Configure Client-Based Zero Trust Access for Private Destinations

Client-based Zero Trust Access is generally used by employees of your organization who are authenticated by your organization's identity providers and who are using devices that are managed by your organization.

To understand and configure client-based Zero Trust Access for private destinations, review the following topics:

1. Understand Zero Trust Access in general and client-based zero trust access specifically. See Manage Connections to Private Destinations and relevant subtopics including the comparison topics and the relevant parts of Requirements for Zero Trust Access.
2. Configure one or more private resources to allow client-based Zero Trust Access connections. See Add a Private Resource.
3. Define requirements for user endpoint devices for client-based Zero Trust Access connections. See Add a Client-Based Zero Trust Access Posture Profile.
4. Understand Network Authentication for Zero Trust Access and configure the default user authentication interval for private access rules in Rule Defaults: Default Settings for Access Rules.
5. Make sure you have set up Network Tunnels or Resource Connectors to connect user traffic. See Manage Network Connections and subtopics.
6. (Optional) Modify zero trust access traffic steering rules if necessary. See important information at Traffic Steering for Zero Trust Access Client-Based Connections. Traffic steering rules are added automatically when you enable a private resource for client-based zero trust access.
7. Create at least one private access rule that specifies a private resource or other destination that has been added to the Traffic Steering page. See Get Started With Private Access Rules and subtopics.
8. Install Cisco Secure Client on user endpoint devices and enroll those devices in Zero Trust Access. See the relevant topics under Cisco Secure Client Overview.
9. Test your configurations.