Feature Briefs

Cisco Umbrella Tenant Controls

Issue link: https://learn-umbrella.cisco.com/i/1272833

Contents of this Issue

Navigation

Page 0 of 1

Feature brief Cisco Umbrella © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Umbrella Tenant Controls Overview: Tenant Controls enable a security admin to put policies around a user's ability to access corporate and/or personal instances of specific enterprise applications. By providing domains and identifiers, Tenant Controls are designed to explicitly allow user access to approved corporate applications, while implicitly blocking access to other instances of these same applications. Cisco Umbrella: Tenant Controls Advanced controls to limit access to corporate approved tenants of an organization's enterprise applications Currently Supported Applications: • G Suite • Office365 • Slack How Does it Work? A user may have multiple tenants of an enterprise application both for corporate and/or personal use. Authentication, managed by the enterprise application, operates as a single endpoint for all tenants. This means there is a need to determine between tenants of the application in order to approve access to the appropriate instances, whilst blocking access to those that should not be allowed. By providing the domains that are corporate approved, and applying them to an Umbrella Web Policy, customers can extend control to tenants of a corporate approved enterprise application. When making a login request to the enterprise application the approved domains are injected into the header. The enterprise application authentication service will look through the tenants provided, allowing access if there is a match, or denying access if the tenant the user is trying to access falls outside of this list. Should the user be denied access they will see a vendor specific block page (not an Umbrella block page) asking them to contact their IT administrator for access. Tenant Controls are currently enforceable by web policies as long as HTTPS inspection is enabled. Pro-tip Check Umbrella App Discovery on a regular basis to get your hands around the Shadow IT challenge. Here you can see specific usage of thousands of cloud applications, including the more granular usage of Microsoft, Google and Slack applications.

Articles in this issue

view archives of Feature Briefs - Cisco Umbrella Tenant Controls