Jump to Content
Guides
Secure Access Help Center
Guides
Secure Access Help Center
Guides
Troubleshoot Single Sign On Authentication
Search
Cisco Secure Access Help
Welcome to Cisco Secure Access
Sign into Secure Access with Security Cloud Sign On
Find Your Organization ID
Determine Your Current Package
View Cloud Security Service Status
Contact Cisco Secure Access Support
Secure Access Single Sign-On Authentication
Configure Single Sign-On Authentication
Troubleshoot Single Sign On Authentication
Get Started
Begin Secure Access Onboarding Workflow
Step 1 – Configure Network Connections
Step 2 – Configure Access to Resources
Step 3 - Configure End User Connectivity
Step 4 – Configure Endpoints and Network Sources
Secure Access Overview Dashboard
Quickstarts
Quickstart – Cisco Secure Client with Zero Trust Access
Quickstart – Cisco Secure Client with Virtual Private Network
Quickstart – Cisco Secure Client with Internet Security
Quickstart – Browser with SAML Authentication
Quickstart – Bring Your Own Device with Zero Trust
Limitations and Range Limits
Network Requirements for Secure Access
Secure Access NAT as a Service
Reserved IP
Reserved IP Supplemental Terms
Manage Network Connections
Comparison of Network Connection Methods
Manage Network Tunnel Groups
Device Compatibility and Network Tunnels
Add a Network Tunnel Group
Delete a Network Tunnel Group
Edit a Network Tunnel Group
View Network Tunnel Group Details
Supported IPsec Parameters
Network Tunnel Configuration
Routing Options and Guidelines
Static Routing
Dynamic Routing with BGP
Configure Tunnels with Cisco Catalyst SD-WAN
Configure Tunnels with Cisco ISR
Configure Tunnels with Cisco Adaptive Security Appliance
Configure Tunnels with Cisco Secure Firewall
Configure Tunnels with Meraki MX
Configure Tunnels with NEC IX2000 Series Router
Configure a Site-to-Site VPN tunnel with Microsoft Azure
Configure a Site-to-Site VPN tunnel with Amazon Web Services
Manage Resource Connectors and Connector Groups
Requirements and Prerequisites for Resource Connectors and Connector Groups
Allow Resource Connector Traffic to Secure Access
Add Resource Connector Groups
Add Connectors to a Connector Group
Obtain the Connector Image
Provisioning Keys for Resource Connectors
Deploy a Connector in VMware
Deploy a Connector in AWS
Deploy a Connector in Azure
Deploy a Connector in Docker
Determine the Number of Connectors Needed in a Connector Group
Assign Private Resources to a Connector Group
View a Connector Group's Connectors and Assigned Resources
Edit a Resource Connector Group
Disable, Revoke, or Delete Resource Connectors and Groups
Maintain and Monitor Resource Connectors and Connector Groups
Troubleshoot Resource Connectors and Connector Groups
Secure Access Regions
Manage Users, Groups, and Endpoint Devices
View User Details
View Group and Organizational Unit Details
View Endpoint Device Details
Unenroll Devices for Client-Based Zero Trust Access
Disconnect Remote Access VPN Sessions
Manage User Directories and Device Management
Configure User Directory Integrations
Manage Cloud Identity Providers
Add a Cloud Identity Provider
Edit an Identity Provider Integration
Delete an Identity Provider Integration
Import Users and Groups from CSV File
Manage Active Directory Integration
Manage Google Workspace Account
Manage Imported Users and Groups
Manage Advanced Configuration Settings
Manage IP Surrogates for User Authentication
Configure Identity Providers
Provision Users and Groups from Okta
Provision Users and Groups from Microsoft Entra ID
Provision Users, Groups, and Endpoint Devices from Active Directory
Prerequisites for AD Connectors
Connect Multiple Active Directory Domains
Manage AD Components
Add AD Components in Secure Access
Manage Sites for AD Components
View AD Components in Secure Access
Delete AD Components
Manage AD Connectors
Configure Authentication for AD Connectors and VAs
Configure Updates on AD Connectors
Connect Active Directory to Secure Access
Deploy LDIF Files for AD Connector
Change the Connector Account Password
AD Connector Communication Flow and Troubleshooting
Edit AD Authentication Properties
AD Integration with Virtual Appliances
Prerequisites for AD Connectors and VAs
Prepare Your AD Environment
Connect Active Directory to VAs
Multiple AD Domains with Secure Access Sites
Manage User Authentication Profiles
Add SSO Authentication Profiles
About Single Sign-On for Users
Edit an SSO Authentication Profile
Delete SSO Authentication Profile
Configure Integrations with OIDC Identity Providers
Configure Okta for OpenID Connect
Configure Microsoft Entra ID for OpenID Connect
Configure Integrations with SAML Identity Providers
Prerequisites for SAML Authentication
Configure Microsoft Entra ID for SAML
Configure Okta for SAML
Configure AD FS for SAML
Configure Duo Security for SAML
Configure Ping Identity for SAML
Configure OpenAM for SAML
SAML Certificate Renewal Options
Test SAML Identity Provider Integration
Manage End-User Connectivity
FQDNs for Network Connections
Manage DNS and DDNS Servers
Manage DNS Servers
Map DNS Servers to Regions
Manage DDNS Servers
Map DDNS Servers to Regions
Manage Virtual Private Networks
Manage Regions and IP Pools
Add an IP Pool
Assign and Modify IP Pools
Manage RADIUS Servers and Groups
Manage VPN Profiles
Add VPN Profiles
Add a RADIUS Group
Manage VPN Settings
Manage Machine Tunnels
Machine Tunnel - What to do Next
Authenticate Device Identity with Active Directory
Provision a Machine Tunnel User
Manage Application-Based Remote Access VPN (Per App VPN)
Manage Custom Attributes
Define Custom Attributes
Manage Secure Client Scripts
Traffic Steering for Zero Trust Access Client-Based Connections
Using Wildcards to Configure Traffic Steering for Private Destinations
Traffic Steering for ZTA Connections to Internet and SaaS Destinations
Addresses That Never Use Zero Trust Access
Zero Trust Access to Internet Destinations
Trusted Networks for Zero Trust Access Connections
Manage Internet Security
Set Up Internet Security on User Devices
Manage Internet Security Bypass
Add Destinations for Internet Security Bypass
Edit Destination for Internet Security Bypass
Delete Destination for Internet Security Bypass
Configure Cisco Secure Client Settings
Manage PAC Files
Deploy the Secure Access PAC File for Windows
Deploy the Secure Access PAC File for macOS
Customize the Secure Access PAC File
Upload Custom PAC Files to Secure Access
Manage Proxy Chaining
Forwarded-For (XFF) Configuration
Manage Registered Networks
Add Network Resources
Point Your DNS to Cisco Secure Access
Clear Your DNS Cache
Update a Network Resource
Delete a Network Resource
Manage Internal Networks
Add Internal Network Resources
Update an Internal Network Resource
Delete an Internal Network Resource
Manage Sites
Manage Destination Lists
Add a Destination List
Upload Destinations From a File
Edit a Destination List
Download Destinations to a CSV File
Control Access to Custom URLs
Control Access to Domains
Troubleshoot Destination Lists
Manage AAA Servers
Manage Schedules
Add a Schedule
View and Manage Schedules
Manage Internet and SaaS Resources
Manage Application Lists
Add an Application List
Application Categories
Delete an Application List
Manage Content Category Lists
Available Content Categories
Add a Content Category List
Request a Category for an Uncategorized Destination
Dispute a Content Category
View Content Categories in Reports
Manage Tenant Control Profiles
Add a Tenant Controls Profile
Control Cloud Access to Microsoft 365
Control Cloud Access to Google G Suite
Control Cloud Access to Slack
Control Cloud Access to Dropbox
Control Cloud Access to YouTube
Use Tenant Controls in Access Rules
Review Tenant Controls Through Reports
Manage Network Devices
Manage Roaming Devices
View Internet Security Settings for Roaming Devices
Edit Internet Security Settings for Roaming Devices
Delete a Roaming Device
Manage Private Resources
Add a Private Resource
Discover Private Resources
Test Private Resource Reachability
Add a Private Resource Group
Private Resource Configuration Examples
Manage Connections to Private Destinations
Comparison of Zero Trust Access and VPN
Timeout Intervals for Zero Trust Access Sessions
Comparison of Client-Based and Browser-Based Zero Trust Access Connections
Requirements for Zero Trust Access
Configure Client-Based Zero Trust Access for Private Destinations
Configure Browser-Based Zero Trust Access to Private Resources
Network Authentication for Zero Trust Access
Connection Scenarios for Private Destinations
Manage Branch Connections
Allow SSH and RDP Access to Private Resources
Application Portal for Zero Trust Access Browser-Based User Access
Get Started with Network and Service Objects
Quickstart: Network and Service Objects
Access Rules with Network and Service Objects
Combine Destinations with Boolean Logic
Manage Network Objects and Groups
Add a Network Object
Add a Network Object Group
Import CSV File of Network Objects
Manage a Network Object
Manage a Network Object Group
View Network Objects and Groups
Manage Service Objects and Groups
Add a Service Object
Add a Service Object Group
Import CSV File of Service Objects
Manage a Service Object
Manage a Service Object Group
View Service Objects and Groups
Manage the Access Policy
About the Access Policy
Show Additional Data on Your Access Rules
Edit the Order of the Rules in Your Access Policy
Rule Defaults: Default Settings for Access Rules
Manage Global Settings for Access Rules
Edit Rule Defaults and Global Settings
Edit or View the Default Access Rules
Using Wildcard Masks on Access Rules
Get Started With Internet Access Rules
Components for Internet Access Rules
Default Settings for Internet Access Rules
Add an Internet Access Rule
About Configuring Sources in Internet Access Rules
About Configuring Destinations in Internet Access Rules
Ensure Rule Matching for Encrypted Internet Traffic
Block Internet Access to Geographic Locations
Advanced Application Controls
Global Settings for Internet Access Rules
About Isolated Destinations
Isolate Downgrade
Troubleshoot Internet Access Rules
Get Started With Private Access Rules
Components for Private Access Rules
Default Settings for Private Access Rules
Add a Private Access Rule
About Configuring Sources in Private Access Rules
About Configuring Destinations in Private Access Rules
About ZTA Private Access Enforcement
Most Specific Match Enforcement Mode
Multi-App Match Enforcement Mode
Multi-App with Resolved IP Match Enforcement Mode
About Endpoint Requirements in Access Rules
Allowing Traffic from Users and Devices on the Network
Global Settings for Private Access Rules
Troubleshoot Private Access Rules
Get Started with the Cisco Assistant
Add Rules with the Cisco Assistant
Cisco Assistant Rule Examples
Find Documented Answers with the Cisco Assistant
Troubleshoot with the Cisco Assistant
Messages Generated by the Cisco Assistant
Manage Endpoint Security
Endpoint Attributes
Manage Zero Trust Access Posture Profiles
Add a Client-Based Zero Trust Access Posture Profile
Add a Browser-Based Zero Trust Access Posture Profile
Manage VPN Connection Posture Profiles
Add a VPN Connection Posture Profile
Manage IPS Profiles
Add a Custom IPS Signature List
Manage Security Profiles
Security Profiles for Internet Access
Add a Security Profile for Internet Access
Enable SafeSearch
Security Profiles for Private Access
Add a Security Profile for Private Access
Manage App Risk Profiles
Add an App Risk Profile
Manage Threat Categories
Threat Category Descriptions
Add a Threat Category List
Dispute a Threat Categorization
Manage File Inspection and File Analysis
Enable File Inspection
Enable File Analysis by Cisco Secure Malware Analytics
Test File Inspection for Internet Access
Monitor File Inspection and Analysis Activity
Troubleshoot File Inspection and Analysis
Manage File Type Controls
Enable File Type Controls
File Types to Block
Review File Type Controls Through Reports
Manage Notification Pages
Preview Notification Pages
Create Custom Block and Warn Pages
Allow Users to Contact an Administrator
Block Page IP Addresses
Manage Traffic Decryption
Important Information About Do Not Decrypt Lists
Add a Do Not Decrypt List for Security Profiles for Internet Access
Manage Certificates
Certificates for Internet Decryption
Install the Cisco Secure Access Root Certificate
Add Customer CA Signed Root Certificate
View the Cisco Trusted Root Store
Manage Certificates for Private Resource Decryption
Certificates for Private Resource Decryption
Certificates for SAML Authentication
Manage SAML Certificates for Service Providers
Manage SAML VPN Service Provider Certificate Rotation
Manage SAML Certificates for Identity Providers
VPN Certificates for User and Device Authentication
Manage CA Certificates for VPN Connections and Zero Trust Access Enrollment
Manage the Data Loss Prevention Policy
Add a Real Time Rule to the Data Loss Prevention Policy
Understand Exclusions in a Real Time Rule
Supported Applications
Add an SaaS API Rule to the Data Loss Prevention Policy
Add an AI Guardrails Rule to the Data Loss Prevention Policy
Discovery Scan
Edit a Data Loss Prevention Rule
