This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Your administrator hasn't added any resources here.

Hello all, 

Today I've setup ZTNA for our environment, almost without any issues.

However, now I'm having some problem with publishing a intranet site through the user portal. After successfully logging into it, the following message appears:

"Your administrator hasn't added any resources here."

Inside the resource config, "Show resource in user portal" is ticket, so I don't understand why nothing is visible.

Another topic, why must by internal application be available with a dedicated FQDN? But even if I use this one, the only thing I'm getting presented is a "HTTP ERROR 403".

Many thanks for letting my know what I've misconfigured here...

Linus



This thread was automatically locked due to age.
Parents
  • Hi Linus,

    A few questions on your setup:

    1. What is the mode of access to this resource? Is it via Agentless or an Agent?

    2. From an Azure configuration perspective, can you check if :

         a. The user group which contains this username has access to the application

         b. If yes, on Azure, can you please check if the created user groups are of the type "Security Enabled"?

        c. Verify that the Graph API permissions are correctly added and the callback URI added as shown here:

    https://docs.sophos.com/central/ZTNA/startup/en-us/setup/SetUpDirService/index.html#register-the-ztna-app

  • Hello Tejas,

    Thanks for coming back, please find my answers below:

    1. What is the mode of access to this resource? Is it via Agentless or an Agent? Agentless (that's another issue, I'm unable to geht the agent to the client, no option for ZTNA under devices as described)

    2. From an Azure configuration perspective, can you check if :

         a. The user group which contains this username has access to the application No, not the group but the user in the group. Furthermore, the group is M365 based, whilst den system is on premise and normally being accessed by via SSO. Normaly, for example if you come from a InPrivate session in the browser, it asks you for user and password, so this shouldn't be an issue.  

         b. If yes, on Azure, can you please check if the created user groups are of the type "Security Enabled"?

    As far as I know, M365 groups are security enabled by default, but please let me know it this is wrong. However, I've deleted the group and recreated it as a security group

        c. Verify that the Graph API permissions are correctly added and the callback URI added as shown here:

       

    They are all good, I followed the manual / instructions you've sent over. And furthermore, the login is working without any issues.

  • I have the same problem, "your administrator hasn't added any resources here". Yet I followed the documentation, choose the group I am in and when I login to ZTNA it gives this message. Any update on this?

  • FormerMember
    FormerMember in reply to Alec Fagan
    This reply was deleted.
Reply Children
  • Hey Joke, I ended up working with support on this. It is because only agentless connections go on the web page. If you're doing an RDP connection, that currently requires the agent installed. And then it basically proxies the DNS request, looking for the external FQDN of the resource you made in sophos central..