Access Configuration and Policies

Use this section to configure who can request Secure Remote Access (SRA), how usernames are resolved for target sessions, which redirect endpoints are trusted, and which session security controls are enforced.

These settings combine Gateway runtime configuration, bastion deployment configuration, and authentication method restrictions.

Start Here by Objective

1. Define who can request SRA and which bastion identity is used: Allowed Access IDs and SRA Entitlements
2. Map identity claims to runtime target usernames: Username Sub-Claim Mapping
3. Restrict redirect and callback endpoints to approved destinations: Redirect and SSH URL Hardening
4. Configure session lifetime and SSH/web security controls: Session TTL and Security Controls
5. Configure centralized desktop app defaults for cert issuer and web URLs: Desktop App Default Connection Settings

Related Pages

• SSH Certificates
• SRA Requirements
• Kubernetes Advanced Configuration
• Docker Compose Advanced Configuration
• Zero Trust Web Access on K8s Advanced Configuration