Topic
Use the steps in this checklist when deploying ControlOne for a user.
Environment
- Cytracom ControlOne
Description
Follow these Best Practices to fully implement ControlOne correctly in a Zero Trust Network Access (ZTNA) environment. The following items should be configured to get the most value from your ControlOne deployment.
Configure Microsoft Entra ID (formerly Microsoft Azure)
Validating access with Microsoft Entra ID is the easiest way to deploy ControlOne, both for you and your end clients.
- Microsoft Entra ID authentication is invisible to the end client which speeds up your deployment and ensures all users are properly logged in.
- See Connecting EntraID to ControlOne to learn more.
Build multiple user zones and assign Entra groups and users
Micro-segmentation is essential to a ZTNA environment because it ensures users can access only the resources needed to do their jobs and nothing else. ControlOne makes segmentation easy as each user is isolated by default with the ControlOne agent. Read the following documents for more information:
Create applicable security policies and assign them to your Zones
Security Policies are vital to a secure network, and ControlOne makes them easy with customizable Smart Defaults. Different Zones can have individual policies ensuring the correct controls are in place for the right users. Additionally, you can create a Global security policy that can be applied to any of your clinets. Read the following Knowledge Base articles to learn more:
- Cytracom ControlOne: Adding a Custom Security Policy
- Cytracom ControlOne: Configuring Levels for Security Policies
Create Device Posture Check policies and assign them to your Zones
Device Compliance Checks are a key building block of a Zero Trust Network. They ensure that only machines running your RMM and EDR are allowed on the network and have access to necessary resources. Read Cytracom ControlOne: Device Posture to learn more.
Still have questions? Click here to learn how to contact Cytracom Technical Support or open a ticket.