AppGate v11 SSL - User Guide for External Partners

Version 2.2
Author: Government of Canada / Partner Data Exchange (PDE)
Last updated: July 2, 2019

• 1. Purpose

  1. Purpose

  The purpose of this document is to identify the standard technical desktop requirements for external partners using Entrust eGrid, in support of their according agreement (ISETP, LMDA, AOB). Provincial users will access the required ESDC/Service Canada applications for supporting the agreement over their Internet connection using Service Canada's Secure Extranet Solution, also referred to as AppGate.

• 2. Requirements

  2. Requirements

  2.1. Applications Requirements

  Here is the list of all web applications that will be required in order for the users to effectively deliver their agreement programming. All the required accounts are provided by ESDC:

  Labour Market Development Agreement Holders (LMDA):

  • AppGate: Entrust eGrid and valid ESDC username/password.
  • EIBIS (LMDAAccess) for EI eligibility enquiries and Section 25 Authorization (T-171): valid ESDC username/password.
  • Targeting, Referral and Feedback (TRF): valid ESDC username/password.
  • Data Gateway file upload and download: valid ESDC username/password.

  Assignments of Benefits Agreement Holders (AOB):

  • AppGate: Entrust eGrid and valid ESDC username/password.
  • EIBIS (WebAOBLink) for EI eligibility enquiries: valid ESDC username/password.
  • Data Gateway file upload and download: valid ESDC username/password.

  Indigenous Skills and Employment Training Program Agreement Holders (ISETP):

  • AppGate: Entrust eGrid and valid ESDC username/password.
  • EIBIS (LMDAAccess) for EI eligibility enquiries and Section 25 Authorization (T-171): valid ESDC username/password.
  • Targeting, Referral and Feedback (TRF): valid ESDC username/password.
  • Data Gateway file upload and download: valid ESDC username/password.
  • ASETS Secured: valid ESDC username/password.

  2.2. Other Requirements

  • Any recent version of a major browser with SSL support.
  • All the necessary ports must be opened: 443, 80 (TCP only) outbound on the enterprise firewall and PC firewall (if any).
  • Pop up blocker must be configured to allow pop ups from srv100.services.gc.ca.
  • The browser used might need to be configured to prevent the use of the same window to launch shortcuts in some cases. This can be done by deactivating the "Reuse windows for launching shortcuts" option from the parameters of your browser (please refer to the instructions related to the browser selected if required). This will prevent the applications from opening on the same page as AppGate which would automatically close the Appgate session and consequently prevent the availability of the applications.
• 3. AppGate SSL Connection Instructions

  3. AppGate SSL Connection Instructions

  3.1. AppGate Connection Screen

  1. Enter the URL https://srv100.services.gc.ca (the "s" added to the "http" makes all the difference between SSL vs SSH).
  2. At the Connection screen:
     • Enter your Username (ex: john.lmda.doe)
     • Select Authentication "Radius"
     • Enter your Password
     • Click the Login button

  

  3.2. Radius Screen

  1. Use your (Entrust) eGrid and enter the characters requested for each intersection proposed.
  2. Click the Login button.

  

  3.3. Role Selection Screen

  • Appgate will provide access to the application list (roles) allowed under your profile or will open your unique application window automatically. If you get the role selection screen, select the appropriate role to work with. In order to use any web application through Appgate, a connection to AppGate must already be established. The end user can use any OTHER opened browser session or open another browser session and navigate to the according URL. It is important to note that the browser window/session hosting the secure access connection (AppGate) not be closed, as this would result in the secure connection to the ESDC network being severed.
• 4. Connection with Temporary or Expired Password

  4. Connection with Temporary or Expired Password

  4.1. AppGate Connection Screen

  1. Enter the URL https://srv100.services.gc.ca.
  2. At the Connection screen:
     • Enter your Username (ex: john.lmda.doe)
     • Select Authentication "Radius"
     • Enter your Password
     • Click the Login button

  

  4.2. Expired Password Screen

  • Enter a new password in the Radius field. The new password must meet all the rules:
    • Minimum 8 characters
    • At least one UPPER CASE (A-Z)
    • At least one lower case (a-z)
    • At least one number (0-9)
    • At least one special character (ex: !,$,%,*)
    • 8 passwords are remembered and can't be re-used.
  • Click the Login button.

  

  4.3. Confirm New Password Screen

  • Enter your new password again in the Radius field.
  • Click the Login button.