Deploy Secure Access Resource Connector in Azure

Available Languages

Download Options

  • PDF     (3.1 MB)
    View with Adobe Reader on a variety of devices
  • ePub     (3.3 MB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (2.4 MB)
    View on Kindle device or Kindle app on multiple devices
Updated:February 23, 2026
Document ID:225516

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to deploy a step by step Resource Connector in Azure.

    Prerequisites

    Gather required information and understand the  

    • Obtain the connector image.
      • You can download the image once and use it for any number of connectors in any connector group.
      • If you use a previously downloaded image, ensure that the image is the latest version.
      • For details, see Obtain the Connector Image.
    • Copy the provisioning key for the specific connector group for which you deploy connectors.
      See Provisioning Keys for Resource Connectors

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco Secure Access dashboard administrator access 
    • Azure portal access 
    • Cisco Secure Client 
    • Windows machine with ZTA enrolled 

    Components Used

    The information in this document is based on the test performed in a lab environment using the next components:

    • ZTNA Client
    • Secure Access
    • Azure
    • Private Resource

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configure

    Configurations in Secure Access

    Login to Secure Access Dashboard and navigate to Connect > Network Connections > Connector Groups

    • Click on add

    Secure Access - RC 1

    Secure Access - Connector Groups 

    • Specify the Connector Group Name and the Region
    • Click Next

    Secure Access - RC 2

    Secure Access - Connector Groups configuration

    • Choose Microsoft Azure and use the Scaling Calculator to determinate the resources needed

    Secure Access - RC 3

    Secure Access - Resource Connector Configuration review 

    • Leverage the DNS Servers option to resolve specific domains through dedicated DNS servers. This is considered a best practice for organizations with multiple internal domains.
    • Click Save

    Secure Access - RC 4

    Secure Access - Resource Connector Configuration

    • At this stage, ensure that you copy the Provisioning Key. You need it later in Azure during the Resource Connector deployment to enable registration with your Secure Access Tenant.

    Secure Access - RC 5

    Secure Access - Resource Connector Configuration

    Configurations in Azure

    Navigate to Azure portal and then navigate to the Microsoft Azure Marketplace and search for Cisco Secure Access Resource Connector image:

    Secure Access - Azure 1

    Secure Access - Resource Connector Creation on Azure 

    • Choose the appropriate Subscription and and Plan then click on Create

    Secure Access - Azure 2

    Secure Access - Resource Connector Creation on Azure 

    • Review the configuration for DisksNetworking and SSH public key  

    Secure Access - Azure 3

    Secure Access - Azure 4

    caution-icon

    Caution: Do not lose the private SSH key; otherwise, you cannot access the RC CLI and must re-deploy it for troubleshooting.

    Secure Access - Azure 5

    Secure Access - Azure 6

    Secure Access - Resource Connector Creation on Azure 

    • Paste the Provisioning Key copied from Cisco Secure Access into the User data field
    KEY=XXXXXXXXXXXXXXXXXXXXX

    Secure Access - Azure 7

    Secure Access - Resource Connector Creation on Azure 

    • Review and click on Create in order to proceed with the creation of your Resource Connector

    Secure Access - Azure 7

    Secure Access - Resource Connector Creation on Azure 

    • After you click Create, an option to download the private key appears. Click on Download private key and create resource

    Secure Access - Azure 8

    Secure Access - Resource Connector Creation on Azure 

    caution-icon

    Caution: Do not lose the private SSH key; otherwise, you cannot access the RC CLI and must re-deploy it for troubleshooting.

    • After that you can see the progress of yourResource Connector

    Secure Access - Azure 9

    Secure Access - Resource Connector Deployment on Azure 

    • Then Navigate to Secure Access Dashboard in order to confirm the Resource Connector connection and sucesfull deployment in your Secure Access Tenant
    • Click on Connect > Network Connections > Connector Groups
    • Under the option 2 Confirm Connectors click on Confirm Connectors to end the deployment

    Secure Access - Azure 10

    Secure Access - Resource Connector Confirmation 

    Now you are able to see your new Resource Connector deployed and connected in your Secure Access tenant:

    Secure Access - RC Deployed

    Secure Access - Resource Connector 

    Verify

    Accessing from the inbuild Bastion CLI 

    In Azure, access to your resource connector and click on Bastion:

    • Authentication Type: Choose SSH Private key from Local File
    • Username: You must use acadmin
    • Local File: Choose the private key previusly downloaded

    Secure Access - Azure Bastion

    Secure Access - RC SSH

    Secure Access - Accessing Resource Connector command line 

    Accessing RC from MAC-OS terminal

    Open the terminal and use ssh -i <private-key-file-path> acadmin@x.x.x.x.x in order to connector to your resource connector.

    Secure Access - RC SSH 2

    Secure Access - Accessing Resource Connector command line 

    Accessing from Windows - Putty 

    In order to use the private key, you must convert the SSH private key from .pem to .ppk formart using Puttygen:

    Secure Access - Putty Format Change

    • Save the private key in .ppk format 
    • Launch putty application and navigate to SSH > Auth > Credentials and browse your SSH private key in .ppk format 

    Secure Access - Putty Logging 1

    • Navigate to Sessionand put the IP address of the Resource Connector and click Open
    tip-icon

    Tip: username : acadmin passphrase : the passphrase configured while converting private key from .pem to .ppk format

    Secure Access - Putty Logging 2

    Troubleshooting 

    In order to access to the troubleshooting command acces to .

    caution-icon

    Caution: Do not lose the private SSH key; otherwise, you cannot access the RC CLI and must re-deploy it for troubleshooting.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    22-Feb-2026
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Jaikishan Yadav
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products