Integration with DaaS monitor

Secure Private Access is integrated with Monitor, the monitoring and troubleshooting console for Citrix DaaS. Administrators and help-desk personnel can monitor and troubleshoot Web/SaaS and TCP/UDP app sessions and events from the DaaS Monitor, in addition to the Secure Private Access dashboard.

Service entitlements

To use the DaaS Monitor feature with Secure Private Access, you must have both Secure Private Access and DaaS entitlements.

Supported clients

  • Citrix Workspace app - 2409 and later
  • Citrix Secure Access for Windows - 24.8.1.19 and later
  • Citrix Secure Access for macOS - 24.10.1 and later

How to access Monitor

You can access Monitor from the Secure Private Access dashboard (Go to Monitor) or from the Citrix DaaS service tile.

In the Monitor page, search for the user to view the sessions.

Session definitions

For the DaaS Monitor context, the app session start and end are defined as follows:

Web/SaaS app sessions

The session start and end for Web/SaaS apps is defined as follows:

  • Start: Citrix Enterprise Browser is opened in the Citrix Workspace app and applications are accessed.
  • End: A session ends in the following scenarios.
    • You close the Citrix Enterprise Browser.
    • After 30 minutes of inactivity, if no session activity is reported.

      The Citrix Enterprise Browser client sends a session activity to Monitor every 15 minutes to Monitor. If this session activity is not received for 30 minutes, which might occur due to reasons such as:

      • Network failure.
      • Internet connectivity issues.
      • Session is automatically closed after the 30-minute interval without session activity.

    Note:

    For apps launched through native browsers (agentless), the session ends after 120 minutes of inactivity.

TCP/UDP app sessions

The session start and end for TCP/UDP apps is defined as follows:

  • Start: You log in to the Citrix Secure Access client and access the apps.
  • End: A session ends in the following scenarios.
    • You log out of the Citrix Secure Access client.
    • After 30 minutes of inactivity, if no session activity is reported.

View user sessions

Perform the following steps to view a user session:

  1. Search for a user to view the sessions.

    • The Select a session page displays all active sessions. If you do not find your session in the Active Sessions tab, check in the Denied Access tab.
    • The Ended Sessions and Failed Sessions tabs are not applicable to Secure Private Access.

    Select a session

  2. In the Active Sessions tab, click the session ID to view the details of the session.

    The Activity Manager page appears.

  3. Click one of the following tabs:

    • Launched apps: View all applications launched by the user and the results (allow or deny) of the access policy evaluation.

      If an application was accessed multiple times in the same session, only the latest launch details are captured.

    • Available Apps: View app enumeration details of all the applications that were launched by this user.

      • If multiple enumeration requests were sent by Citrix Workspace app for a user, only the latest enumeration details are captured.
      • For TCP/UDP apps (web and ZTNA), although there is no concept of app enumeration, all apps configured and associated with the user are listed in the Available Apps list.
      • The Available Apps list does not contain external apps that are enumerated through the Citrix Secure Access client as they are not tunneled by Secure Private Access.
      • For the Citrix Secure Access agent, the Available Apps list only displays only the internal web and TCP/UDP apps.

Activity manager

Application topology

When you click an app from the Launched Apps or Available Apps tabs, the application topology page appears, displaying complete information about the app.

  • Session Topology: Displays the app launch flow.

  • About: Displays app-related information such as app type, number of policy rules, security restrictions, and accessed resources. The data that appears in the Accessed Resources section varies depending on the app type.

    • SaaS apps - URL or the app FQDN
    • TCP/UDP – IP address/FQDN, port, and protocol
    • Web app (launched via Citrix Secure Access client) - FQDN, port, and protocol
    • Web app (launched via Citrix Workspace) - URL
  • Policy evaluation: Displays information related to the access policy, such as rules, actions, and conditions.
  • Session Details: Displays information related to the session, including session start and end time, session state, and contextual tags associated with the policy.
    • The Domains Visited field is applicable only for the Web/SaaS apps and is updated only after 15 minutes, as the Citrix Enterprise Browser clients on macOS and Windows send session activity every 15 minutes.
    • The Session Details column section remains empty for apps clicked from the Available Apps tab, as app enumeration is not associated with a session.

The following figure displays a sample topology diagram for a successfully launched app.

Application topology of a launched app

The following figure displays a sample topology diagram for an access denied app.

Application topology of an access denied app

Integration with DaaS monitor