How do I configure CAS - SaaS security group filter?

03/26/2020 11 9088

DESCRIPTION:

The group filter is designed for admin to select which user’s mailbox are getting scanned.  There are two types of groups supported, user group and distribution list. Each mailbox (user) will need to have a valid license assigned by the system automatically and alphabetically. When using CAS – SaaS Security (not using group filter feature) if the number of users defined by the group exceeds the number of licensed users, system decides to choose the users for the unassigned licenses and apply for the next available user in alphabetical order.

EXAMPLE: If there are 50 user licenses among which you have used 25 licenses, rest of the 25 licenses are getting applied automatically by the system from alphabetical order. If any of those licenses are unchecked, then the system will apply to the next available user in alphabetical order. The suggested solution is to use Group Filter to avoid licenses are getting applied automatically by the system from alphabetical order.

NOTE: It’s an expected behavior if you are not using “Group Filter” feature on CAS – SaaS Security.

RESOLUTION:

Group filter can be configured either during onboarding process or editing the policy rules under policy tab.

1. During SaaS Application Onboarding
   1. Once you have activated CAS -SaaS Security on your MySonicwall account, please type in https://cloud.sonicwall.com on your browser and login with your MySonicWall credentials and click CAS – SaaS Security tile and you will be redirected to your CAS tenant, ex: https://abcxyz.sonicwallcloudsec.com.
      
   2. Click Let’s get Started and you will be redirected to SaaS Selection Page.
   3. Click Start for SaaS Application you would like to integrate with SonicWall CAS – SaaS Security.
      
      
      
   4. Select office 365 install mode (recommended install mode: Automatic Mode). Click OK.
      
      
      
   5. Accept terms and condition and click Continue.
      
      
      
   6. Authorize Office365 event monitoring.
      
   7. Choose/type in your Office 365 credentials.
   8. Click Accept.
      
      
      
   9. Authorize Office365 event monitoring.
      
      
      
   10. Select Specific group/s and type in your Office 365 group name.
       
   11. Log back into your CAS - SaaS Security tenant upon receiving onboarding confirmation email from SonicWall for your SaaS Application to verify Active SaaS Applications.
       
       
       
   12. Navigate to Configure | Licenses tab to verify if the licenses assignment.
       
       
       
2. Post Onboarding (Any SaaS Application)
   1. Once you have activated CAS -SaaS Security on your MySonicwall account, please type https://cloud.sonicwall.com in your browser and login with your MySonicWall credentials and click CAS – SaaS Security tile. You will be redirected to your CAS tenant, ex: https://abcxyz.sonicwallcloudsec.com.
      
   2. Navigate to Configuration | Cloud App Security click SaaS Application and then click Configure on which you would like to apply the group filter.
   3. Click Configure group filter under Configure SaaS Application Security.
      
      
      
   4. Select Specific Group/s and enter the name of the Office365 group or distribution list, then click OK.  If the group doesn't exist an error will be displayed.
      
      
      
   5. Navigate to Configuration | Licenses tab to verify the Licenses assignment.
      

NOTE: If a customer does not utilize the Group Filter option, all O365\G Suite users will be brought in as CAS users. CAS licenses will be assigned automatically alphanumerically until the CAS license count is fully utilized. These can be reassigned as necessary by the customer.

Only one Group can be specified in Group Selection at the moment. And If you make any configuration change under Group Filter post onboarding a SaaS application it may take some time to complete depending on size of the group.  User synchronization (add and remove users from the group) will take up to 12 hrs.  Mailbox scan for those newly added/removed users will only take effect after user synchronization is complete.

TIP: When on-boarding O365 or G Suite, always use group filter instead of All Organization.