Agilicus AnyX
Product Guide
Individual product guide pages are laid out below as cards. These are intended to be linked and navigated within the Agilicus AnyX administrative web interface, but are available here for reference.
For information on embedding the Agilicus AnyX platform into your workflow or product, see also the API and SDK.
See, follow, subscribe to a set of articles on tips, tricks, best practices on using Agilicus AnyX, or, see the Frequently Asked Questions (FAQ).
A set of Examples are also available.
Administrative Users
Administrative users are assigned via System Groups (sysgroups). These allow you to control who can make changes, to what objects.
Agilicus AnyX Frequently Asked Questions
Agilicus AnyX Frequently Asked Questions. Configuration, Operation, Use..
Agilicus AnyX Product Updates
Agilicus AnyX Product Updates, Tips, Tricks, Best Practices. Subscribe via Email, follow via RSS, browse periodically. Set your preferences or view online.
Agilicus Connector
The Agilicus Connector facilitates connectivity from a private site to external users.
Agilicus Connector – Container/Docker
Install an Agilicus Connector in a container (e.g. Docker)
Agilicus Connector – Export Certificate
Have a local resource that should be properly TLS encrypted and publicly trusted certificate? The Agilicus Connector can facilitate this.
Agilicus Connector – GL-MT3000 (Beryl AX)
Install an Agilicus Connector on an OpenWRT-based GL-MT3000 Beryl AX
Agilicus Connector – Microsoft Windows
Install and diagnose the Agilicus Connector on Microsoft Windows
Agilicus Connector – NanoPI R5S
Install an Agilicus Connector on an OpenWRT-based NanoPi R5S.
Agilicus Connector – Snap
Install an Agilicus Connector on a Snap-based Ubuntu Core system. Agilicus Connector – Snap
Agilicus Connector Kubernetes
The Agilicus Connector includes a standard container-runtime and automatic installation for Kubernetes.
This allows exposing internal Kubernetes services with an OpenID Conect Identity Proxy. Agilicus Connector Kubernetes
Agilicus Connector Mikrotik Router
The MikroTik RB5009UG+S+IN is a small-form factor router. it is a good vantage point to run the Agilicus Connector. Agilicus Connector Mikrotik Router
Agilicus Connector Windows Cluster
Install the Agilicus Connector to be high-availability in a Microsoft environment.
Agilicus Launcher (Desktop)
Automatically mount a Share, launch a local application. With multi-factor authentication. Without a VPN. Automated rollout to all users.
Application Request Access
Your organisation has a dynamic workforce, and a dynamic list of applications that they use to be efficient. A self-discovery, self-request workflow is more efficient than a command-and-control model.
Applications
Agilicus Web Applications: any web page or API, any user, no VPN, full web-application-firewall authentication
Audit Destinations
Audit records are written for events ranging from authentication, authorisation, and API access. Configure how to receive these.
Authentication Audit
Authentication audit shows events related to user identity, each step, multi-factor, policies, locations, etc. E.g. ‘sign-in’ obtain id token.
Authentication Clients
The Authentication Clients implement OpenID Connect client id. This is an advanced setting, it is rarely required to configure. These are created automatically for each web application.
Authentication Issuer – Custom Identity
An Authentication Issuer holds and confirms Identity. Configure your own custom ones here.
Authentication Issuer – Onsite Identity
An Authentication Issuer holds and confirms Identity. Configure your own custom ones here.
Authentication Rules
Authentication rules allow providing conditional-access rulesets during the authentication process. IP range, device, multi-factor, etc.
Auto-Create Users From Specific Domain With Google Workplace
Create a customised Sign In With Google (for e.g. Workplace with auto-create users)
Azure Active Directory
Azure Active Directory provides an OpenID Connect Federated Identity Endpoint. Learn how to configure.
Billing
BillingUpdate address, payment information Billing is managed directly in the Agilicus Platform and you can setup automatic payments from the Billing Tab. Payments are managed and processed through Stripe, no financial information is stored within the Agilicus platform. CONTACT ✉ Billing Billing is managed directly in the Agilicus Platform and you can setup automatic payments…
Cisco IOx Zero Trust Connector Install
Cisco IOx Zero Trust . Configure a Cisco IR1101 IOx with Agilicus Connector. Zero Trust Remote Access to it, to IoT beyond it.
Command Line API Access
Your application also behaves as an API, used by a CLI or other non-browser-based application. Here you can see how to use via HTTP proxy or token.
Connect to VTScada – Adding a Web Application
Learn how to add an application to the Agilicus platform and connect to VTScada through a zero trust model
Connector Install: Netgate SG-1100 pfSense
The Netgate SG-1100 pfSense is a small-form factor router. it is a good vantage point to run the Agilicus Agent Connector.
Connector Install: Raspberry Pi
The Raspberry Pi makes an excellent platform to install the Agilicus Agent Connector. See the general instructions here.
Connector Install: Ubiquiti EdgeRouter X
The Ubiquiti EdgeRouter X (ER-X/ER-X SFP) is a small-form factor router. it is a good vantage point to run the Agilicus Agent Connector.
Content Security Policy
Content-Security-Policy is a set of headers to protect your application from malicious content in objects, scripts, images, frames, etc.
Define Application: Proxy
An Identity-Aware Web Application operates as a proxy, bringing identity, authentication, authorisation on behalf of web applications.
Forwarding
Network Resources may be forwarded from site to site or user to site. This allows you to e.g. expose an ERP or database without a VPN.
Geo-Location-Based Access Control
It i possible to allow/deny access to individual resources based on the country their inbound IP is coming from.
Groups
GroupsSimplify Permissions Assignment Lorem Ipsum CONTACT ✉ Groups Want Assistance? The Agilicus team is here for you. The ‘Chat’ icon in the lower left, here, or in the administrative web page, goes to our team. Or, feel free to email support@agilicus.com Not yet a customer? The TRY NOW button will walk you through the process….
Hosted Applications
An application manages web-based applications, API’s, anything which uses HTTP as a transport.
It encompasses a Web Application Firewall, an Identity Proxy, and fine-grained Authorisation and Audit.
Identity & Authentication Methods
You can theme the authentication (sign-in) screen your users see. Learn how.
Identity Group Mapping
Identity Group MappingInbound map on sign-on Lorem Ipsum CONTACT ✉ Identity Group Mapping Want Assistance? The Agilicus team is here for you. The ‘Chat’ icon in the lower left, here, or in the administrative web page, goes to our team. Or, feel free to email support@agilicus.com Not yet a customer? The TRY NOW button will…
Labels
Labels Users, Resources may have an arbitrary set of text-based labels. These labels can be used for a variety of purposes, including showing alternate hierarchy in Profile, viewing filters in alarms, setting downtime, etc. GET IN TOUCH SIGNUP Overview
Launchers
Integration of Resources with the Desktop is achieved through the Launcher.
– Mount a Share
– Open an SSH
– Open a Desktop
– Launch an executable
Legacy Active Directory
On-premise legacy active directory with ADFS can act as an OpenID Connect Identity Provider. Learn how to configure.
Linux, FreeBSD, Embedded Connector Install
The instructions to install the Agilicus Agent Connector are nearly identical on various Unix operating systems. This includes desktops, servers, and embedded devices.
Locked-Down Networks Certificate Revocation
Your firewall blocks all but specific outbound IP access. Your Let’s Encrypt or other certificates are not checking CRL or OCSP revocation.
Here we show how to resolve.
Microsoft ClickOnce
Deploy with Microsoft ClickOnce. Secure with Agilicus Zero Trust. Single-Sign-On, no VPN. Seamless end user experience.
Moxa UC-8200 Zero-Trust Connector Install
Moxa UC-8200 Zero-Trust. Configure a Moxa UC-8200 Industrial PC with the Agilicus Agent Connector.
Multi-Factor Authentication
Multi-factor authentiction.
Configure how, when, how often, users are required to supply a 2nd factor to sign in.
Organisation
OrganisationSegmented Ownership An organisation (tenant, project in some other systems) is a span of control, of permissions, of users. CONTACT ✉ Organisation An organisation (tenant, project in some other systems) is a span of control, of permissions, of users. Each organisation has: Identity Issuers (for authentication) Administrative users (sysgroups) Billing For sophisticated use cases, an…
Profile
End user profile. Access applications, shares. Set up multi-factor authentication.
Real VNC & Raspberry Pi
The Raspberry PI (with Raspbian) comes pre-installed with a VNC-like server. This can be configured to support standard authentication and used via Agilicus Any-X
Resource Groups
Resource groups are a means of applying a common configuration across a set of resources (connectors, applications, shares, etc)
Resource Labels
Resource Labels are used to create hierarchy, grouping. Use them to create folders in Profile.
Resources – Overview, Concepts
ResourcesOverview, Concepts Lorem Ipsum CONTACT ✉ Want Assistance? The Agilicus team is here for you. The ‘Chat’ icon in the lower left, here, or in the administrative web page, goes to our team. Or, feel free to email support@agilicus.com Not yet a customer? The TRY NOW button will walk you through the process. CONTACT US…
Service Accounts
A service account is a specific subset of permissions assigned to a non-human user. The most common use is the Agilicus Agent Connector.
Services
A ‘service’ is a global resource (usually TCP) available from your domain of control to web applications running in the platform.
Shares
Shares are a means of taking a directory on a local server and making the contents available to any user, without a VPN and with out a client.
Sign Up
Agilicus Platform provides Zero-Trust hosting and access, simply, securely. Any user, any device, any network. Strong identity.
Sign in With Apple
Sign in with Apple allows you to use resources through the Agilicus platform authenticated by an Apple ID.
Sign in With Microsoft
Sign in with Microsoft to the Agilicus Platform. Ramificatiosn of Shared vs your own Azure Active Directory Application.
Sign-In Theming
You can theme the authentication (sign-in) screen your users see. Learn how.
Signup: Firewall Configuration
Restrictive firewalls (e.g. Palo Alto SSL) may filter by SNI (hostname) in outbound direction and break Signup. See how to configure.
Sub Organisation Issuer
You can now create an issuer for a suborganisation from a parent organisation. Doing so will bring up a new admin/profile endpoint for the suborganisation, at the suborganisation’s subdomain. E.g. admin.suborg.myorg.cloud.
Theory of Operation: CNAME + DOMAIN
Theory of operation: initial setup, choose a domain name, set the CNAME wildcard.
Time Synchronisation
Proper time synchronisation is important for encryption and access control. Access tokens have a not-before/expiry date that must be understood.
Usage Metrics
Platform usage metrics are available showing top-users and overall active counts.
Users
USERSPutting the WHO to work A User is an identify which can authenticate against the Agilicus AnyX platform CONTACT ✉ Concepts User A “User” is an identity which has a set of authorisations, a set of permissions. A user may be identified by one or more Identity Providers (e.g. Azure Active Directory, Google, Apple, etc.)…
VNC Desktop
The VNC Desktop feature allows browser-based use of remote graphical-oriented resources. This can include traditional operating systems like Windows, Linux, MacOS, but, also, includes embedded devices such as HMI.
Web Application Security
<mark style=”background-color:rgba(0, 0, 0, 0)” class=”has-inline-color has-neve-link-color-color”>Web Application Security</mark>XSS, CSRF, … Lorem Ipsum CONTACT ✉ Web Application Security Want Assistance? The Agilicus team is here for you. The ‘Chat’ icon in the lower left, here, or in the administrative web page, goes to our team. Or, feel free to email support@agilicus.com Not yet a customer?…
Zero-Trust Desktop Access
Simplify and secure your Desktop Access. Fine-grained authorisation per Desktop. Any user, from any identity provider. No public IP needed.
Zero-Trust SSH Access
Simplify your SSH access with Zero Trust. Direct access to any internal server, cloud VPC or VLAN without changing firewall.