Although different SaaS applications have different terminology for sharing and collaboration, within the Aperture service, a collaborator is any person who can access, view, preview, download, comment, or edit a managed asset. Collaborators are classified in different ways within the Aperture service to provide granular control over what types of sharing pose a risk within your organization:
Because Collaborators apply to all cloud apps on Aperture, you must be an administrator with a Super Admin role or an Admin with access to all apps to modify this setting.
  • Internal vs. External Users—The Aperture service uses the domain name in the email address associated with the user’s cloud app account to determine whether the user is internal to your organization. You must Define Your Internal Domains before you begin scanning your SaaS application data so that the Aperture service can properly identify assets that are shared with users who are external to your organization.
  • Trusted vs. Untrusted Users—Depending on your policy rules, an asset may be identified as an incident if it is being shared with an external user. In some cases, sharing with these users—even though they are not part of your organization—does not pose a threat. For example, they may be partners or other trusted third-parties who you can mark as Trusted. Or, if you have entire domains that—although not internal—belong to trusted partners or user groups, you can mark those domains as Trusted so that all users with email addresses that are part of that domain are identified as trusted users.
    When you Assess Incidents, you can update the domain trust settings in ExploreDomains and mark the domain as either trusted or untrusted.
    Alternatively, you can explicitly designate an external collaborator as Trusted to exclude from incident discovery or Untrusted in the incident detail view to ensure that both new and modified assets shared with one of these users are always identified as incidents. Changing trust settings for a user or a domain changes the underlying global policy the Aperture service uses when scanning assets. Trust settings enable more granular policy control while still allowing you to distinguish between internal and external sharing.

Related Documentation