Skip to content
Last update: 2022-03-23

Add resources

Now you add the resources (apps and web pages) that users will access through the gateway.

If you add a resource that redirects the user to a different URL after authentication or that links to other resources, add those resources too. For example, if you add and the wiki links to jira tickets, add

To add resources, do as follows:

  1. Go to Zero Trust Network Access > Resources & Access and click Add Resource.

    Screenshot of Resources page

  2. In Add Resource, do as follows:

    1. Enter the resource name and description.
    2. Check that Show resource in user portal is selected.

      Screenshot of Add Resource dialog

  3. Specify the access type and resource details as follows:

    1. Select a Gateway.
    2. In Access method, select Agent to access the resource with the ZTNA agent or Agentless to access the resource without it. Also select the Policy to apply.
    3. Select the Resource type (for example, Web Application).
    4. Enter the External FQDN and Internal FQDN/IP address of the resource, plus the port type and number (for example, HTTPS and port 443 for a web app).


      If you selected agentless access, the external FQDN must be publicly available. If you selected agent access, the external FQDN must not be publicly available.

      If you have an AWS gateway, set the Internal FQDN as follows:

      • If the app is hosted on the EC2 instance in another VPC, configure the EC2 private IP.

      • If the app has a custom DNS domain name, configure the private hosted zone. See Private hosted zones.

      Screenshot of access and resource settings

  4. In Assign User Groups, select the available groups that need access to the resource. Move them to Assigned User Groups and select them.

    Screenshot of user group settings


    If you change the name of an assigned Azure AD user group later, the list isn't updated. Users won't be able to access the app, and you'll need to assign the group again.

  5. Click Save.

  6. Check that you can access the app you added.

    You can verify the SSL certificate and ensure it's the same wildcard certificate that was uploaded to the gateway.

  7. Repeat the above steps for any other resource that this resource might redirect the user to.

Back to top