Citrix Secure Private Access

CSV-based applications import tool - Preview

January 1, 2025

Contributed by:

The Secure Private Access admin console includes a CSV-based import tool that allows administrators to bulk import multiple applications into the system using a CSV file. This tool is especially useful for organizations shifting from a traditional VPN to a more advanced solution like Secure Private Access. For example, organizations can use this tool to migrate applications previously delivered over a VPN to Secure Private Access, enabling a seamless shift to a ZTNA-based architecture. Bulk upload of apps enables the organizations to eliminate the need for manual, one-by-one configuration. It also streamlines the process of managing internal applications and granting access to remote users.

How the import works

Here are the high-level steps that an admin must perform when using the CSV-based applications import tool:

VPN-SPA-migration

Prepare the CSV file: Populate the application details in the CSV file. This includes the application name, routing type, resource location, and other relevant parameters. See Preparing the CSV file.
Import the CSV file: Import the completed CSV file into the Secure Private Access console.
Review the app details: Review and validate the imported application data.
Update the routing and resource location: Review and update the routing type and resource location details, if required. Ensure that at least one connector is up in the specified resource location.
View the applications in the Applications page: View the imported applications in the Applications page. Check if all the applications that you had selected for import are imported successfully.

This structured process ensures a thorough migration and proper configuration of applications for secure and seamless access within the Secure Private Access environment.

Preparing the CSV file

Download the CSV file from the Secure Private Access console.

Navigate to Applications > App Configuration.
Click Import Applications.
In Learn how to import using:, click the CSV icon.

The Import using CSV page appears. This page contains the CSV file that you must download and then populate the app details. The page also displays information on the app data that must be entered.

Click Download examples to view a sample CSV file with the data.

Note the following points when preparing the CSV file:

The App Location must be one of the following values:
- Inside Corporate Network
- Outside Corporate Network
The App Type can be one of the following values:
- SaaS
- HTTP/HTTPS
- TCP/UDP
The Routing Type must be the following values based on the app type.

SaaS - External HTTPS/HTTPS and TCP/UDP - Internal via Connector
Mandatory fields:
- SaaS and HTTP/HTTPS - App Name, App Location, App Type, URL, Related Domains, Routing Type, and Resource Location.
- TCP/UDP - App Name, App Location, App Type, Destination/Port/Protocol, Routing Type, and Resource Location.
- The destination, port, and protocol must be formatted as:
  - Destination:Port:Protocol. Example: 192.0.2.254:5050:PROTOCOL_TCP.
  - If there are multiple destinations, ports, and protocols, separate them with commas.
    
    Example: 192.0.2.254:5050:PROTOCOL_TCP,2.2.2.2:1-65535:PROTOCOL_UDP.
  - The destination can be an IP address, IP address range, CIDR, host name, domain, or FQDN.
  - The port can be a single port (example 5050) or a port range (example 1–65335).
  - The protocol must be specified in the format PROTOCOL_TCP or PROTOCOL_UDP.
Optional fields: Description, Category.
The column names are case sensitive and must not be modified/edited.
The columns must not be interchanged or deleted.

Steps to migrate applications using the CSV-based tool

You can import applications while setting up Secure Private Access or after the setup is complete.

On the Secure Private Access service tile, click Manage.
In the Overview page, click Continue.
Set up identity and authentication for the users to log in to Citrix Workspace. For details, see Set up identity and authentication.
In Step2: Applications page, click Import application.

Alternatively, if your Secure Private Access is already set up, click Import the application from the Applications page (Secure Private Access > Applications).
Upload the CSV file. You can either drag-and-drop the CSV file here or browse to select it.
Note:
- If the CSV file has no errors, the Next: Review Applications button is enabled.
- If the CSV file contains errors, they are displayed in a tabular format. You must correct the errors and re-upload the CSV. The Next: Review Applications button becomes available only after the updated file with no errors is uploaded.
- If you upload the same CSV with additional applications, only the diff is imported.
Select the applications that you want to import.

If an application with the same domain or wildcard domain already exists, that application is disabled for import. You cannot select those applications.
Click Next: Review Connectivity.
The Next: Review Connectivity button is enabled only if at least one application is selected.
Review and update the connectivity settings. Make necessary changes to routing type and resource locations, if required.
Note:
- If the specified resource location does not exist, the first resource location available in the list of resource locations associated with the customer is selected by default. if the Connector Appliance in the specified resource location is not up, the application creation fails.
Click: Next: Import.

The Summary page displays the imported application details. These applications are also added to the list of applications in the Applications page.
Click Go to Applications to view the imported applications in the Applications page.

Important:

The following issues can cause import or application creation failures:

Modifications or changes to the column names or their casing.

Deletion or swapping of the columns in the CSV file.

Missing mandatory application fields in the CSV file.

An empty CSV file or a CSV file that contains only column names is imported. For an empty file, an error message appears. If the file contains only column names, the Next button remains disabled.

No Connector Appliance is available in the resource location specified in the CSV file.

Migration flow

Known issues

The HTTP, HTTPS, and SaaS apps creation might fail because of an issue with the related domains entry. The related domain requires a comma at the end of the related domain for each app in the CSV file. For example;

*.bpm.sun.ac.za,
*.sufmprod.sun.ac.za, *.abc.local,
*.info.myinfo.net, *.code.mycode.net, *.issues.myissue.net,

References

Refer to the following topics for information on creating applications in Secure Private Access.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

CSV-based applications import tool - Preview

January 1, 2025

Contributed by:

January 1, 2025

Contributed by:

CSV-based applications import tool - Preview

How the import works

Preparing the CSV file

Steps to migrate applications using the CSV-based tool

Known issues

References

In this article