Individual product guide pages are laid out below as cards. These are intended to be linked and navigated within the Agilicus AnyX administrative web interface, but are available here for reference.
Administrative users are assigned via System Groups (sysgroups). These allow you to control who can make changes, to what objects.
Frequently Asked Questions about the Agilicus AnyX Product.
Agilicus AnyX Product Updates, Tips, Tricks, Best Practices. Subscribe via Email, follow via RSS, browse periodically. Set your preferences or view online.
Install an Agilicus Connector in a container (e.g. Docker)
Install and diagnose the Agilicus Connector on Microsoft Windows
Install an Agilicus Connector on an OpenWRT-based NanoPi R5S.
The MikroTik RB5009UG+S+IN is a small-form factor router. it is a good vantage point to run the Agilicus Connector.
Install the Agilicus Connector to be high-availability in a Microsoft environment.
Automatically mount a Share, launch a local application. With multi-factor authentication. Without a VPN. Automated rollout to all users.
The Agilicus Connector facilitates connectivity from a private site to external users.
Your organisation has a dynamic workforce, and a dynamic list of applications that they use to be efficient. A self-discovery, self-request workflow is more efficient than a command-and-control model.
An application manages web-based applications, API’s, anything which uses HTTP as a transport. It encompasses a Web Application Firewall, an Identity Proxy, and fine-grained Authorisation and Audit.
Audit records are written for events ranging from authentication, authorisation, and API access. Configure how to receive these.
Authentication audit shows events related to user identity, each step, multi-factor, policies, locations, etc. E.g. ‘sign-in’ obtain id token.
An Authentication Issuer holds and confirms Identity. Configure your own custom ones here.
Authentication rules allow providing conditional-access rulesets during the authentication process. IP range, device, multi-factor, etc.
Create a customised Sign In With Google (for e.g. Workplace with auto-create users)
Azure Active Directory provides an OpenID Connect Federated Identity Endpoint. Learn how to configure.
Billing Billing Billing is managed directly in the Agilicus Platform and you can setup automatic payments from the Billing Tab. Payments are managed and processed through Stripe, no financial information is stored within the Agilicus platform. Your billing cycle will be 30 days in duration, and will be a function of when you first started…
Your application also behaves as an API, used by a CLI or other non-browser-based application. Here you can see how to use via HTTP proxy or token.
Learn how to add an application to the Agilicus platform and connect to VTScada through a zero trust model
The Netgate SG-1100 pfSense is a small-form factor router. it is a good vantage point to run the Agilicus Agent Connector.
The Raspberry Pi makes an excellent platform to install the Agilicus Agent Connector. See the general instructions here.
The Ubiquiti EdgeRouter X (ER-X/ER-X SFP) is a small-form factor router. it is a good vantage point to run the Agilicus Agent Connector.
Content-Security-Policy is a set of headers to protect your application from malicious content in objects, scripts, images, frames, etc.
An Identity-Aware Web Application operates as a proxy, bringing identity, authentication, authorisation on behalf of web applications.
Network Resources may be forwarded from site to site or user to site. This allows you to e.g. expose an ERP or database without a VPN.
It i possible to allow/deny access to individual resources based on the country their inbound IP is coming from.
You can theme the authentication (sign-in) screen your users see. Learn how.
The Agilicus Connector includes a standard container-runtime and automatic installation for Kubernetes. This allows exposing internal Kubernetes services with an OpenID Conect Identity Proxy.
Integration of Resources with the Desktop is achieved through the Launcher. – Mount a Share – Open an SSH – Open a Desktop – Launch an executable
On-premise legacy active directory with ADFS can act as an OpenID Connect Identity Provider. Learn how to configure.
The instructions to install the Agilicus Agent Connector are nearly identical on various Unix operating systems. This includes desktops, servers, and embedded devices.
Your firewall blocks all but specific outbound IP access. Your Let’s Encrypt or other certificates are not checking CRL or OCSP revocation. Here we show how to resolve.
Deploy with Microsoft ClickOnce. Secure with Agilicus Zero Trust. Single-Sign-On, no VPN. Seamless end user experience.
Multi-factor authentiction. Configure how, when, how often, users are required to supply a 2nd factor to sign in.
Organisation Organisation An organisation (tenant, project in some other systems) is a span of control, of permissions, of users. Each organisation has: Identity Issuers (for authentication) Administrative users (sysgroups) Billing For sophisticated use cases, an Organisation can have sub-organisations. This allows delegating control or segregating use cases. Organisations can share users (e.g. the same user…
Permissions. Per user, per group, per application. Permissions can be by HTTP method, parameters. Fine-grained.
End user profile. Access applications, shares. Set up multi-factor authentication.
The Raspberry PI (with Raspbian) comes pre-installed with a VNC-like server. This can be configured to support standard authentication and used via Agilicus Any-X
Resource groups are a means of applying a common configuration across a set of resources (connectors, applications, shares, etc)
A Resource is an individually-permissioned object. Users or Groups may be granted various Roles on a Resource (Network, Share, …)
Resources – Overview, Concepts Resources – Overview, Concepts
A service account is a specific subset of permissions assigned to a non-human user. The most common use is the Agilicus Agent Connector.
A ‘service’ is a global resource (usually TCP) available from your domain of control to web applications running in the platform.
Shares are a means of taking a directory on a local server and making the contents available to any user, without a VPN and with out a client.
Agilicus Platform provides Zero-Trust hosting and access, simply, securely. Any user, any device, any network. Strong identity.
Sign in with Apple allows you to use resources through the Agilicus platform authenticated by an Apple ID.
Sign in with Microsoft to the Agilicus Platform. Ramificatiosn of Shared vs your own Azure Active Directory Application.
You can theme the authentication (sign-in) screen your users see. Learn how.
Restrictive firewalls (e.g. Palo Alto SSL) may filter by SNI (hostname) in outbound direction and break Signup. See how to configure.
Theory of Operation: CNAME + DOMAIN Setup Planning: Domain Name (CNAME) Setup When creating a new Organisation through the Signup process, you are asked 2 questions: “Organisation/Company/Account Name” “DNS Domain” On the “DNS Domain” you have 2 choices: “I have my own domain name” “I will use an Agilicus-supplied domain name” The “Organisation/Company/Account Name” is…
Proper time synchronisation is important for encryption and access control. Access tokens have a not-before/expiry date that must be understood.
Platform usage metrics are available showing top-users and overall active counts.
Users Concepts User A “User” is an identity which has a set of authorisations, a set of permissions. A user may be identified by one or more Identity Providers (e.g. Azure Active Directory, Google, Apple, etc.) Users’ may be collected into groups, and, groups behave the same as a user for permission purposes. Groups may…
The VNC Desktop feature allows browser-based use of remote graphical-oriented resources. This can include traditional operating systems like Windows, Linux, MacOS, but, also, includes embedded devices such as HMI.
Simplify and secure your Desktop Access. Fine-grained authorisation per Desktop. Any user, from any identity provider. No public IP needed.