Add a Tenant Controls Setting
Umbrella's Tenant Controls setting control identity access to software as a service (SaaS) applications in the cloud. To control identity access to SaaS applications, add a Tenant Control setting to Umbrella and then select it when adding a Web policy ruleset. Tenant controls must be configured through the Policy Components > Tenant Controls page. Once you have added a Tenant Control setting to the Tenant Controls page, that setting becomes available for selection when configuring Ruleset settings for the Web policy. For more information about the Web policy, see Add a Ruleset to the Web Policy.
You can add a Tenant Controls setting for the following cloud-based applications and suites:
- Microsoft 365
- Google G Suite
- Slack
- Dropbox.
Each Tenant Controls setting you add can include more than one type of application or suite. For example, you can create a single setting that includes configurations for both Microsoft Office 365 and Slack.
Note: Tenant Controls is available only for the Web policy.
Prerequisites
- HTTPS Inspection must be enabled. For more information, see HTTPS Inspection.
- Full admin access to the Umbrella dashboard. See Manage User Roles.
The following data is required to configure Tenant Controls and allow access to cloud-based applications and suites:
- Microsoft 365—Tenant Domain and Tenant Directory ID. See also, Azure Active Directory documentation.
- Google G Suite—Domains. See also, G Suite Admin Help. Scroll to "Use a web proxy server to block accounts".
- Slack—Workspace ID. See also, Approve Slack workspaces for your network.
- Dropbox— Team Name and Team ID. For information about the Team ID and how to find it using Dropbox developer tools, see Dropbox for HTTP developers. You choose the Team Name to provide a mnemonic identifier for the team.
For more information, see the application's documentation or contact the application's Support.
Procedure
- Navigate to Policies > Policy Components > Tenant Controls and click Add or expand the default Global Tenant Controls setting.
Note: Tenant Controls is enabled by default for a ruleset. The ruleset uses the default Tenant Control setting if no other Tenant Control setting is configured for that ruleset.
- Give your setting a good descriptive Setting Name.
- Select a cloud-based application or suite.
- Add application-specific data and domain information to grant access to those applications from within your organization.
Note: For more information about this data and how to acquire it, see the application's documentation or contact the application's Support.
- Microsoft 365—Tenant Domain and, optionally, Tenant Directory ID. See also, Azure Active Directory documentation.
- Google G Suite—Domain. See also, G Suite Admin Help. Scroll to "Use a web proxy server to block accounts".
- Slack—Workspace ID. See also, Approve Slack workspaces for your network.
- Dropbox—Team Name and Team ID. See also, Dropbox documentation for network control.
- Once you've configured access to applications, click Save.
This new Tenant Controls setting is now available for selection when you add a ruleset to the Web policy.
Manage Tenant Controls < Add a Tenant Controls Setting > Control Cloud Access to Microsoft 365
Updated almost 2 years ago