: Take Action on Third-Party Plugins
Focus
Focus

Take Action on Third-Party Plugins

Table of Contents

Take Action on Third-Party Plugins

If you determine that a third-party plugin is a threat, you can block or remove the plugin from the SaaS application. Otherwise, you can mark the plugin as reviewed.
After you assess the risks posed by third-party plugins, you can take action. You can approve or revoke access to the plugin. The specific actions that you can take to revoke access to a plugin depends on the SaaS platform that is hosting the plugin. Depending on the SaaS platform, you can revoke access within SSPM for individual users. For some SaaS apps, you must go to the SaaS app's administration console to revoke a plugin's access.
Although you can revoke access to a plugin, that does not prevent a user from subsequently installing the same plugin. To instruct SSPM to periodically scan marketplace apps for certain plugins, you can create a Plugin Access Control policy. When the policy is enabled, SSPM can notify you when users install plugins that you do not want in your environment.
  1. Navigate to SaaS Security Posture Management.
  2. Navigate to the unreviewed third-party plugins for an app. Determine the action to take based on the plugin information provided.
    You can review plugins across all marketplace apps from the 3rd Party Plugins page (Posture Security3rd Party Plugins) or for one marketplace app instance (from the Connected Applications tab of the app's details page).
  3. Take action:
    From the 3rd Party Plugins page, you can take the following actions. To locate the unreviewed plugins, you can Add Filter for plugin Status and filter by Not Reviewed.
    • To indicate that you have reviewed the plugin and you do not consider the plugin to be a risk:
      1. Locate the plugin in the table.
      2. In the Actions column, select Reviewed.
    • To revoke access to the plugin for all users:
      1. Locate the plugin in the table.
      2. In the Actions column, select Revoke Access.
        Whether the Revoke Access action is available depends on the level of permission that SSPM has to the marketplace app, and on the capabilities that the marketplace app's API provides. If the Revoke Access action is not available, you can instead log in to the SaaS app's administration console, and follow its documentation to remove the plugin.
    • To revoke access to a plugin for individual users:
      1. Locate the plugin in the table.
      2. Click on Plugin Name in the table and, in the Plugin Details panel, navigate to view the plugin's Users.
      3. In the Actions column, select the action to take. The available actions depend on the marketplace app.
    • To revoke access to all installed plugins for an individual user, complete the following steps:
      1. On the third-party plugins page, navigate to the Users tab.
      2. Locate the user in the table.
      3. In the Actions column, select the action to take. The available actions depend on the marketplace app.
    From the Connected Applications tab of a marketplace app's details page, you can take the following actions:
    • To indicate that you have reviewed the plugin and you do not consider the plugin to be a risk:
      1. Select the Connected Applications tab.
      2. From the Actions column for the plugin, select Reviewed.
    • To revoke access to the plugin for an individual user, complete the following steps:
      1. Select the Connected Applications tab.
      2. In the Applications column, click the name of the third-party plugin.
      3. In the details window for the plugin, select the Users tab.
      4. Select the action to Revoke Access for the user.
      You can also revoke a user's access to a plugin from the Users tab.
      1. Select the Users tab.
      2. In the Users column, click the name of the user.
      3. In the details window for the user, select the User Level Applications tab.
      4. Select the action to Revoke Access for the user.
      If the Revoke Access action is not available, this means that SSPM does not support revoking access for individual users. Instead, log in to your SaaS app's administration console to remove the plugin.