Add Unsanctioned Device Access Control to Aperture
Use the next generation firewall to control unsanctioned device access by configuring Aperture as a SAML proxy.
You can control unmanaged and employee-owned device access to your sanctioned SaaS applications by configuring the Aperture service as your SAML proxy. Unsanctioned device access control utilizes SAML redirection by proxy by redirecting traffic through your next generation firewall, decreasing vulnerability to data exfiltration and malware propagation. When an employee needs to access a SaaS app on an unmanaged computer or mobile device, the authorization request is sent through the Aperture SAML proxy and authenticated by your Identity Provider. Once authenticated, the user is redirect through the firewall allowing visibility into access and control of corporate resources on your SaaS app.
There are several options available for an Identity Provider (IDP) and Service Provider (SP) but an integration with Okta as the Identity Provider and G Suite as the SaaS application (Service Provider) are used as an example.
Configure Unsanctioned Device Access Control by following these steps:
||Create an Aperture app on the Identity Provider.|
An Aperture application integration with the IDP allows you to authenticate requests to sanctioned SaaS applications from unmanaged devices.
||Add the Identity Provider on Aperture.|
Configure the IDP on Aperture to authenticate access using SAML Proxy 2.0.
||Create a Service Provider app on the Identity Provider.|
A SaaS app (Service Provider) integration with the IDP authenticates user requests before granting access to SaaS application resources. An app integration for each SaaS application must be created on the IDP.
||Add the Service Provider on Aperture.|
Configure the SaaS application on the Aperture service to authenticate the user and redirect traffic to your firewall. Each SaaS application you want to control access to must be configured on Aperture.
||Configure the Identity Provider on the Service Provider.|
Configure the IDP on the SP to establish a trusted relationship to identify a user, grant access and authenticate an Aperture session to redirect the traffic through the next generation firewall.
||Configure the Clientless VPN on your firewall.|
Configure Aperture on your Clientless VPN to redirect the remote users’ authentication request and application traffic through the firewall.
||Configure the gateway settings for the firewall on Aperture.|
Configure the firewall portal settings on Aperture to create a trusted relationship between the firewall and the Aperture service. The portal settings can also be configured to use your domain, IP address, combination of domains or IP addresses or a configured GlobalProtect Cloud Service.
Secure Cloud Apps
Use the Aperture service to have visibility into and control over how your users are accessing and sharing data across SaaS applications. ...
Configure Unsanctioned Device Access Control
Use the Aperture service as a SAML proxy between your Identity Provider and next generation firewall to control access to your sanctioned SaaS applications. ...
Configure VPN Reverse Proxy for SaaS Security
Configure VPN Reverse Proxy for SaaS Security You can use GlobalProtect cloud service to control access to your network from mobile users’ unsanctioned devices. This ...
Configure Unsanctioned Device Access Control
Configure Unsanctioned Device Access Control You can control unsanctioned and employee-owned device access to your network and redirect device traffic to the next generation firewall ...
SaaS Application Visibility on Aperture
Use SaaS application visibility on Aperture to gain better security control and awareness of the sanctioned and unsanctioned usage and traffic on your network. ...
New Features Introduced in March 2019
Learn about the new Aperture features launched in March 2019. ...
Extend Aperture SaaS Visibility to Cortex Data Lake
Connect the Aperture service to retrieve logs from your Cortex Data Lake to compile a combined view of unsanctioned and sanctioned SaaS application usage. ...
Configure SAML Single Sign-On (SSO) Authentication
Set up SAML single sign-on authentication to use existing enterprise credentials to access Aperture. ...
Get Started with Aperture
Get started using Aperture to analyze your data in SaaS applications and proactively detect issues such as data exposure or compliance policy violations. ...