Hi @waqas,
This is a very clear indicator of what's wrong. Thanks for including this in the post. The ziti CLI also has a very useful command:
ziti edge policy-advisor identities -q
This command will show you the list of identities and the services they have assigned as well as if they have routers assigned. If you run this, you'll likely see "0 common routers".
The two policies you're missing right now are "edge-router-policies" and "service-edge-router-policies"
I would recommand you create an edge router policy that states: "all users should be able to use any router annotated as 'public'".
You'd do that with a command similar to this:
ziti edge create edge-router-policy all-ids-public-ers --identity-roles '#all' --edge-router-roles '#public'
You'll also have to pick one (or more) routers to be annotated as "public". Such as:
ziti edge update edge-router public-edge-router -a 'public'
Then, I recommend you start with a service-edge-router-policy that effectively allows any service to use any router:
ziti edge create service-edge-router-policy --service-roles '#all' --edge-router-roles '#all'
I think if you have a peek at these commands and read the doc about what they do (or ask a follow-up if you want), it should hopefully make sense and fix your problem.
Cheers!
EDIT:
A small/quick addendum here. OpenZiti being a zero trust overlay, requires you to authorize identities and services to use routers as well as requiring you to assign services to identities.