Configure Browser-Based Zero Trust Access to Private Resources

Browser-based access to your internal applications allows authorized user endpoint devices that are not managed by your organization to securely access internal resources. For more details, see Comparison of Client-Based and Browser-Based Zero Trust Access Connections.

Note: User endpoint devices do not require the Cisco Secure Client with the Zero Trust Access module.

The following configurations apply to browser-based access to a private resource:

  • Requires a browser. For more information, see Requirements for Zero Trust Access.
  • Configure the private resource:
    • The internally reachable address must be available via HTTP or HTTPS.
    • Browser-based zero trust access must be enabled.
    • Define the URL that users will use to access the resource.
    • Other settings may be required or optional for your environment. For more information, see Add a Private Resource.
    • An identity certificate signed by a publicly recognized certificate authority (CA) should be installed on the resource. If you install a certificate signed by your corporate CA, you must install the root certificate of your corporate certificate authority in the trust store of the user endpoint device.
  • Configure endpoint requirements in the default posture profile for browser-based zero trust access, or create a different posture profile for this purpose. For more information, see Add a Browser-Based Zero Trust Access Posture Profile.
  • Configure user authentication. For more information, see Manage User Authentication Profiles.
  • Add a private access rule to grant access to authorized users. Optionally, choose a posture profile other than the default. See Get Started With Private Access Rules and subtopics.
  • Give users the special URL you configured in the private resource for browser-based access.

Configure Client-Based Zero Trust Access for Private Destinations < Configure Browser-Based Zero Trust Access to Private Resources > Network Authentication for Zero Trust Access