🔐Cisco Secure Access
Installing P0 access management for Cisco Secure Access takes about 15 minutes.
The Cisco Secure Access integration allows P0 to securely manage and automate access to private network resources—such as servers, databases, or applications that are only reachable within a private network or cloud VPC—without requiring public IP exposure. When combined with Just-in-Time (JIT) access policies, this setup ensures that private infrastructure access is secure, traceable, and identity-aware.
Installing P0 with Cisco Secure Access takes about 15 minutes.
Integration components
The Cisco Secure Access integration has two components that you can install independently:
Network access
Looks up the internally reachable addresses of private resources in CSA
Read-only
Policy management
Creates and removes Just-in-Time (JIT) access rules in the CSA access policy
Read and write
Network access
The network access component allows P0 to discover your private resources in Cisco Secure Access and look up their internally reachable addresses. This component only requires read-only API permissions and doesn't modify any configuration in CSA.
Policy management
The policy management component allows P0 to create JIT access rules in your Cisco Secure Access access policy. When a user requests access to a private resource through P0:
P0 looks up the user's identity in Cisco Secure Access.
P0 creates a time-limited Access Policy rule granting the user access to the requested private resource.
When the access expires or is revoked, P0 removes the access rule.
How it works
Private resource configuration
A private resource (such as a VM or database) resides within a private network or virtual cloud (AWS VPC, Azure VNet, or GCP VPC).
The resource is defined as a Private Resource in Cisco Secure Access and connected via a Secure Access Connector instance.
Cisco Secure Access makes the private resource reachable through its internal IP address without exposing it to the public internet.
Identity and access control
Cisco Secure Access is configured with SSO (for example, Okta SAML SSO) for user authentication.
Access policy rules within Secure Access use user identities to grant or restrict access to specific users or groups.
P0 integration
P0 integrates with the Secure Access API to discover private resources and manage access rules.
The network access component reads private resource details from CSA.
The policy management component creates and removes JIT access rules when users request and release access through P0.
Connection flow
The user runs the Cisco Secure Access client locally.
The user logs in using their SSO credentials (for example, Okta).
Once authenticated, the user connects to the private resource directly through Secure Access using its private IP.
P0 validates compliance with policy, enforces approval workflows, and logs the event.
Additional resources
Last updated