Policies
      Back to home
      1. Support Center
      2. Safous ZTA Admin Guide
      3. Policies

      [ZTA] Policies/Conditions

      Conditions is a new menu in App Gateway version 5 that allows you to configure the conditions users must meet to access applications. If you are a former Safous ZTA user from version 4, this is essentially the same configuration as the "Access Policy" in Policy. Conditions makes it easier for administrators to configure specific access policies and then bind them to applications.

      Conditions has seven types of access configuration: Device Posture, Require MFA, Require device certificate, Require MS-ADCS Certificate Template OID, Source IP address, Require supervisor approval, Advanced Rule.

      Accessing Conditions

      1. Login to https://portal.safous.com
      2. Navigate to Settings > ZTNA > Policies > Conditions
      3. List of Conditions shown with below details

        (1) "New Condition" button, to add your Condition configuration and use it in Application
        (2) Name of the existing Condition
        (3) Description of the existing Condition
        (4) Enabled Conditions of each Condition entry  
        (5) "+" button, to expand the information of that specific Condition

      Creating New Condtion

      1. Click "New Condition" button, it will expand multiple forms to be filled out for new condition

      2. When filling out the form, please follow these rules:

        • Name is a required field and must be unique compared to other condition names.
        • Description is a field where you enter the additional description for your configured condition.
        • Conditions is an access configuration for what condition that user have to fulfill when accessing the application. Below type of condition that administrator can configure:
          • Device Posture, ensure the device meets organizational security standards (e.g., compliant with Intune policies, encrypted, and up-to-date.
          • Require MFA, enforce Multi-Factor Authentication (MFA) for accessing the resource.
          • Require device certificate, require a valid certificate issued to the device to verify its identity.
          • Require MS-ADCS Certificate Template OID, validate that the device presents a certificate issued using a specific Active Directory Certificate Services (ADCS) template, identified by its Object Identifier (OID).
          • Source IP address, restrict or allow access to specific IP ranges or locations, ensuring connections originate from trusted networks.
          • Require supervisor approval, implement a workflow where supervisor approval is required before access is granted.
          • Advanced Rule, combine conditions and actions into a custom logic, such as requiring all of the above conditions and applying additional restrictions (time-based access, etc).
      3. Click "Save" after finish configure condition based on your usage.

      Applying the Condition to Application

      In order for the condition configuration to work, Administrators must enable the feature in the Application. Follow these steps:

      1. In the Admin Portal, go to the Application page (Settings > ZTNA > Applications) and select the application where the condition should be applied. You can either create a new conditions or edit an existing one.
      2. On the New Application screen, navigate to the Policies (Condition and Action) field, as shown in the screenshot below. This is where you can enable the condition by connecting it to the application. It will then be used every time a user wants to access the application. Then, click Save.

      Modify or Delete Existing Condition

      1. Click plus sign (+) button on existing condition, which will expand the information of that specific condition
      2. Click Edit to modify, or Delete to delete the condition.