Key concepts

Administrators

An administrator is a user with access to the Private Access management portal, responsible for making administrative changes to the service or viewing reports.

Policies

A policy is a set of access control rules applied to network traffic that is directed through the service. Policy rules control which users and groups are permitted to access resources.

Private applications

Private applications can be defined to link your internal applications with a secure, private external footprint allowing remote users to access internal applications according to your private applications policy. Each private application is associated with a site, an internal address and port, and an external FQDN.

Resources

Resources are reusable elements that are used to configure policies. Resources can be user-configured (such as IP address lists), or system-defined (such as countries).

Users

An individual end user or endpoint whose network traffic or web requests are routed through the service. Policies can be applied to users, and user activity can be shown in reports. Users are added to the service using SCIM integration with your identity provider.

User groups

User groups provide a method of organizing end users, in order to apply policy settings and exceptions per user group. User groups are added to the service using SCIM integration with your identity provider.

Authentication

Users are identified and authenticated by the Web Security Endpoint client, or using a supported third-party identity provider (IdP), using SAML-based single sign-on.

Sites

For remote access to internal applications, a site is an application hosting location such as a data center, or a cloud-based application hosting service. Private application sites are connected to the service using IPsec tunneling to forward access requests from your remote users to your internal applications.

Traffic tunneling

IPsec tunnel connections are used to forward private application traffic from the service to your application hosting sites.

Forcepoint recommends that you configure two tunnels for each site for connection redundancy.

Web Security Endpoint

A lightweight endpoint client that can be installed on users' machines to direct traffic to the service for policy enforcement and onward routing. Private Access supports the Forcepoint One Endpoint (proxy connect) for Windows.