Skip to content

How users access apps

Users can do as follows:

  • Access apps directly.
  • Access apps via the ZTNA user portal.

Whichever method they use, users must sign in. If you later need them to sign out, see Sign out of ZTNA.

Access apps directly

New users who try to access an app (via a browser or Explorer) for the first time are asked to sign in. They can then access all apps you've given them access to. They don't have to sign in each time.

If a user doesn't access any apps behind the gateway for seven days, they have to sign in again.

Access apps via the ZTNA user portal

Users can access apps through the Zero Trust user portal, which shows them the apps they can use.

Give users the web address for the portal (this is the FQDN you entered when you added the gateway) and tell them to enter it in their browser.

The first time they go to the portal, users are asked to sign in. They can then access all apps you've given them access to. They don't have to sign in each time.

Users can see all the apps they're allowed to access regardless of which gateway they're hosted behind.

Example

You have one app behind an AWS gateway and one app behind an ESXi gateway. If you enter the FQDN of the AWS gateway to access the user portal, you'll see the app behind the AWS gateway and also the app behind the ESXi gateway.

Note

If you set the gateway Platform type to Firewall, you must first configure a resource so users can access the user portal.

If a user doesn't access any apps behind the gateway for seven days, they have to sign in again.

Note

Currently the portal doesn't show apps that are accessed via the ZTNA agent.

Zero Trust user portal.

Sign out of ZTNA

Users stay signed in to ZTNA unless they're inactive for seven days.

You might need users to sign out, for example if they're on a shared device, or if there are issues that can be fixed by reauthenticating.

Currently, only an admin can sign users out. See Sophos Zero Trust Network Access: Sign out from ZTNA agent.