This article will show you have to provision Cloud Gen Access for a user and install the client. Before you begin, you should add the target user to appropriate ZTN groups in Azure Active directory that will provide access to the specific resources they require.  1. Go to your Barracuda home page and find "Zero Trust/Web Sec. (CloudGen Access)" on the left side Click that, you may have to sign in. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 2. You will be brought to the Dashboard and will notice a figure on the left that looks like a person, it's called "Identity" click that. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 3. You will be brought to Identity Dashboard, the tabs will show "Users" as a default. You can then search for the user and hit enter. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 4. Click into the Name of the user and not the check mark box. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 5. When you click the name it should show you the Profile of the user. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 6. Scroll down until you see Enrollment click "Generate", once you click that it will create an Enrollment for the user - NOTE: Users are only allowed 5 Devices per Enrollment. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 7. you will then see an option on the upper right of the Enrollment section that states "Copy shareable link" Use that to install the software on the user's computer.  They will have to use MFA to complete the setup, let them know beforehand. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 8. Click the Caret button  on the bottom right of your main display. Here is the look of the icon after clicking the Caret button. OR if you can't see it, Click the start button and search for "Barracuda ClouGen Access" to open the app.                               NOTE: Once open it should look like this below. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 9. Once here you will see this below. If you see a "Toggle switch for my protection" it is currently Off. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 10. Once you toggle the switch you will see a screen like this below where the "Toggle switch for my protection" is gone which means its On. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 11. To toggle it back off you need to click the gear icon on the bottom right and will notice "CloudGen Access is on" that indicates that it is still on, Toggle that switch to turn it off. You will then see the "Toggle switch for my protection" which is another indicator that the service is off.  ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This guide will show you how to assign ZTN (Zero Trust Network/Cloud Gen Access) Permissions to specific employees for the resources that they require.  It is important that only employees that require access to resources are given access to Cloud Gen Access and only to the specific resources required to perform their job. Providing to little access can be of detriment to an employee, providing too much access is a detriment to security. Regular access audits will be performed to verify ZTN access. ZTN or Zero Trust Network, is a method of securing access to company resources. Access is controlled by Azure AD group memberships that are assigned to specific resources. A table of resources and groups is provided for easy administration and identification.  Resource List Resource Group Description Public FQDN HPG | NetSuite ZTN | HPG NetSuite Provides protected access to NetSuite. All NetSuite users should be included in this policy. netsuite.com HPG | Paylocity ZTN | HPG Paylocity Provides protected access to Paylocity. All remote Paylocity users should be included in this policy.  paylocity.com HSO | DCCore ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive dchspcore.handstands.local HSO | DCHSPa ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive dchspa.handstands.local HSO | DFS Root ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive handstands.local HSO | RDSH ZTN | HSO RSH Provides Remote Desktop Access to HandStands Remote Desktop Session Host rsh.hso.one HSO | SFSHSPa SMB ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive sfshspa.handstands.local HSO | SYN DSM *Admin Group Only* Provides access to the Synology DSM. This is primarily an Admin Only tool, though it occasionally is utilized as a backup to remote desktop session hosts when necessary hsosyn.hpg.one HSO | SYN SMB ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive syn-hsp-01.handstands.local HSO | SonicWall *Admin Group Only* Provides access to the HandStands SonicWall admin interface hso-sonicwall.hpg.one HSO | vCenter HTTPS *Admin Group Only* Provides access to the HandStands vCenter environment sapvcenter.handstands.local note: Links may need to be created that point to the FQDN for specify services. Example, for the HSO | RDSH, which is for the HandStands Remote Desktop Sessions Hosts, you will have to create a remote desktop file that uses rsh.hso.one as the target machine.  Group List Group Description ZTN | HPG NetSuite Provides protected access to NetSuite. All NetSuite users should be included in this policy.     ZTN | HPG Paylocity Provides protected access to Paylocity. All remote Paylocity users should be included in this policy.      ZTN | HSO DFS Required for providing users access to the HandStands I:\ Drive     ZTN | HSO RSH Provides Remote Desktop Access to HandStands Remote Desktop Session Host     ZTN | Admins Provides access to IT admin resources To add an employee to a group follow the below guide: Logon to aad.portal.azure.com Go to Groups Search for "ZTN" Edit the group you are adding to by clicking on the group name Click Members Click Add Members Search for and select the target Employee Click the Select button Refresh the screen after 15-60 seconds to verify the employee was added to the group Within 15-60 minutes the target employee should be able to access the resources through Cloud Gen Access.