This article explains how to control access to SaaS application tenants using Header Injection rules as part of Cato's Cloud Access Security Broker (CASB) solution. For an overview of using header injection for tenant control, see Controlling Access to SaaS Application Tenants with Header Injection.
Header Injection rules limit which tenants users can access for the applications allowed in your network. This helps you secure your network by preventing access to tenants beside your organization's tenant. For example, you can stop users from accessing their personal email account or file sharing account to help prevent leakage of sensitive data. The Header Injection rulebase controls user traffic headed to SaaS applications by changing the header fields in HTTP client requests. When traffic matches a rule, Cato acts as a proxy and injects the HTTP headers you defined for that rule. The third-party app receives the headers you specified, and then enforces your organization's tenant access policy for that app.
-
For Header Injection rules, you must enable TLS Inspection and define the TLS Inspection policy to inspect the traffic that matches the rule.
-
The Header Injection feature is included in the CASB license. For more about purchasing the CASB license, please contact your Cato representative.
When you enable Header Injection you can easily create rules to control access to SaaS application tenants.
When you add a rule to the Header Injection policy, configure each section in the rule that is required to define the tenant access for that application.
A Header Injection rule has the following sections:
-
Name - The name you assign for the rule.
-
Application - The SaaS application the rule controls access for.
-
Injected Headers -The names and values of allowed headers for the application.
Create a new Header Injection rule and configure the rule's settings to implement tenant control for your organization. The Injected Headers fields can contain only the following characters:
-
Header Name - a-z, A-Z, 0-9, and special characters: _ and -
-
Header Value - a-z, A-Z, 0-9, and special characters: _ :;.,\/"'?!(){}[]@<>=-+*#$&`|~^&
To create a new Header Injection rule:
-
From the navigation menu, select Security > Application Control.
-
Select the Header Injection tab.
-
Click New. The New Header Injection Rule panel opens.
-
Enter a Rule Name.
-
Select a SaaS Application from the drop-down menu.
-
Define each Header Name and Header Value for the configured application.
-
Click Save. The rule is added to the rulebase.
0 comments
Article is closed for comments.