Protecting SaaS Applications

The following describes how to protect SaaS applications.

You can also refer the video that discusses protecting a SaaS service with Allow Lists.

To protect SaaS applications

1. Navigate to the document Publish a Service Tunnel.
2. Scroll down to the Steps to Publish a Service Tunnel and follow the directions for creating the Tunnel Policy. This policy determines which of your end users can access your Service Tunnel.

3. If SCIM (System for Cross-domain Identity Management) is enabled, assign the users to your Tunnel Policy.

   If SCIM Is not enabled, admins should instruct end users to log into Cloud Secure Edge and register their devices. When done, the administrator can assign the end users to the policy.

4. Continue to Step 2: Publish a Service Tunnel and follow the steps to create a Service Tunnel.
5. Scroll down to Network Settings, Step 2.4 and follow the steps to configure a SaaS application configuration (via following IPs).

To validate that your SaaS application is protected, navigate to Private Access > Service Tunnels in the Cloud Secure Edge Command Center. Select the Service Tunnel on which you configured the SaaS applications. Review the configuration under Public Include Info and verify that your SaaS applications are correctly entered into the Apps to Include field.