Use the Citrix Secure Internet Access (CSIA) configuration policy portal to configure cloud connectors and security policies and to monitor reports and logs.

To access the configuration policy portal

  1. Sign in to Citrix Cloud.

  2. On the Secure Internet Access tile, click Manage.

  3. In the navigation pane, click Configuration.

    The Configuration page also lists the details about the cloud nodes that have been configured for you. All the configurations that you perform are connected to these nodes.

  4. Click Open Citrix SIA Configuration to view the CSIA configuration policy portal and start configuring the features and security policies.

Configuration page

How to get help on configuration

For instructions on configuration or help with any configuration page, do one of the following:

  • Access help documentation. On the top right corner of the CSIA configuration policy portal, click the drop-down menu (where your name appears) and select HelpDocs. You can view the complete help documentation.


    The help documentation includes references to iboss terminology, iboss user interface elements, iboss features not supported by Citrix, and iboss Support information.

    Review the following article before using the help documentation: Citrix Secure Internet Access and iboss integration. You can access this article only after signing in to Citrix Secure Internet Access.

  • Access contextual help. At the top right corner of each configuration page, select the help icon (?) to view the help documentation pertaining to that page.

  • Contact Citrix Support. Sign in with your Citrix account and open a support case, start live chat, or explore other options available for your help.

Configure Citrix Secure Internet Access Cloud Connector agents

The CSIA Cloud Connector agents are software agents that redirect Internet traffic through Citrix Secure Internet Access.

After your onboarding process is completed, do the following:

  • Install CSIA Cloud Connector agent on Virtual Delivery Agent (VDA): To securely access unsanctioned web and SaaS applications from virtual desktops on Citrix Workspace, configure CSIA Cloud Connector agents to redirect traffic through Citrix Secure Internet Access

    For detailed configuration steps, see Citrix Secure Internet Access with Citrix Virtual Apps and Desktop.

  • Install CSIA Cloud Connector agent on your host device: To securely access direct Internet traffic from your host systems such as laptop and mobile device, install Cloud Connector agents on each of these devices.

Configure tunnels for branch office

If you have a Citrix SD-WAN deployment in your branch office, you must configure IPSEC tunnels. This redirects branch traffic to unsanctioned web and SaaS applications through Citrix Secure Internet Access. This configuration is done using Citrix SD-WAN Orchestrator.

On Citrix SD-WAN Orchestrator, the Citrix Secure Internet Access service is available in Configuration > Delivery Services > Service and Bandwidth.


The service link is only visible if you are an SD-WAN Orchestrator customer and have Citrix Secure Internet Access entitlement.

CSIA in SD-WAN Orchestrator

The configuration includes the following high-level steps:

  1. Create a CSIA service by specifying the bandwidth percentage and provisioning percentage for the Internet Links.

  2. Add and map SD-WAN sites to the CSIA service and select the appropriate tunnel (IPSEC). Then, activate the configuration to enable tunnel establishment between Citrix SD-WAN and the Citrix Secure Internet Access PoP.

  3. Create application routes to steer traffic through the tunnels.

For detailed instructions, see Delivery services - Citrix Secure Internet Access service.