Guides
Log In
Guides
Start typing to search…

Application Parameters

Provider and Protocol

Provider

Select the hosting location for your application:

Local
The application is hosted on-premises at your corporate location.

AWS
The application is hosted on Amazon Web Services. This option enables asset management based on labels and supports RDP, VNC, SSH, and TELNET protocols.

Protocols per Application Type

Each application type uses a specific protocol and default port:

  • Web Applications — HTTP, HTTPS, SaaS, Link
  • Networks — TCP, SSH Tunnel, Network
  • Servers — RDP, SSH, VNC, TELNET
  • Databases — PSQL
  • Files — SMB

Parameters

The available parameters vary by application type.

Visible

Default: Enabled

When enabled, the application appears in the end-user Applications Portal. When disabled, the application remains published and accessible but is hidden from the portal.

Use case: Secure redirected traffic by publishing a hidden application for the redirect URL.

Example:

  • Published application points to www.cnn.com
  • Traffic redirects to edition.cnn.com (not secured)
  • Publish a second application for edition.cnn.com with Visible disabled
  • Both URLs now route securely through Cyolo

Internal Address/URL

Enter the internal IP address or URL of the server hosting the application. This address must be accessible from the IDAC.

Site

Sites represent logical segments of your organization. Each site has at least one IDAC that publishes resources.

When creating a site, configure a DNS suffix (for example, example.com) or a network address in CIDR notation. The site is auto-selected based on the Internal Address/URL.

Default: All sites

You can:

  • Select a specific site to publish only from its IDAC
  • Select All sites to publish across all current and future IDACs

Recommendation: Assign multiple sites for high availability. When you add a new IDAC to a site that already hosts this application, the new IDAC will also publish it.

Subdomain

Enter a subdomain prefix to form the public URL that users connect to.

Example:

  • Subdomain: web
  • Domain: domain.cyolo.io
  • Resulting URL: web.domain.cyolo.io

Domain

Domains defined under Applications > Domains appear in this dropdown. The first domain displays by default. Select a different domain if multiple domains are configured.

Icon

Upload an image file to display as the application icon in the Applications Portal.

Authentication Method

Authentication method refers to how users sign in to the application. Users can either enter credentials manually or have the system authenticate on their behalf.

None

Users are prompted for authentication credentials before accessing the application. Available for all application types.

Basic

Uses username and password credentials. Available for HTTP, HTTPS, RDP, SSH, VNC, TELNET, PSQL, and SMB applications.

Personal Secret
Use the user's own credentials or define a different secret name to prompt the user and store credentials in their personal vault.

  • Select an existing secret name to share credentials across multiple applications
  • Create a new secret name to generate application-specific credentials

Shared Secret
Use a vault-stored secret that applies to all users. The secret is automatically injected when users access the application without prompting for credentials.

Windows

Uses the credentials from the Applications Portal login to access the application through Kerberos authentication.

Forms

For web applications using form-based authentication. Forms-based SSO depends on the specific SSO implementation. Cyolo supports various SSO designs including one-time tokens, CSRF tokens, authentication parameters as headers, and different pre-login and login URLs. Available for HTTP and HTTPS applications.

SamlSP

SAML SP SSO adds an additional layer of protection by acting as a proxy that monitors user activities within a service provider. Available for HTTP and HTTPS applications.

Private Key

Uses a private key and optional username for authentication. Available for SSH applications.

User logon credentials
Uses the credentials from the Applications Portal login to access the application. Users are not prompted for credentials.

Prompt user and store in personal vault
Prompts users for a username and private key when connecting for the first time. Credentials are stored in the user's personal vault and automatically used for subsequent sign-in attempts.

Assign secret from vault
Uses credentials stored by the administrator in the system vault. Users are not prompted for credentials; the stored credentials authenticate automatically in the background.

Updated 28 days ago