Skip to content
Last update: 2021-11-30

About setup

The main steps in setting up ZTNA are as follows:

  • Check the requirements.
  • Check the network deployments available (for ESXi gateways).
  • Get a certificate.
  • Set up a directory service. This manages your users and user groups.
  • Synchronize users. This imports your user groups into Sophos Central.
  • Set up an identity provider (IDP). The IDP enables ZTNA to authenticate users.
  • Set up a gateway. The gateway controls access to apps.
  • Add policies. Policies let you set conditions for access.
  • Install the ZTNA agent. This lets you control access to local apps.
  • Add resources. This makes apps available and lets you specify which user groups can access them.
  • Give users access through the user portal.


This guide includes instructions for third-party products. We recommend that you check the vendors' latest documentation.

Back to top