Guides
Secure Access Help Center

Configure Client-Based Zero Trust Access for Private Destinations

Client-based Zero Trust Access is generally used by employees of your organization who are authenticated by your organization's identity providers and who are using devices that are managed by your organization.

To understand and configure client-based Zero Trust Access for private destinations, review the following topics:

  1. Understand Zero Trust Access in general and client-based zero trust access specifically. For more information, see Manage Connections to Private Destinations and relevant subtopics including the comparison topics and the relevant parts of Requirements for Zero Trust Access.
  2. Configure one or more private resources to allow client-based Zero Trust Access connections. For more information, see Add a Private Resource.
  3. Define requirements for user endpoint devices for client-based Zero Trust Access connections. For more information, see Add a Client-Based Zero Trust Access Posture Profile.
  4. Understand Network Authentication for Zero Trust Access and configure the default user authentication interval for private access rules in Rule Defaults: Default Settings for Access Rules.
  5. Make sure you have set up Network Tunnels or Resource Connectors to connect user traffic. For more information, see Manage Network Connections and subtopics.
  6. (Optional) Modify zero trust access traffic steering rules if necessary. For more information, see important information at Traffic Steering for Zero Trust Access Client-Based Connections. Traffic steering rules are added automatically when you enable a private resource for client-based zero trust access.
  7. Create at least one private access rule that specifies a private resource or other destination that has been added to the Traffic Steering page. For more information, see Get Started With Private Access Rules and subtopics.
  8. Configure user authentication. For more information, see Manage User Authentication Profiles.
  9. Install Cisco Secure Client on user endpoint devices and enroll those devices in Zero Trust Access. For more information, see the relevant topics under Cisco Secure Client Overview.
  10. Test your configurations.

Requirements for Zero Trust Access< Configure Client-Based Zero Trust Access for Private Destinations > Configure Browser-based Zero Trust Access to Private Resources

Updated 8 days ago