About Clientless Access
Skyhigh Private Access secures access from unmanaged devices through clientless, browser-based deployment. In this approach, you need not install Client Proxy software on the end user devices. Skyhigh Private Access leverages reverse proxy SAML configuration that is integrated with an identity provider to establish secure connection with the unmanaged devices.
When users tries to access a private application, the request is sent to the tenant's public DNS server. The DNS server resolves the private application's name based on the mapped CNAME record and prompts the user to provide email address on the SSE page. Based on the email address, the traffic is directed for user authentication through SAML. The user can access the private application upon successful authentication. For information about enabling browser access, see Enable Clientless Access for Private Applications.
In the Private Access Policy page, Device Profile, Location, and Process Name Criterias are not supported for clientless access.