Technical overview

Citrix Secure Private Access on-premises is a customer-managed Zero Trust Network Access (ZTNA) solution that provides VPN less access to Internal web and SaaS applications with the following along with a seamless end-user experience:

  • Least privilege principle
  • Single sign-on (SSO)
  • Multifactor authentication
  • Device posture assessment
  • Application-level security controls
  • App protection features

The solution leverages the StoreFront on-premises and Citrix Workspace app to enable a seamless and secure access experience to access web and SaaS apps within Citrix Enterprise Browser. This solution also leverages the NetScaler Gateway to enforce authentication and authorization controls.

Citrix Secure Private Access on-premises solution enhances an organization’s overall security and compliance posture with the ability to easily deliver zero-trust access to browser-based apps (internal web and SaaS apps) using the StoreFront on-premises portal as a unified access portal to web and SaaS apps, along with virtual apps and desktops as an integrated part of Citrix Workspace.

Citrix Secure Private Access combines the elements of NetScaler Gateway and StoreFront to deliver an integrated experience for end users and administrators.

Functionality Service/Component providing the functionality
Consistent UI to access apps StoreFront on-premises/Citrix Workspace app
SSO to SaaS and Web apps NetScaler Gateway
Multifactor Authentication (MFA) and device posture (aka End-Point Analysis) NetScaler Gateway
Security controls and App protection controls for web and SaaS apps Citrix Enterprise Browser
Authorization policies Secure Private Access
Access enforcement NetScaler Gateway and Citrix Secure Access clients
Configuration and Management Secure Private Access
Visibility, Monitoring, and Troubleshooting Secure Private Access, NetScaler Console (formerly ADM), and Citrix Director


This illustration shows the components of a typical Secure Private Access deployment.

Key components

For information about each component, see Key components.

Technical overview