/
Add Resource

Add Resource

Mar 13, 2026

Add resources you want your users to be able to access, using either:

  • SaaS – Application/website that is hosted by a third party vendor. Examples are Jira Cloud, Salesforce, Slack, etc.     

  • Self-hosted – Application/website that is hosted by your organization. You need to deploy a CloudGen Access Proxy to facilitate the access to this resource.  

Security Assertion Markup Language (SAML) is a standard protocol that gives identity providers (IdP) such as Barracuda CloudGen Access a secure way to let users access a service provider (SP) such as Jira Cloud, Slack, and others.

Note that, while you can configure role based access control (RBAC) on the CloudGen Access agent, you need to pay attention to how each resource/website handles RBAC when using SaaS.

To add a new resource:

Errors

  • If a CloudGen Access user is not enrolled, or if the CloudGen Access agent is not running and the user tries to log into a resource/website, they will receive an Access Denied error.  

  • If a user's device is disabled in CloudGen Access, and that user tries to log into the website using the SAML configuration, they will receive an Access Denied error.

SAML Response Parameters

When Barracuda CloudGen Access authenticates a user using SAML SSO, it will send a set of attributes to the target application (service provider) as follows:

  • Name ID  

  • Email Address  

  • Full name  

  • Given name  

  • Family Name  

  • Groups  

Wildcard Resources

A wildcard is a character used to represent an unspecified resource name or an unspecified part of a resource name. You can add a wildcard resource by adding an asterisk (*) character at the beginning of the hostname. 

Example: If you add *.acme.com as a resource, all traffic from the subdomains of acme.com will be intercepted and sent through the CloudGen Access proxy.

Wildcard Exceptions

If the resource domain (public or private) is a wildcard domain (example: *.acme.internal), you can add exceptions that will not be resolved via that resource.

Example: *.acme.internal will catch insights.acme.internal and chat.fruits.internal, but if you add an exception for 'chat', then chat.acme.internal will be resolved to the normal public DNS resolution.

Fixed IP

You can assign a fixed IP address (only for non-wildcard domains) to the resources. If you do so, a resource domain will always be resolved to that IP address on the client-side. This is necessary for some resources, such as VOIP (3CX) and other UDP protocols, that might send the IP that clients are expected to connect to as part of a separate session mechanism.

Example: If you add a fixed IP 192.168.0.3 for call.acme.internal, it will always be the same IP. This is necessary for some resources, such as the VOIP protocol (3CX).

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.