: SaaS Visibility and Controls for Panorama Managed Prisma Access
Focus
Focus

SaaS Visibility and Controls for Panorama Managed Prisma Access

Table of Contents

SaaS Visibility and Controls for Panorama Managed Prisma Access

Use this workflow to onboard both SaaS visibility and policy enforcement on SaaS Security Inline on Panorama Managed Prisma Access.
SaaS Security Inline protects against cloud‑based threats by blocking traffic for unsanctioned SaaS apps and risky user activity using Security policy. Use the following workflow if you want to use all the features of SaaS Security Inline, including App-ID Cloud Engine (ACE), SaaS policy rule recommendations, and SaaS visibility. If you only want SaaS visibility, use the SaaS Visibility for Prisma Access workflow instead.
SaaS security is a team effort. The following workflow is designed to facilitate collaboration between you and your Prisma Access administrator. Follow the tasks below in the order that they are listed.
Step 1: Activation
  • Learn about App-ID Cloud Engine (ACE) and SaaS Security Inline. (SaaS administrator and Prisma Access administrator)
    ACE is enabled by default on Panorama Managed Prisma Access.
  • Perform the prerequisites outlined in Prisma Access Administrator’s Guide, including log forwarding. Without data logs, SaaS Security Inline cannot display SaaS application visibility data and might not be able to enforce policy rule recommendations.
  • Activate SaaS Security Inline on the Hub. (SaaS administrator)
Step 2: System configuration
  • Integrate with Azure Active Directory so that SaaS Inline can identify your AD groups. (SaaS administrator)
  • Add administrators to manage SaaS Security. (SaaS administrator)
Step 3: Security policy configuration
  • Review the guidelines for effective collaboration and rulebase management. (SaaS administrator and Prisma Access administrator)
  • Author and submit SaaS policy rule recommendations to your Prisma Access administrator. (SaaS administrator)
  • Import new SaaS policy rule recommendations. (Prisma Access administrator)
Step 4: Security policy maintenance
  • Continuously monitor the SaaS policy rule recommendations to ensure they’re in sync. (SaaS administrator)
  • Continuously monitor the SaaS policy rule recommendations for changes. (Prisma Access administrator)
    • For updates, reimport changes to active SaaS policy rule recommendations.
    • For deletions, remove recommendation mapping, then delete the policy rule.