Unenroll Devices for Client-Based Zero Trust Access
After a user enrolls their device for zero trust access on the Cisco Secure Client, the device appears on Secure Access. The user's device can create secure zero trust sessions and connect to their organization's private resources.
If you need to remove a user device that has zero trust access enabled from the organization, you can unenroll the user's device on Secure Access. The unenroll administrative action has these consequences:
- Prevents new zero trust connections from the device.
The user device can not create any new zero trust sessions to private resources. - Invalidates the device's zero trust certificate.
Reenroll the User Device on the Secure Client
After you unenroll a device on Secure Access, the end user can reenroll their device to enable zero trust access from the Cisco Secure Client. For more information, see Invite Users to Enroll in Zero Trust Access for Secure Client.
Table of Contents
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
- A user device that has enrolled in zero trust access on the Cisco Secure Client.
Procedure
Unenroll user devices on Secure Access that have enabled zero trust access on the Secure Client.
- Navigate to Connect > Users and Groups.
- Click Users to view the users provisioned in the organization.
- Click on the Name of a user that has configured Enrolled (ZTNA).
- For User Details, navigate to Client-based ZTA, and then click Unenroll ZTNA.
- Click Unenroll ZTNA, and then confirm the removal of the user device.
View Organizational Unit Details < Unenroll Devices for Client-Based Zero Trust Access > Disconnect Remote Access VPN Sessions
Updated 27 days ago