Step 1: Create a Service Tunnel Policy

1.1 On the Publish a Service Tunnel doc, navigate from Steps to Publish a Service Tunnel > Step 1: Create a Tunnel Policy to create an access policy. This access policy determines which of your end users can access your Service Tunnel.

1.2 Is SCIM enabled in your org?

• If yes, then directly assign users to your Tunnel policy.

• If not, then instruct end users to log into the CSE app and register their devices; Afterward, assign your end users to the Service Tunnel policy.

Step 2: Add a Service Tunnel

2.1 Create a Service Tunnel.

2.2 Configure a SaaS app (via allowing IPs) in your Service Tunnel configuration: On the Publish a Service Tunnel doc (linked above in Step 2.1), navigate to Network Settings and see Step 2.4 for how to configure a SaaS app.