Jump to Content
Guides
Secure Access Help Center
Guides
Secure Access Help Center
Guides
Provision Users and Groups from Google Workspace
Search
Cisco Secure Access - DNS Defense Help
Welcome to Cisco Secure Access - DNS Defense
Sign into Secure Access - DNS Defense with Security Cloud Sign On
Find Your Organization ID
Determine Your Current Package
View Cloud Security Service Status
Contact Cisco Secure Access Support
Secure Access Single Sign-On Authentication
Configure Single Sign-On Authentication
Troubleshoot Single Sign On Authentication
Get Started
Begin Secure Access Onboarding Workflow
Step 1 – Configure Network Connections
Step 2 – Configure Access to Resources
Step 3 - Configure End User Connectivity
Step 4 – Configure Endpoints and Network Sources
Secure Access Overview Dashboard
Limitations and Range Limits
Data Retention
Monthly DNS Query Average
Network Requirements for Secure Access
Manage Network Connections
Comparison of Network Connection Methods
Manage Network Tunnel Groups
Device Compatibility and Network Tunnels
Add a Network Tunnel Group
Delete a Network Tunnel Group
Edit a Network Tunnel Group
View Network Tunnel Group Details
Supported IPsec Parameters
Network Tunnel Configuration
Configure Tunnels with Catalyst SD-WAN cEdge and vEdge
Configure Tunnels with Cisco ISR
Configure Tunnels with Cisco Adaptive Security Appliance
Configure Tunnels with Meraki MX
Manage Resource Connectors and Connector Groups
Requirements and Prerequisites for Resource Connectors and Connector Groups
Allow Resource Connector Traffic to Secure Access
Add Resource Connector Groups
Add Connectors to a Connector Group
Obtain the Connector Image
Provisioning Keys for Resource Connectors
Deploy a Connector in VMware
Deploy a Connector in AWS
Deploy a Connector in Azure
Determine the Number of Connectors Needed in a Connector Group
Assign Private Resources to a Connector Group
View a Connector Group's Connectors and Assigned Resources
Disable, Revoke, or Delete Resource Connectors and Groups
Maintain and Monitor Resource Connectors and Connector Groups
Troubleshoot Resource Connectors and Connector Groups
Manage Users and Groups
Import Users and Groups from CSV File
Provision Token for Identity Provider
Provision Users and Groups from Okta
Provision Users and Groups from Azure AD
Provision Users and Groups from Google Workspace
View User Details
View Group Details
View Endpoint Device Details
Unenroll Devices for Client-Based Zero Trust Access
Disconnect Remote Access VPN Sessions
Provision Users, Groups and Endpoint Devices from Active Directory
Prerequisites for AD Connectors
Connect Active Directory to Secure Access
Connect Multiple Active Directory Domains
Change the Connector Account Password
AD Connector Communication Flow and Troubleshooting
View AD Components in Secure Access
Configure Integrations with SAML Identity Providers
Prerequisites for SAML Authentication
Configure Azure AD for SAML
Configure Okta for SAML
Configure AD FS for SAML
Configure Duo Security for SAML
Configure Ping Identity for SAML
Configure OpenAM for SAML
SAML Certificate Renewal Options
Test SAML Identity Provider Integration
Delete SAML Identity Provider Integration
Manage End-User Connectivity
Manage DNS Servers
Traffic Steering for Zero Trust Access Client-Based Connections
Using Wildcards to Configure Traffic Steering for Private Destinations
Manage Virtual Private Networks
FQDNs for Network Connections
Manage IP Pools
Add an IP Pool
Manage VPN Profiles
Add VPN Profiles
Add a RADIUS Group
Manage Internet Security
Set Up Internet Security on User Devices
Manage Internet Security Bypass
Configure Cisco Secure Client Settings
Manage Domains
Add Internal Domains
Internal Networks Setup Guide
Provision a Subnet for Your Virtual Appliance
Manage Sites
Manage Internal Networks
Assign a Policy to Your Site
Manage a Network Device
Delete a Network Device
Manage Registered Networks
Add Network Resources
Point Your DNS to Cisco Secure Access
Clear Your DNS Cache
Update a Network Resource
Delete a Network Resource
Manage Roaming Devices
View Internet Security Settings for Roaming Devices
Edit Internet Security Settings for Roaming Devices
Delete a Roaming Device
Manage Destination Lists
Add a Destination List
Edit a Destination List
Add Destinations in Bulk
Download Destinations to a CSV File
Control Access to Custom URLs
Wildcards and Destination Lists
Add Punycode Domain Name to Destination List
Test Your Destinations (Hidden in SSE/SSE DNS)
Search for a Destination List
Troubleshoot Destination Lists
Manage Application Lists
Add an Application List
Application Categories
Delete an Application List
Manage Content Category Lists
Available Content Categories
Add a Content Category List
Request a Category for an Uncategorized Destination
Dispute a Content Category
View Content Categories in Reports
Manage Private Resources
Add a Private Resource
Add a Private Resource Group
Private Resource Configuration Examples
Manage AAA Servers
Manage Connections to Private Destinations
Comparison of Zero Trust Access and VPN
Comparison of Client-Based and Browser-Based Zero Trust Access Connections
Requirements for Zero Trust Access
Network Authentication for Zero Trust Access
Manage Branch Connections
Manage the Access Policy
About the Access Policy
Show Additional Data on Your Access Rules
Edit the Order of the Rules in Your Access Policy
Rule Defaults: Default Settings for Access Rules
Global Settings for Access Rules
Edit Rule Defaults and Global Settings
Edit the Default Access Rule
Get Started With Private Access Rules
Components for Private Access Rules
Default Settings for Private Access Rules
Add a Private Access Rule
About Configuring Sources in Private Access Rules
About Configuring Destinations in Private Access Rules
About Endpoint Requirements in Access Rules
Allowing Traffic from Users and Devices on the Network
Global Settings for Private Access Rules
View Rules Associated with a Private Resource
Troubleshoot Private Access Rules
Get Started With Internet Access Policy
Components for Internet Access Rules
Default Settings for Internet Access Rules
Add an Internet Access Rule
About Configuring Sources in Internet Access Rules
About Configuring Destinations in Internet Access Rules
Ensure Rule Matching for Encrypted Internet Traffic
Block Internet Access to Geographic Locations
Advanced Application Controls
Global Settings for Internet Access Rules
About Isolated Destinations
Isolate Downgrade
Troubleshoot Internet Access Rules
Zero Trust Access to Internet Destinations
Manage File Inspection for Internet Policy
Enable File Inspection
Test File Inspection
Troubleshooting
File Inspection Reports
Manage File Inspection and File Analysis for Private Access Rules
Enable File Inspection
Enable File Analysis by Cisco Secure Malware Analytics
Test File Inspection
Monitor File Inspection and Analysis Activity
Troubleshoot and Monitor File Inspection and Analysis
Manage File Type Controls
Manage the Intelligent Proxy
Enable the Intelligent Proxy
Test the Intelligent Proxy
Test Selective Decryption
Review the Intelligent Proxy Through Reports
Enable SSL Decryption
Manage Endpoint Security
Endpoint Attributes
Manage Zero Trust Access Posture Profiles
Add a Client-Based Zero Trust Access Posture Profile
Add a Browser-Based Zero Trust Access Posture Profile
Manage VPN Connection Posture Profiles
Add a VPN Connection Posture Profile
Manage IPS Profiles for Private Access
Manage Security Profiles
Security Profiles for Internet Access
Add a Security Profile for Internet Access
Enable SafeSearch
Security Profiles for Private Access
Add a Security Profile for Private Access
Manage Threat Categories
Threat Category Descriptions
Add a Threat Category List
Dispute a Threat Categorization
Manage Notification Pages
Preview Notification Pages
Create Custom Block pages
Allow Users to Contact an Administrator
Block Page IP Addresses
Manage Traffic Decryption
Important Information About Do Not Decrypt Lists
Add a Do Not Decrypt List for Internet Access
Manage Certificates
Manage the Cisco Umbrella Root Certificate
Install the Cisco Umbrella Root Certificate
Manage the Secure Access Root Certificate
Install the Cisco Secure Access Root Certificate
View the Cisco Trusted Root Store
Certificates for Internet Decryption
Manage Certificates for Private Resource Decryption
Certificates for Private Resource Decryption
Certificates for SAML Authentication
Manage SAML Certificates for Service Providers
Manage SAML VPN Service Provider Certificate Rotation
Manage SAML Certificates for Identity Providers
VPN Certificates for User and Device Authentication
Push the Cisco Root Certificate to Managed Devices
Manage Accounts
Add a New Account
Edit Account Settings
Delete an Account
Hide Identities with De-identification
Manage Cloud Malware Protection
Enable Cloud Malware Protection
Revoke Authorization for a Platform
Enable Cloud Malware Protection for AWS Tenants
Enable Cloud Malware Protection for Azure Tenants
Enable Cloud Malware Protection for Box Tenants
Enable Cloud Malware Protection for Dropbox Tenants
Enable Cloud Access Security Broker Features for Microsoft 365 Tenants
Enable Cloud Malware Protection for Webex Teams
Enable Cloud Malware Protection for Google Drive
Enable Cloud Malware Protection for Slack Tenants
Enable Cloud Malware Protection for ServiceNow Tenants
Manage API Keys
Add Secure Access API Keys
Add KeyAdmin API Keys
Log Management
Enable Logging
Enable Logging to Your Own S3 Bucket
Enable Logging to a Cisco-managed S3 Bucket
Change the Location of Event Data Logs
Stop Logging
Delete Logs
Log Formats and Versioning
Reports and CSV Formats
Admin Audit Log Formats
Cloud Firewall Log Formats
DNS Log Formats
IPS Log Formats
Remote Access VPN Log Formats
Web Log Formats
Zero Trust Access Log Formats
Reports
Monitor Secure Access with Reports
Export Report Data to CSV
Bookmark and Share Reports
Report Retention
Report Scheduling
Schedule a Report
Update a Scheduled Report
Remote Access Log Report
View the Remote Access Log Report
Activity Search Report
View and Customize the Activity Search Report
View Zero Trust Events in Activity Search Report
View Activity Search Report Actions
Schedule an Activity Search Report
Use Search and Advanced Search
Security Activity Report
View Activity and Details by Filters
View Activity and Details by Event Type or Security Category
View an Event's Details
Search for Security Activity
Total Requests Report
Activity Volume Report
App Discovery Report
View the App Discovery Report
View the Highest Risk Apps
Review Apps in the Apps Grid
View App Details
Change App Details
Control Apps
Control Advanced Apps
Top Destinations Report
Destination Details
Top Categories Report
Category Details
Third-Party Apps Report
Cloud Malware Report
Admin Audit Log Report
Export Admin Audit Log Report to an S3 Bucket
Top Threats Report
Threat Type Details
Threat Type Definitions
Top Identities Report
Identity Details
DNS Forwarders
Virtual Appliance Introduction
Prerequisites
Deployment Guidelines
Importance of Running Two VAs
Deploy Virtual Appliances
Deploy VAs in Hyper-V for Windows 2012 or Higher
Deploy VAs in VMware
Deploy VAs in Microsoft Azure
Deploy VAs in Amazon Web Services
Deploy VAs in Google Cloud Platform
Deploy VAs in KVM
Deploy VAs in Nutanix
Configure Virtual Appliances
Local DNS Forwarding
Reroute DNS
Update Virtual Appliances
Virtual Appliance Sizing Guide
SNMP Monitoring
Troubleshoot Virtual Appliances
Other Configurations
Active Directory Integration with the Virtual Appliances
Prerequisites
Active Directory User Exceptions
Prepare Your Active Directory Environment
Connect Active Directory to Umbrella VAs
Multiple Active Directory and Secure Access Sites
Change the Connector Account Password
Communication Flow and Troubleshooting
Managed iOS Device
Cisco Security Connector—Secure Access Setup Guide
Quick Start
Anonymize Devices
Meraki Registration
Verify Secure Access with Meraki
Meraki Documentation
Apple Configurator 2 Registration
IBM MaaS360 Registration
Intune Registration
Jamf Registration
MobiConnect Registration
MobileIron Registration
MobileIron Configuration
Workspace ONE Registration
Register an iOS Device Through a Generic MDM System
Apply Secure Access Policies to Your Mobile Device
Secure Access Reporting
Add User Identity for Cisco Security Connector
Troubleshooting
Configure Cellular and Wifi Domains
Managed Android Device
Cisco Secure Client (Android OS)
Deploy the Android Client
Android Configuration Download
Cisco Meraki MDM
MobileIron MDM
VMware Workspace ONE
Microsoft Intune MDM
Samsung Knox MDM
Manage Pop-Ups and App Controls
Manage Identities
Troubleshooting
Frequently Asked Questions
Unmanaged mobile device Protection
Secure Access Unmanaged Mobile Device Protection
Administrator Actions
End-User Actions
Cisco Secure Client
Cisco Secure Client Overview
Get Started and Manage Client-based Zero Trust Access from Mobile Devices
Set up the Zero Trust Access App for iOS Devices
Set up the Zero Trust Access App for Android on Samsung Devices
Monitor and Troubleshoot the Zero Trust Access App from Mobile Devices
Get Started with Cisco Secure Client on Windows and macOS Devices
Prerequisites
Download Cisco Secure Client
Download the OrgInfo.json File
Manual Installation of Cisco Secure Client (Windows and macOS)
Mass Deployment Overview
Mass Deployment (Windows)
Customize Windows Installation of Cisco Secure Client
Mass Deployment (macOS)
Customize macOS Installation of Cisco Secure Client
VPN Headend Deployment
Meraki Systems Manager (SM) Deployment
Migration from Umbrella Roaming Client
Install the Root Certificate for All Browsers
Cloud Management
Additional References
Remote Monitoring and Management Deployment Tutorials
Manage Internet Security on Cisco Secure Client
Umbrella Roaming Security Module Requirements
Domain Management
Interpret Internet Security Diagnostics
IPv4 and IPv6 DNS Protection Status
Manage Zero Trust Access on Cisco Secure Client
Invite Users to Enroll in Zero Trust Access for Secure Client
Requirements for Secure Client with Zero Trust Access
Troubleshoot Client-Based Zero Trust Access
Unenroll a Device from Zero Trust Access
Manage Virtual Private Networks on Cisco Secure Client
Download the Virtual Private Network XML Profile
CA Certificates for VPN Connections
Cisco Security for Chromebook Client
About Cisco Security for Chromebooks
Prerequisites for Cisco Security for Chromebooks Client
Limitations for Cisco Security for Chromebooks
Integrate the Google Workspace Identity Service
Deploy the Cisco Security for Chromebooks Client
Bypass Internal Domains from DNS-over-HTTPS (DoH)
Enable Reporting for Private IP Address of Chromebook Device
Verify Cisco Security for Chromebooks Client Deployment
Export Device Data to CSV
Troubleshoot Cisco Security for Chromebooks Client Deployment
View Protection Status of Chromebook Devices
Add Policies to a Chromebook Device
Cisco Security for Chromebooks Client FAQ
Google Workspace Identity Service FAQ
Provision Users and Groups from Google Workspace
Updated 22 days ago
