Settings
View connector health and conditional access tier configuration.
The Settings section gives you a read-only view of the underlying infrastructure that Cetegra Connect depends on: the on-premises connectors that route traffic, and the conditional access policies that enforce authentication requirements.
As a Global Secure Access Viewer, you can view the status and configuration of both — but you cannot make changes. Contact your Cetegra administrator if anything needs to be updated.
Connectors
Connectors are lightweight Windows services installed on servers in your internal network. They establish outbound connections to Microsoft infrastructure and route GSA client traffic to the internal resources defined in your Connections.
The Connectors view shows two levels:
Connector groups
Connectors are organised into connector groups. Each enterprise application (connection) is assigned to one group, so all traffic for that application is routed through the connectors in that group.
For each group you can see:
| Field | Description |
|---|---|
| Name | The connector group name |
| Status | Active (at least one healthy connector) or degraded |
| Connector count | Total connectors in the group |
| Active / Inactive | Breakdown of healthy vs. unreachable connectors |
Individual connectors
Expand a group to see its connectors. For each connector:
| Field | Description |
|---|---|
| Name | The Windows server hostname the connector is installed on |
| Status | Active or Inactive |
| Version | Connector software version (auto-updated by Microsoft) |
| Last heartbeat | When the connector last checked in |
What to watch for
- Inactive connector — the connector service may have stopped or the server is unreachable. Report to your Cetegra administrator.
- All connectors inactive in a group — users will lose access to any application assigned to this group. Escalate immediately.
- Only one active connector in a group — no redundancy. Not critical, but worth flagging.
Conditional Access
Conditional access policies enforce authentication and device requirements before a user’s GSA client can reach an application. Cetegra Connect uses a tiered model — each tier adds progressively stronger requirements.
The Conditional Access view shows all configured tiers and their current status in Microsoft Entra.
Tier reference
| Tier | Name | Requirements |
|---|---|---|
| Tier 1 | Minimal | GSA client + group membership |
| Tier 2A | Standard MFA | + Multi-factor authentication |
| Tier 2B | Passwordless MFA | + Windows Hello or FIDO2 |
| Tier 2C | Phishing-resistant | + FIDO2 or certificate-based auth |
| Tier 3 | Standard compliance | + Intune-compliant device |
| Tier 4 | High security | + Trusted location or IP restriction |
Each Connection is assigned one tier. To see which tier an application uses, open the connection’s detail view.
Policy status
Each tier corresponds to an Entra conditional access policy. The status column shows whether the policy is:
| Status | Meaning |
|---|---|
| Enabled | Policy is active and enforcing requirements |
| Report-only | Policy is evaluating but not blocking — used during rollout |
| Disabled | Policy is not active — access requirements are not enforced |
If a policy shows Disabled or Report-only for a tier assigned to a sensitive application, report this to your Cetegra administrator.
Conditional access policies are created and maintained by Cetegra. Do not edit them directly in Microsoft Entra, as this may break the tier configuration.