Guides
Secure Access Help Center

Provision a Machine Tunnel User

This is done by provisioning a machine tunnel user with a specific email ([email protected]) from your organization's identity provider (IdP), such as Active Directory. Secure Access supports various methods to provision users and groups.

📘

Important

We recommend you use certificate-based authentication to register device identities with Active Directory. The method to associate machine tunnel and user identity via the manual upload of a CSV file, as described in this procedure, is scheduled to be phased out.

Table of Contents

Prerequisites

Procedure

To add the new machine tunnel user, provision the user through your supported identity provider (IdP). This example shows a manual upload of a CSV file.

  1. Navigate to Connect > Users and Groups > Users and click Provision Users.
  2. For Provisioning Method, click Manual Upload to provision the new machine tunnel user in your organization.
  1. Click Download to save the Secure Access import template to your local system. The template is a CSV file that supports the following format: 
    DN,sn,givenName,userPrincipalName,mail,memberOf
    Note that DN and memberOF are not required. For complete information, see CSV File Format.
  2. Add the machine tunnel user to the Secure Access CSV template file, and then upload the CSV file to Secure Access.

For example:

DN,sn,givenName,userPrincipalName,mail,memberOf
machineUser,6,[email protected],[email protected],adminGroup
  1. Click Done.
    Once added, users and user groups can then be added to an access rule.

View Provisioned Users and Groups in Secure Access

  1. Navigate to Connect > Users, Groups, and Endpoint Devices to view the users and groups provisioned in your organization.
    1. See View User Details
    2. See View Group Details

Authenticate Device Identity with Active Directory<Provision a Machine Tunnel User> Manage Application-Based Remote Access VPN (Per App VPN)

Updated 11 days ago