Quick start steps with Remote Private Access

In this topic, you will learn the steps you need to take to configure the Portnox™ Remote Private Access (RPA) service.

To understand, how Remote Private Access works, begin by reading the following topic: What is Portnox Remote Private Access and how does it work?.

If you already completed some of the steps, proceed to the next steps.

Note: Portnox Cloud has functions to control network access, not just access to applications. If you only use Portnox Cloud for Remote Private Access, in any of the configuration steps, you can skip the steps relating to network access and do only the steps related to application access.
  1. Create a Portnox Cloud tenant to access the service.

    In this step, you create an account with Portnox Cloud and your own tenant. You only need to do this once.

  2. Log in to Portnox Cloud to start working with the service.

    In this step, you access the tenant that you created earlier. You must complete this step every time you want to work with Portnox Cloud.

  3. Create and configure your individual Portnox Cloud RADIUS servers.

    In this step, you create RADIUS server or servers. These servers are used by your network devices to authenticate, authorize, and account network clients. You only need to do this once.

  4. Configure your cloud-based authentication repository in Portnox Cloud.

    For example:

  5. Distribute user or device certificates to user devices using one of the following methods:

    • Portnox AgentP

      • If you want users to install AgentP, send them the following link: https://docs.portnox.com/caa/. These are end-user instructions for all popular desktop/mobile operating systems: Windows, macOS, iOS, and Android. They teach the users how to install AgentP and how to access applications using Remote Private Access.

        Note: The instructions were originally created for Portnox Conditional Access, but they are also valid for Remote Private Access.

      • If you want to automatically distribute AgentP to user devices using unified endpoint management (UEM) software, here are some guides for popular UEM systems:

    • UEM software and the SCEP protocol

      If you use UEM software, you can distribute certificates to user devices using such software and the simple certificate enrollment protocol (SCEP). Here are some guides for popular endpoint management systems:

    • Portnox Cloud self-onboarding portal

      If you do not want to install AgentP, and you do not use UEM software, you can ask your users to enroll using the Portnox Cloud self-onboarding portal.

  6. Create the Remote Private Access gateway, run the Remote Private Access Docker container, and add Remote Private Access Applications.

    Choose the option below depending on where you host your private applications.

  7. Configure groups, policies, and more.

    Once you have Remote Private Access working, you can now adjust it specifically to your needs.

    1. Manage groups of application users.

      Groups allow you to set different access policies for different users. For example, you can allow only your developers to access your development applications, and only your finance department to access your finance applications. If you choose to control this access at the application-level, you can create one group for all users.

      Note: By default, your Portnox Cloud portal has one group called Default, which contains all your users that are not specifically assigned to any other groups.
    2. Configure risk assessment policies and assign them to groups.

      Risk assessment policies help you check if a user’s device is secure enough to access applications. You can give different importance to various conditions, like not having antivirus software or using an old version of the operating system. If the total score exceeds a certain limit, you can consider the device as unsafe.

      Note: By default, your Portnox Cloud portal has one risk assessment policy called System Default Policy, which is set up with recommended security measures for all operating systems, and which is assigned to the Default group.
    3. Configure access control policies for applications and assign them to groups.

      An access control policy for an application decides what to do if the risk assessment policy labels the device as unsafe. You can choose to let unsafe devices use your applications, or you can tell the user what they should do to make their device safe.

      Note: By default, your Portnox Cloud portal has one access control policy called System Default Policy, which is set up to deny access to unsafe devices, and which is assigned to the Default group.