# Cisco Secure Access The Cisco Secure Access integration allows P0 to securely manage and automate access to private network resources—such as servers, databases, or applications that are only reachable within a private network or cloud VPC—without requiring public IP exposure. When combined with **Just-in-Time (JIT) access policies**, this setup ensures that private infrastructure access is secure, traceable, and identity-aware. {% hint style="info" %} Installing P0 with Cisco Secure Access takes about 15 minutes. {% endhint %} ## Integration components The Cisco Secure Access integration has two components that you can install independently: | Component | Purpose | CSA permissions required | | --------------------- | ---------------------------------------------------------------------------- | ------------------------ | | **Network access** | Looks up the internally reachable addresses of private resources in CSA | Read-only | | **Policy management** | Creates and removes Just-in-Time (JIT) access rules in the CSA access policy | Read and write | ### Network access The network access component allows P0 to discover your private resources in Cisco Secure Access and look up their internally reachable addresses. This component only requires read-only API permissions and doesn't modify any configuration in CSA. ### Policy management The policy management component allows P0 to create JIT access rules in your Cisco Secure Access access policy. When a user requests access to a private resource through P0: 1. P0 looks up the user's identity in Cisco Secure Access. 2. P0 creates a time-limited Access Policy rule granting the user access to the requested private resource. 3. When the access expires or is revoked, P0 removes the access rule. ## How it works 1. **Private resource configuration** * A private resource (such as a VM or database) resides within a private network or virtual cloud (AWS VPC, Azure VNet, or GCP VPC). * The resource is defined as a **Private Resource** in **Cisco Secure Access** and connected via a **Secure Access Connector** instance. * Cisco Secure Access makes the private resource reachable through its internal IP address without exposing it to the public internet. 2. **Identity and access control** * Cisco Secure Access is configured with SSO (for example, Okta SAML SSO) for user authentication. * Access policy rules within Secure Access use user identities to grant or restrict access to specific users or groups. 3. **P0 integration** * P0 integrates with the **Secure Access API** to discover private resources and manage access rules. * The **network access** component reads private resource details from CSA. * The **policy management** component creates and removes JIT access rules when users request and release access through P0. 4. **Connection flow** * The user runs the Cisco Secure Access client locally. * The user logs in using their SSO credentials (for example, Okta). * Once authenticated, the user connects to the private resource directly through Secure Access using its private IP. * P0 validates compliance with policy, enforces approval workflows, and logs the event. ## Additional resources * [Installation](https://docs.p0.dev/integrations/resource-integrations/cisco-secure-access/installation) * [Requesting access](https://docs.p0.dev/integrations/resource-integrations/cisco-secure-access/requesting-access) * [Cisco Secure Access documentation](https://docs.sse.cisco.com/sse-dns-guide/docs/get-started-secure-access) * [Cisco Secure Access API reference](https://developer.cisco.com/docs/cloud-security/secure-access-api-reference-overview/) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.p0.dev/integrations/resource-integrations/cisco-secure-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.