ChatGPT: Configuring the SaaS Posture Integration

Overview

SSPM provides visibility into the configuration and security posture of your connected SaaS applications. Cato continuously reviews the application settings and compares them to the recommended posture defined by Cato’s research team. This helps identify misconfigurations that can increase risk, such as authentication settings, third-party integrations, and data-sharing controls.

Posture data appears in the Applications dashboard, where you can view posture scores and the highest-severity findings across connected applications. You can review each posture check from the Posture page, including the issue details, status, and remediation action required to pass the check.

For more information, see Reviewing the Security Posture of Your SaaS Applications (SSPM).

To configure the SSPM integration, you need to:

  1. Configure the required settings in the SaaS application
  2. Create the API connector in the CMA

A SaaS Security license is required for SSPM.

Configuring the ChatGPT Integration

To configure the ChatGPT integration, create a new secret key.

 Prerequisites

  • You must have purchased the ChatGPT Enterprise license

 

 Step 1: Configure the Integrations in the Open AI Platform Center

In the Open AI Platform Center, identify the information to enter into the CMA.

To configure the ChatGPT Admin API Key:

  1. Log into your Open AI Platform Center.

  2. In your Open AI Platform Center, navigate to Settings > Data Controls.

  3. On the Data retention tab, Enable Audit logging and click Save.

     

  4. Navigate to Settings > Organization > Admin Keys.

  5. Click Create new Admin key.

  6. (Optional) Enter a name for the Admin key and update the Project and click Create Admin key.

  7. Copy the key so it can be entered into the CMA. This should be entered into the Access Token field.

    To create a compliance API key (Optional)

    The Compliance API provides additional posture checks for custom GPTs and workspace-level projects. If not configured, these checks are skipped automatically.

    1. Log into your Open AI Platform Center.

    2. Navigate to Settings > Organization > API Keys.

    3. Click Create new secret key.

    4. In the Name field, enter the name of your ChatGPT Enterprise workspace.

    5. Add the following details:

      • Owner: Select your user

      • Project: Select the default project

      • Permissions: Select All

    6. Click Create new secret key.

    7. Copy the secret key so it can be entered into the CMA.

    8. Send an email to support@openai.com requesting access to the Compliance API. Include the last 4 characters of the API key, the name of the key, who created it, and the requested scope (read, write, or both).

      The OpenAI team verify the key and grant the requested Compliance API scopes. Once the OpenAI team grants the Compliance API scopes, you should enter the API key in the Admin Token field in the CMA.


    To identify your workspace ID:

    1. Navigate to the OpenAI Platform API settings.

    2. Verify it matches the Workspace ID of the ChatGPT workspace at https://chatgpt.com/admin/settings.
      If the Workspace IDs do not match, contact support@openai.com to resolve the issue before proceeding.

    3. Copy and save the Workspace ID so it can be entered into the CMA.

     

     

    Step 2: Create the API Connector in the CMA

    After you have set up an integration with the required application, add the details in the CMA.

    To create the API connector in the CMA:

    1. From the navigation menu, click Resources > Integrations.

    2. Click the Configured Integrations tab.

    3. Click New.
      The New Integration panel opens.

    4. Select the SaaS Application you want to add.

    5. In the Capability drop-down, select SaaS Posture.

    6. Add the details created during step one.

      • Access Token: The API key you created in step 1

      • Admin Token: The API key created in step 2 (Optional)

      • Workspace ID: Your ChatGPT Enterprise workspace ID identified above

    7. Click Save.

    The app is visible on the Integrated Apps table with a Connected status.

 

Was this article helpful?

0 out of 0 found this helpful

0 comments