Documentation
Access Guide

Web Application Access

Secure access to internal web applications with SSO, JWT authentication, and fine-grained access control. No VPN required.

Estimated time: 10 minutes

Key Features

Single Sign-On

One login for all internal applications

JWT Authentication

Pass identity to apps via JWT headers

Session Logging

Log all application access

Fine-Grained RBAC

Control access by app, team, and role

Common Use Cases

Internal dashboards (Grafana, Kibana)
Admin panels and back-offices
CI/CD tools (Jenkins, ArgoCD)
Documentation sites
Development environments
Legacy applications

Setup Steps

1

Register a Web Application

Add your internal web application to TigerAccess.

tacctl create -f - <<EOF
kind: app
metadata:
  name: grafana
  labels:
    env: production
    team: platform
spec:
  uri: http://grafana.internal:3000
  public_addr: grafana.company.com

  # Optional: rewrite headers
  rewrite:
    headers:
      - name: X-Forwarded-User
        value: "{{internal.user}}"
EOF
2

Configure Application Role

Define who can access which applications.

tacctl create -f - <<EOF
kind: role
metadata:
  name: app-developer
spec:
  allow:
    app_labels:
      env: [dev, staging]
      team: ["{{internal.traits.team}}"]

  options:
    max_session_ttl: 8h
EOF
3

Enable JWT Authentication

Pass user identity to the application via JWT.

tacctl create -f - <<EOF
kind: app
metadata:
  name: internal-dashboard
spec:
  uri: http://dashboard.internal:8080
  public_addr: dashboard.company.com

  jwt:
    enabled: true
    header: X-Auth-Token
    claims:
      - name: sub
        value: "{{internal.user}}"
      - name: groups
        value: "{{internal.traits.groups}}"
EOF
4

Access Web Applications

Access applications through TigerAccess.

# Login
tac login --proxy=access.company.com

# List available applications
tac apps ls

# Open application in browser
tac apps open grafana

# Or navigate directly
# https://grafana.company.com
# (TigerAccess handles authentication)

Web Application Access Configured

With web application access configured, you have:

  • SSO for all internal applications
  • Identity passed to apps via JWT
  • Complete access audit trail
  • No VPN required for remote access

Related Guides

Single Sign-On

Configure SSO providers

Remote Access

Access from anywhere

Zero Trust Security

Zero trust for apps