Securing your applications with just user authentication still leaves then vulnerable originating from within your network. Cisco+ Secure Connect can another layer of security, controlling network access to those applications, both private applications hosted in your data center or on an IaaS platform such as AWS, Azure, or Google Cloud, or and public SaaS applications, like Microsoft365.
For private applications, the rule sets allow you to determine if specific users or groups or user within a specific IP address range can or cannot access your private applications or IP address ranges. Note that policies applying to users and groups can only be used for client-based remote access. Policies applying to IP address ranges can be for both client-based remote access.
To implement user or group-based rules, Cisco+ Secure Connect must be linked to your Identity Provider (IdP). Information on how to setup an IdP can be found here.
For public SaaS applications, Cisco+ Secure Connect give you the ability to see what applications are on your network and then create polices to control what application can access and who can access them. Use the link below to setup Application Discovery. To create access policies to SaaS applications, you will need to define a web policy rule(s). Information on how to configure web rules can be found here.