: SaaS Visibility and Controls for Cloud Managed Prisma Access
Focus
Focus

SaaS Visibility and Controls for Cloud Managed Prisma Access

Table of Contents

SaaS Visibility and Controls for Cloud Managed Prisma Access

Use this workflow to onboard both SaaS visibility and policy enforcement on SaaS Security Inline on Cloud Managed Prisma Access.
SaaS Security Inline protects against cloud‑based threats by blocking traffic for unsanctioned SaaS apps and risky user activity using Security policy. Use the following workflow if you want to use all the features of SaaS Security Inline, including App-ID Cloud Engine, SaaS policy rule recommendations, and SaaS visibility. If you only want SaaS visibility, use the SaaS Visibility for Prisma Access workflow instead.
SaaS security is a team effort. The following workflow is designed to facilitate collaboration between Prisma Access administrators. Follow the tasks below in the order that they are listed.
Step 1: Activation
  • Learn about SaaS Security Inline. (All administrators)
  • Learn about the Hub roles that enable administrators to collaborate on SaaS Security. (All administrators)
  • Learn about App-ID Cloud Engine (ACE). (Web Security administrator)
    With a SaaS Security Inline license, ACE is enabled by default on Cloud Managed Prisma Access.
  • Activate SaaS Security Inline on the Hub. (SaaS administrator)
Step 2: SaaS Security configuration
  • Enable Web Security. (Web Security administrator)
  • Integrate with Azure Active Directory so that SaaS Inline can identify your AD groups. (SaaS administrator)
  • Add administrators to manage SaaS Security. (Security administrator)
Step 3: Rule recommendation enforcement
  • Review the guidelines for effective collaboration and rulebase management. (All administrators)
  • Author and submit SaaS policy rule recommendations to your Prisma Access administrator, after adhering to prerequisites. (SaaS administrator and Data Security administrator)
  • Import and push new SaaS rule recommendations. (Web Security administrator)
  • Push new SaaS rule recommendations. (Security administrator)
Step 4: Rule recommendation management