Zero Trust: Assign Access to Employees

This guide will show you how to assign ZTN (Zero Trust Network/Cloud Gen Access) Permissions to specific employees for the resources that they require.

It is important that only employees that require access to resources are given access to Cloud Gen Access and only to the specific resources required to perform their job. Providing to little access can be of detriment to an employee, providing too much access is a detriment to security. Regular access audits will be performed to verify ZTN access.

ZTN or Zero Trust Network, is a method of securing access to company resources. Access is controlled by Azure AD group memberships that are assigned to specific resources. A table of resources and groups is provided for easy administration and identification.

Resource List

Resource Group Description Public FQDN HPG | NetSuite ZTN | HPG NetSuite Provides protected access to NetSuite. All NetSuite users should be included in this policy. netsuite.com HPG | Paylocity ZTN | HPG Paylocity Provides protected access to Paylocity. All remote Paylocity users should be included in this policy. paylocity.com HSO | DCCore ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive dchspcore.handstands.local HSO | DCHSPa ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive dchspa.handstands.local HSO | DFS Root ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive handstands.local HSO | RDSH ZTN | HSO RSH Provides Remote Desktop Access to HandStands Remote Desktop Session Host rsh.hso.one HSO | SFSHSPa SMB ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive sfshspa.handstands.local HSO | SYN DSM *Admin Group Only* Provides access to the Synology DSM. This is primarily an Admin Only tool, though it occasionally is utilized as a backup to remote desktop session hosts when necessary hsosyn.hpg.one HSO | SYN SMB ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive syn-hsp-01.handstands.local HSO | SonicWall *Admin Group Only* Provides access to the HandStands SonicWall admin interface hso-sonicwall.hpg.one HSO | vCenter HTTPS *Admin Group Only* Provides access to the HandStands vCenter environment sapvcenter.handstands.local

note: Links may need to be created that point to the FQDN for specify services. Example, for the HSO | RDSH, which is for the HandStands Remote Desktop Sessions Hosts, you will have to create a remote desktop file that uses rsh.hso.one as the target machine.

Group List

Group Description ZTN | HPG NetSuite Provides protected access to NetSuite. All NetSuite users should be included in this policy. ZTN | HPG Paylocity Provides protected access to Paylocity. All remote Paylocity users should be included in this policy. ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive ZTN | HSO RSH Provides Remote Desktop Access to HandStands Remote Desktop Session Host ZTN | Admins Provides access to IT admin resources

To add an employee to a group follow the below guide:

Logon to aad.portal.azure.com
Go to Groups
Search for "ZTN"
Edit the group you are adding to by clicking on the group name
Click Members
Click Add Members
Search for and select the target Employee
Click the Select button
Refresh the screen after 15-60 seconds to verify the employee was added to the group

Within 15-60 minutes the target employee should be able to access the resources through Cloud Gen Access.