App Gateway

This topic describes the use case for the App Gateway feature.

Additional licenses might be required to enable this feature. Contact your CyberArk account representative for more information.

You can configure on-premise applications so that your users can securely access them from outside of your corporate network. Currently, you can require a VPN connection for application access by applying an access policy to the application. VPN connections are relatively straightforward to set up for your entire network, but configuring them to allow or not allow specific applications can be a lot of work. With App Gateway, you can configure on-premise applications for off-site access without requiring a VPN connection.

When users launch an application through a VPN connection, the connection travels an additional pathway. With most VPN connections, the user can access most applications and servers on the corporate network, even if they don’t need to do so. If your users need to visit other corporate networks, such as when your sales or other teams visit your customers, your users may not be able to easily launch a VPN connection. And, using VPN connections to access applications off-site can increase the traffic through your VPN tunnel.

For your users, the experience is simple—they enter the application URL and can directly launch the application. In most cases, you’ll want to configure the application so that your users can use the same URL to access the application whether they’re on the internal network or outside the corporate network.

For applications that use the App Gateway, the connection from the user travels the same network pathways that you already have: CyberArk Identity connects to the CyberArk Identity Connector through the firewall, the CyberArk Identity Connector connects to your on-premise directory service, and your on-premise application uses your directory service for authentication and authorization.

In this section: