Add Cloud Apps to the Aperture Service

To begin securing the Supported SaaS Applications, you must connect them to the Aperture service by authenticating to the application using an administrator account (the specific privilege requirements vary from application to application). After you successfully authenticate, the Aperture service receives a token from the cloud app for establishing and maintaining a secure connection. The Aperture service then connects directly to the application programming interface (API) for that app, which enables the Aperture service to scan all historical data that resides within the app, as well as continually monitor modified or new data, and identify policy violations and incidents.
To perform data discovery, Aperture gets metadata for all your files and folders on the SaaS app. Metadata includes file properties and attributes, and application-level metadata such as file owner, email recipients, and  collaborators. For certain apps with structured data such as Salesforce, and messaging apps such as Slack, Facebook Workplace, and email apps, Aperture scans both structured and unstructured data.  All files such as attachments that are unstructured, the files are scanned and the metadata is always stored. Even though Aperture scans structured data, it does not store metadata for every field and message unless the field or message has some content that matches a Data Pattern defined on Aperture. This is done to minimize the privacy risk Aperture carries by storing all of your metadata.

Related Documentation