In the policy settings, specific configurations are available for each type of application. This article demonstrates the configuration options that can be selected for the Personal Desktop.
To view all the options supported by the Personal Desktop:
- Navigate to Settings > ZTNA > Policies > Personal Desktop
- In this page all the options available for Personal Desktop policies will show.
Details of Personal Desktop policy that can adjusted:
- Enable or Disable Policy, use this option to change the status of the policy.
- SSO Type, determines how users authenticate to access their Personal Desktop
- None, do not use SSO to authenticate
- Basic, use credential to authenticate (User logon credentials or Prompt user form before user access the Personal Desktop)
- None, do not use SSO to authenticate
- Connection Method, allows user to connect their personal desktop by Web or Native RDP
- Users Groups, use this option to define which users the policy applies to. Choose "Authenticated user" to apply it to all user or choose "Specific Users & Groups" to apply it to specific user or groups.
- Condition, personal desktop conditions are the criteria users must meet or fulfill when accessing their personal desktops.
Some condition that we can configure for device posture are:
- Require MFA, Users must authenticate using multi-factor authentication to access the application.
- Require device certificate, A valid device certificate is required to access the application.
- Require MS-ADCS Certificate Template OID, Users must have a certificate based on the specified MS-ADCS template OID.
- Source IP address, Access is allowed or denied to users connecting from specific IP addresses.
- Require supervisor approval, Users need their supervisor's approval before accessing the application.
- Advanced Rule, Access is governed by custom rules tailored to specific requirements.
- Action, is a set of configuration and feature option that we can choose for accessing personal desktops environment
- Allow clipboard, enable copy/paste functionality
- Allow drive redirection, allows mapping local drives to be accessed in remote personal desktop (Native access only)
- Allow device redirection, allows users to access the local devices that physically connected in remote personal desktop (Native access only)
- Allow printer redirection, allows users to use the printer device to be accessed in remote personal desktop (Native access only)
- Use multiple monitors, allows users to use multiple displays to access personal desktops
- Record session, feature to record the personal desktop usage on every access session
- Supervisor can interact with session, feature for supervisor who approved the session can interact with the session.
- Native session access token will be valid for (minutes), length of time for the token inside downloaded .rdp file valid or active
- Allow camera, allows users to use the camera device to be accessed in remote personal desktop (Native access only)
- Allow audio input, allows users to use the audio device to be accessed in remote personal desktop (Native access only)
- Enforce session fingerprinting, feature to restrict users for only access using the device they initially logged in with
- Allow COM redirection, allows users to use the device that connect to COM or serial port to be accessed in remote personal desktop (Native access only)
- Allow smart card redirection, allows users to use the smart card device to be accessed in remote personal desktop (Native access only)
- Log successful user access, feature to log every successful user access