in the field are allowed access.
  5. Click Add condition to add another condition based on contextual tags. These tags are derived from the NetScaler Gateway.

  6. In Actions, select one of the following actions that must be enforced on the app based on the condition evaluation.

    • Allow access
    • Allow access with restriction
    • Deny access

    Note:

    • The action Allow access with restriction is not applicable for the TCP/UDP apps.
    • When you select Allow access with restrictions, you must click Add restrictions to select the restrictions. For more information on each restriction, see Available access restrictions.

    Access restrictions

  7. Select the restrictions and then click Done.
  8. Select Enable policy on save. If you do not select this option, the policy is only created and not enforced on the applications. Alternatively, you can also enable the policy from the Access Policies page by using the toggle switch.

Access policy priority

After an access policy is created, a priority number is assigned to the access policy, by default. You can view the priority on the Access Policies home page.

A priority with a lower value has the highest preference and is evaluated first. If this policy does not match the conditions defined, the next policy with the lower priority number is evaluated and so on.

You can change the priority order by moving the policies up or down by using the up-down icon in the Priority column.

Next steps

  • Validate your configuration from the client machines (Windows and macOS).
  • For the TCP/UDP apps, validate your configuration from the client machines (Windows and macOS) by logging into the Citrix Secure Access client.

Sample configuration validation

Configure access policies for the applications