Manage Users, Groups, and Endpoints Devices

Cisco Secure Access supports the integration of users, groups, and endpoint devices through various identity providers (IdPs). Once integrated with Secure Access, you can protect and monitor the connections for the users and devices to internet and private destinations by configuring Access rules in the organization's policy.

• You can integrate multiple cloud IdPs with Secure Access.
• Endpoint device integration requires devices provisioned by an on-premise Active Directory domain controller (DC) and Cisco AD Connector version 1.14.4 or newer. For more information, see Connect Active Directory to Secure Access and Configure Updates on AD Connectors.

In addition to integrations with identity providers for provisioning users and groups, we recommend that you configure user authentication profiles. Authentication profiles describe integrations with single sign-on (SSO) IdPs. SSO IdPs authenticate users that connect through the Secure Access Secure Web Gateway (SWG) or with Secure Access Zero Trust Access.

• You can set up multiple authentication profiles in Secure Access.
• An authentication profile describes the association between a provisioning IdP and an SSO IdP.

After you add user directory integrations and set up user authentication profiles, Secure Access displays the users and groups that you provisioned in the organization.

Table of Contents

• Get Started with User Configuration Management
• Get Started with Endpoint Device Management
• View Provisioned Users and Groups
• Manage Remote Access VPN and Zero Trust Device Connections

Get Started with User Configuration Management

First, configure a user directory integration with Secure Access. The directory integration provisions users and groups into Secure Access.

Then, set up SSO authentication for users that connect to the web through the Secure Web Gateway or communicate with private destinations through Zero Trust Access.

Step 1 – Manage User Directories

• Provision the organization's users and groups into Secure Access. For more information, see Configure User Directory Integrations.
• Manage the integrated user directories. for more information, see Manage User Directories.

Step 2 – Manage User Authentication Profiles

• Configure integrations with SSO authentication providers in Secure Access. For more information, see Add User Authentication Profiles.
• Manage the added user authentication profiles. for more information, see Manage User Authentication Profiles.

Get Started with Endpoint Device Management

To configure your on-premise Active Directory integration to provision your endpoint device enrollments into Secure Access, see Authenticate Active Directory Devices.

View Provisioned Users and Groups

After you provision users, group, and endpoint devices in Secure Access, you can view the information about these identities.

• View User Details
• View Group and Organizational Unit Details
• View Endpoint Device Details
• View Organizational Unit Details

Manage Remote Access VPN and Zero Trust Device Connections

In Secure Access, manage the user connections.

• Disconnect Remote Access VPN Sessions
• Unenroll Devices for Client-Based Zero Trust Access

Secure Access Regions < Manage Users and Groups > View User Details