Guides
Secure Access Help Center

Configure Browser-based Zero Trust Access to Private Resources

Browser-based access to your internal applications allows authorized user endpoint devices that are not managed by your organization to securely access internal resources. For more details, see Comparison of Client-Based and Browser-Based Zero Trust Access Connections.

The following configurations apply to browser-based access to a private resource:

  • User endpoint devices do NOT require Cisco Secure Client or the zero trust access module.
  • See relevant sections in Requirements for Zero Trust Access.
  • Configure the private resource:
    • The internally reachable address must be available via HTTP or HTTPS.
    • Browser-based zero trust access must be enabled.
    • Define the URL that users will use to access the resource.
    • Other settings may be required or optional for your environment.
    • For details, see Add a Private Resource.
    • An identity certificate signed by a publicly recognized certificate authority (CA) should be installed on the resource. If you install a certificate signed by your corporate CA, you must install the root certificate of your corporate certificate authority in the trust store of the user endpoint device.
  • Configure endpoint requirements in the default posture profile for browser-based zero trust access, or create a different posture profile for this purpose. See Add a Browser-Based Zero Trust Access Posture Profile.
  • Configure user authentication.
  • Add a private access rule to grant access to authorized users. Optionally, choose a posture profile other than the default. See Get Started With Private Access Rules and subtopics.
  • Give users the special URL you configured in the private resource for browser-based access.

Updated 7 days ago