UserGuide
Introduction to COSGrid SASE
COSGrid provides a Secure Access Service Edge (SASE) platform that converges networking and security into a unified, cloud-delivered service.
The platform is designed around Zero Trust principles, meaning:
No user or device is trusted by default
Every access request is continuously verified
Access is granted based on identity, device posture, and context
Core Products in the Platform
1. MicroZAccess (ZTNA – Agent-Based)
Secure access via endpoint agent
Ideal for managed devices
2. SwiftZAccess (Agentless ZTNA)
Browser-based secure access
No installation required
3. Secure Web Access (SWA)
Protects users from malicious internet content
Enforces web usage policies
4. Zero Trust NAC (ZT-NAC)
Controls device access to network
Enforces compliance before connectivity
How Everything Works Together
1.The platform integrates:
Identity (Who you are)
Device (What you are using)
Context (Where/when/how)
This ensures granular, application-level access control, eliminating traditional network exposure.
2. Getting Started (First-Time Setup Journey )
This section is designed to take you from zero → fully functional deployment
Step 1: Configure Identity & Users
Before enabling access, define who can use the system.
Options:
Manual user creation
Just-in-Time (JIT) provisioning via IdP
Recommended: Use Identity Provider integration for scalability.
Step 2: Enable Authentication Security
Configure:
Multi-Factor Authentication (MFA)
Password policies
This ensures strong identity validation before access is granted.
Step 3: Choose Access Method
Use Case | Recommended Product |
Managed employees | MicroZAccess |
Third-party / vendors | SwiftZAccess |
Step 4: Onboard Applications / Domains
Internal apps → MicroZAccess
Web apps → SwiftZAccess
Step 5: Define Access Policies
Policies determine:
Who can access
What they can access
Under what conditions
Step 6: Validate Access
Test with:
Different users
Different devices
Different conditions
Final Outcome
Users securely access only authorized applications, with full visibility and control.
3. Identity & Access Management (IAM)
User Lifecycle Management
Manual User Creation
Admins can:
Add users
Assign roles
Map to groups
JIT (Just-in-Time) Provisioning
Users are:
Automatically created during first login
Synced with identity provider
Eliminates manual onboarding effort
Multi-Factor Authentication (MFA)
MFA adds a second layer of verification:
OTP / Authenticator apps
Enforced per policy
Strongly recommended for all users
Password Policy Enforcement
Admins can define:
Minimum length
Complexity rules
Expiry duration
Authentication & Access Control Engine
This is the core decision-making system
It evaluates:
User identity
Group membership
Device posture
Context (location, time)
Identity Provider Integration
Supported:
SAML / OIDC providers
Benefits:
Centralized identity
Seamless login experience
Automated user provisioning
4. Integrations & Ecosystem
Third-Party Integrations
Identity systems
Security platforms
Ticketing Systems
Automate incident workflows
Integrate with ITSM tools
Log Server / SIEM Integration
Send logs to:
Splunk
ELK
Other SIEM tools
Event Logging
Tracks:
Login attempts
Access decisions
Policy enforcement
Critical for auditing and compliance
5. MicroZAccess (ZTNA – Agent-Based Access)
MicroZAccess provides secure, device-aware access using an endpoint agent.
It establishes encrypted micro-tunnels between user devices and applications.
Architecture Explained
Components:
Agent → Installed on user device
Orchestrator → Policy and control plane
Z3 Connector → Connects internal apps
Agent Installation & Setup
Supported Platforms:
Windows
macOS
Linux
Flow:
Install agent
Login with credentials
Device registers with orchestrator
Policies are applied
Z3 Connector
Purpose:
Securely exposes internal applications
Setup Flow:
Install connector in application network
Register with orchestrator
Map applications
Access Policy Design
Allowed users/groups
Allowed applications
Conditions (device posture, location)
Device Posture Check (DPC)
Device compliance
Security baseline enforcement
Examples:
OS version
Security patches
Endpoint health
Overlay Network
Encrypted communication layer
Prevents direct network exposure
6. SwiftZAccess (Agentless ZTNA)
SwiftZAccess enables secure browser-based access without installing any agent.
Ideal for:
Third-party users
BYOD environments
Architecture
Reverse proxy-based access
Policy enforcement at gateway
Domain Onboarding (Core Feature)
Steps:
Add domain (without protocol)
Configure backend mapping
Enable routing
Policy Creation
User/group access
Domain mapping
Conditions
Access Flow
User logs in
Access request hits gateway
Policy evaluated
Secure session established
Domain Management
Modify domain configs
Update policies
Control access dynamically
Use Cases
Vendor access
Temporary access
Rapid onboarding
7. Secure Web Access (SWA)
SWA protects users from:
Malicious websites
Data exfiltration
Unsafe browsing
Key Capabilities
URL filtering
Category-based blocking
HTTPS inspection
Policy Orchestration
Define allowed/blocked categories
Apply policies per user/group
8. Zero Trust NAC (ZT-NAC)
ZT-NAC enforces device-level access control before allowing network connectivity.
Capabilities
Device discovery
Posture validation
Access enforcement
Policy Engine
Which devices can connect
Under what conditions
9. Monitoring, Diagnostics & Operations
Resource Usage Monitoring
Track:
CPU usage
Memory usage
Network consumption
User Activity Monitoring
Provides:
Session tracking
Behavioral insights
Remote Diagnostics
Collect logs
Debug issues remotely
Trigger diagnostics
10. User & Group Management
User Management
Add/remove users
Assign roles
Group Management
Organize users
Apply policies at scale
11. Best Practices
Enforce least privilege access
Always enable MFA
Use group-based policies
Regularly audit logs
Enable device posture checks