Invite Users to Enroll in Zero Trust Access for Secure Client

If your organization plans to deploy Cisco Secure Client with Zero Trust Access on end-user devices, the administrator must complete a few prerequisite tasks and then invite users to enroll in Zero Trust Access.

Table of Contents


Before inviting users to enroll in Zero Trust Access, you must:

  • Install the Secure Client with the Zero Trust Access module on user devices.
  • Provision the users and groups in your organization. For more information, see Manage Users and Groups.
  • Ensure that users have SSO authentication configured through a SAML identity provider (IdP).
  • Configure a Secure Access endpoint posture profile. For more information, see Manage Endpoint Security.

Recommended: Use MFA Authentication and Biometric Identity

For the highest security during end-user enrollment, we strongly advise that you take advantage of your established MFA-based authentication and the use of biometric identity for end-user authentication.


Zero Trust Access may not be familiar to your end users, so we recommend that you educate them on its benefits before prompting them to enroll. To help with that effort, following is some suggested language that you can use to speak about Zero Trust Access that includes instructions on how to enroll.


Many of today’s workers, like you, work remotely from time to time. That helps you to be productive, but it also increases risk from cyberthreats such as ransomware.

That’s why we’re adopting a new approach, called Zero Trust Access, for you to securely access corporate resources. Zero Trust Access complements VPN access, making it simpler for you to access certain corporate apps while providing increased security. Please enroll in Zero Trust Access promptly to continue accessing these applications without interruption.

The initial list of corporate applications that will be available using Zero Trust Access includes (insert apps for initial rollout). We will share further updates as more applications are made available through Zero Trust Access.

How to enroll
Zero Trust Access is a software component of Cisco Secure Client that is already installed on your company device. To enroll in Zero Trust Access, follow these steps:

  1. Open the Cisco Secure Client window.
    • If you can’t find the window, try searching for Secure Client.
  2. In the Zero Trust Access section, click Enroll.
  3. Enter your company email address.
  4. Sign in using your SSO credentials.

Result: You are now enrolled in Zero Trust Access. Depending on IT security requirements, you may be asked to authenticate from time to time to continue accessing certain applications.

Need enrollment help? Contact the IT help desk.

If you choose to send the text as an email to end users, follow these instructions:

  1. Create an email list of users for whom you have provisioned the prerequisites.
  2. Customize the text as desired.
    • In particular, look for the "insert apps for initial rollout" section of the text. Replace that section with the applications that are available for your organization using Zero Trust Access.
  3. Send the email to your list of users.

Manage Zero Trust Access on Cisco Secure Client < Invite Users to Enroll in Zero Trust for Cisco Secure Client > Requirements for Zero Trust on User Device