Skip to content
Last update: 2021-12-17

Add resources

Now you add the resources (apps and web pages) that users will access through the gateway.

  1. Go to Zero Trust Network Access > Resources & Access and click Add Resource.

    Screenshot of Resources page

  2. In Add Resource, do as follows:

    1. Enter the resource name and check that Show resource in user portal is selected.
    2. Select a Gateway.
    3. In Access method, select Agent to access the resource with the ZTNA agent or Agentless to access the resource without it.
    4. Select the Policy to apply to the resource.
    5. Select the Resource type (for example, Web Application).
    6. Enter the External FQDN and Internal FQDN/IP address of the resource, plus the port type and number (for example, HTTPS and port 443 for a web app).


      If you selected agentless access, the external FQDN must be publicly available. If you selected agent access, the external FQDN must not be publicly available or you won't be able to access the resource.

    7. In Assign User Groups, select the checkboxes next to available groups that need access to the resource. Then move them to the Assigned User Groups list and select the checkboxes next to them.

    8. Click Save.

    Add Resource dialog

  3. Try to access the app you added.

    You can verify the SSL certificate and ensure it's the same wildcard certificate that was uploaded to the gateway.


If you have an AWS gateway, set the Internal FQDN for a resource as follows:

  • If the app is hosted on the EC2 instance in another VPC, configure the EC2 private IP.

  • If the app has a custom DNS domain name, configure the private hosted zone. See Private hosted zones.


If you change the name of an assigned Azure AD user group later, the Assigned User Groups list isn't updated to reflect the change. Users won't be able to access the app, and you'll need to assign the group again.

Back to top