Provision Gitlab

Objective: Provision an application for Skyhigh Private Access (SPA)


Define the GitLab applicaiton in Private Access

  1. From the Skyhigh SSE Console, from the configuration gear select Infrastructure > Private Access Configuration Navigate PA Configuration Navigate PA Configuration
  2. On the Authentication page, disable SAML if it’s enabled New Gitlab Rule New Gitlab Rule
  3. From the Applications tab, click Add Application Add Application Add Application
  4. Define your gitlab application as follows: - Name: Gitlab - Protocol: HTTP - Host: Your internal Gitlab DNS name - Port: 80 - Application Group: WorkshopApps
  5. Next to Assign Connector Groups click select and the check the box next to your WorkshopConnector (this is the SSE MicroPoP). Application Properties Application Properties
  6. Click Save.

Allow access to GitLab in your Private Access Policy

  1. From the top navigation bar, select Policy > Access Control > Private Access Policy Navigate PA Policy Navigate PA Policy
  2. If you see an existing rule related to GitLab, delete it using the 3-dot menu on the right hand side of the entry (this is a bug in the lab) Delete Existing Gitlab Rule Delete Existing Gitlab Rule
  3. Click the New Rule button
  4. Configure a new Private Access Rule as follows: - Name: GitLab Private Access - Criteria: If Application - Operator: is - Value: Gitlab - Action: Allow - On/Off: On (green) New Gitlab Rule New Gitlab Rule

Publish your policy

(Hint: The yellow shield)

Please compare the SCP policy revision in the SSE GUI with the active one at the client to ensure that you can reach your new application before you go to the next section and test.

  1. From the Skyhigh SSE Console, from the configuration gear select Infrastructure > Client Proxy Management and select your Default Policy under Configuration Policies - note your Revision ID SCP Revision SCP Revision
  2. Next, switch to your Client (RDP) and search for About Skyhigh Client Proxy About SCP About SCP
  3. Compare the revision ID shown with the ID from the SSE Console - if they match you are good to go About SCP Revision About SCP Revision

In case the policy version on the client is not the same as in the Skyhigh SSE Console:

  1. You can simply reboot the computer you connected to via RDP/Guacamole. A reboot always triggers a policy update and is quickly done in this environment