Create an Application

• Application Name—Enter the application name.

• External URL—Enter the URL that is used by the user to access the application.

• Application URL—By default, the external URL is used as the Application URL. Uncheck the Use External URL as Application URL check box to specify a different URL.

  If the threat defense uses an internal DNS, then the Application URL must align with an entry within that DNS, to ensure resolution to the application.

• Application Certificate—Choose the certificate for the private application. Click the Add () icon to configure an internal certificate object. For more information, see Adding Internal Certificate Objects.

• IPv4 Source Translation—Choose the source network for NAT from the drop-down list. Click the Add () icon to create a network object. For more information, see Network.

  This Network Object or Object Group is used to translate a public network source IP address of an incoming request to a routable IP address inside the corporate network.

  Note	Only object or object groups of type Host or Range are supported.

• Application Group—Choose the Application Group from the drop-down list. See Create an Application Group.

  Note	This field is not applicable for an ungrouped application.

• For a Grouped Application, the SAML Service Provider (SP) Metadata, SAML Identity Provider (IdP) Metadata , and Re-authentication Interval are inherited from the Application Group and do not need to be configured by the user.

• For an Ungrouped Application, perform these steps:

  1. In the SAML Service Provider (SP) Metadata section, the data is dynamically generated. Copy the Entity ID or Assertion Consumer Service (ACS) URL of the IdP or click Download SP Metadata to download this data in XML format for adding it to the IdP. Click Next.

  2. In the SAML Identity Provider (IdP) Metadata section, add the metadata using any one of the methods:

     • XML File Upload—Choose a file or drag and drop the XML file.

       The details of the Entity ID, Single Sign-On URL, and IdP Certificate are displayed.

     • Manual Configuration—Perform these steps:

       • Entity ID—Enter the URL that is defined in the SAML IdP to identify a service provider uniquely.

       • Single Sign-On URL—Enter the URL for signing into the SAML identity provider server.

       • IdP Certificate—Choose the certificate of the IdP enrolled in threat defense to verify the messages signed by the IdP.

         Click the Add () icon to configure a new certificate enrollment object. For more information, see Add Certificate Enrollment.

     • Configure Later—In the event you do not have the IdP metadata, you can configure it later.

     Click Next.

  3. In the Re-authentication Interval section, enter the value in the Timeout Interval field and click Next. The reauthentication interval allows you to provide a value that determines when a user must authenticate again.

The Application is listed on the Zero Trust Application page and is enabled by default.