Installation
Before you begin
Prerequisites
To set up the Cisco Secure Access integration with P0, you need:
Cisco Secure Access account with administrator privileges
Secure Access Connector deployed and configured in your private network
Identity provider (IdP) configured in Cisco Secure Access (for example, Okta, Microsoft Entra ID)
P0 account with administrator access
Required permissions
You must have the following permissions in Cisco Secure Access:
Administrator or API Admin role
Permission to create and manage API clients
Permission to view and manage private resources
Permission to configure access policies
Setting up Cisco Secure Access
Each component requires its own API client in Cisco Secure Access with different permission scopes. You can either install only the Network access component or both, depending on your needs.
After you select Cisco Secure Access from the integrations list, P0 displays the available components:
Installing the network access component
This component allows P0 to look up the internally reachable addresses of your private resources in CSA. It only requires read-only permissions.
Step 1: Create a read-only API client in CSA
Log in to your Cisco Secure Access Dashboard.
Navigate to Admin > API Keys.
Click Add.
Configure the API key:
Name:
P0 Read-OnlyDescription:
Read-only API key for P0 private resource discoveryScope: Select Policies / Private Resources - Read-Only
Click Create and save the generated API key and secret.
Both the API key and secret are 32-character hexadecimal strings. Store the secret securely—you cannot view it again after closing the creation window.
Step 2: Configure the component in P0
Log in to your P0 Dashboard at https://p0.app.
Navigate to Integrations > Resource Integrations.
Click Add Integration and select Cisco Secure Access.
Select the Cisco Secure Access network access component and enter:
FieldValueOrganization name
A display name for your Cisco Secure Access organization
API key
The API key from Step 1
Secret
The secret from Step 1
Click Update.
P0 can now discover and look up your private resources from Cisco Secure Access.
Installing the policy management component
This component allows P0 to create and remove JIT access rules in your CSA access policy. It requires read and write permissions.
You must install the network access component first. The policy management component links to an organization that you already configured in the network access component.
Step 1: Create a read/write API client in CSA
In the Cisco Secure Access Dashboard, navigate to Admin > API Keys.
Click Add.
Configure the API key:
Name:
P0 Policy ManagementDescription:
Read/write API key for P0 JIT access policy managementScopes: Select both:
Policies / Private Resources - Read-Only
Policies / Private Resources - Read / Write
Click Create and save the generated API key and secret.
Both the API key and secret are 32-character hexadecimal strings. Store the secret securely—you cannot view it again after closing the creation window.
Step 2: Configure the component in P0
Select the Cisco Secure Access policy management component.
Select the Organization identifier for the organization you want to configure, then click Next.
Enter the following:
FieldValueAPI key
The API key from Step 1
Secret
The secret from Step 1
Click Finish.
P0 can now create and remove JIT access rules in your Cisco Secure Access access policy.
Last updated