Use the Citrix Secure Internet Access (CSIA) configuration policy portal to configure cloud connectors and security policies, and to monitor reports and logs.

To access the configuration policy portal:

  1. Sign in to Citrix Cloud

  2. On the Secure Internet Access tile, select Manage

  3. In the navigation pane, select Configuration

    The Configuration page also lists the details about the cloud nodes that have been configured for you. All the configurations that you perform are connected to these nodes.

  4. Select Open Citrix SIA Configuration to view the configuration policy portal and start configuring the features and security policies

Configuration page

How to get help on configuration

For instructions on configuration or help with any configuration page, you can do one of the following:

  • Access help documentation. On the top right corner of the configuration policy portal, click the menu (where your name appears) and select HelpDocs. You can view the complete help documentation.


    The help documentation includes references to iboss terminology, iboss user interface elements, iboss features not supported by Citrix, and iboss Support information.

    Review the following article before using the help documentation: Citrix Secure Internet Access and iboss integration. You can access this article only after signing in to Citrix Secure Internet Access.

  • Access contextual help. At the top right corner of each configuration page, select the help icon (?) to view the help documentation pertaining to that page.

  • Contact Citrix Support. Sign in with your Citrix account and open a support case, start a live chat, or explore other options available for receiving help.

Configure Citrix Secure Internet Access Cloud Connector agents

The CSIA Cloud Connector agents are software agents that redirect Internet traffic through Citrix Secure Internet Access.

After your onboarding process is complete, do the following:

  • Install CSIA Cloud Connector agent on Virtual Delivery Agent (VDA): To securely access unsanctioned web and SaaS applications from virtual desktops on Citrix Workspace, configure CSIA Cloud Connector agents to redirect traffic through Citrix Secure Internet Access.

    For detailed configuration steps, see Citrix Secure Internet Access with Citrix Virtual Apps and Desktop.

  • Install CSIA Cloud Connector agent on your host device: To securely access direct Internet traffic from your host systems such as laptop and mobile devices, install Cloud Connector agents on each device.

Configure tunnels for branch office

If you have a Citrix SD-WAN deployment in your branch office, you must configure IPSEC or GRE tunnels. This redirects branch traffic to unsanctioned web and SaaS applications through Citrix Secure Internet Access. You use Citrix SD-WAN Orchestrator to configure tunnels.

On Citrix SD-WAN Orchestrator, the Citrix Secure Internet Access service is available in Configuration > Delivery Services > Service and Bandwidth.


The service link is only visible if you are an SD-WAN Orchestrator customer and have Citrix Secure Internet Access entitlement.

CSIA in SD-WAN Orchestrator

The configuration includes the following high-level steps:

  1. Create a Citrix Secure Internet Access service by specifying the bandwidth percentage and provisioning percentage for the Internet Links.

  2. Add and map SD-WAN sites to the Citrix Secure Internet Access service and select the appropriate tunnel (IPSEC or GRE). Then, activate the configuration to enable tunnel establishment between Citrix SD-WAN and the Citrix Secure Internet Access PoP.

  3. Create application routes to steer traffic through the tunnels.

For detailed instructions, see Delivery services - Citrix Secure Internet Access service.

User reallocation

You can minimize latency for users in particular locations by redistributing cloud nodes within a geographical region.

You can make a request to redistribute both reporting nodes that collect usage data and gateway nodes that perform security functions. Citrix aims to deliver nodes closest to users based on node availability.


Reallocation of nodes causes a brief disruption in the service. The operation is typically performed immediately after account activation, before client connectors are configured and distributed. Citrix recommends that you request reallocation of nodes at the beginning of the deployment to realign the nodes closest to users, and to reallocate nodes infrequently.

You can also move users between nodes or add them to a node if they aren’t already allocated to a node.

Request reallocation of users

To view, redistribute, and maintain nodes, navigate to the Configuration tab in the left side menu and select Request re-allocation of users above the table.


You can only redistribute nodes within the same geographical region.