Zero-trust Egress Overview
Zero-trust providers in Kasm use identity and policy controls rather than launch-time gateway selection.
What zero trust means
In a zero-trust model, access is not granted simply because traffic is on a trusted network path. Each connection is evaluated against identity and policy, and only explicitly authorized services are reachable.
For Kasm egress, this means administrators still map providers to users, groups, and workspaces in Kasm, while the zero-trust provider enforces service-level access policy.
Benefits
- Enforces least-privilege service access instead of broad network-level access.
- Limits blast radius if credentials or a session are compromised.
- Removes launch-time gateway and per-user VPN credential selection complexity.
- Improves policy consistency and audit posture through centralized access rules.
Currently supported providers:
Model characteristics
- Provider mappings are still managed in Kasm (users/groups/workspaces).
- Access is determined by provider-side policy and identity.
- No per-user gateway picker at launch.
- No per-user VPN credential model in Kasm for this type.