>
    Strata Copilot
    Collaborators
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Get Started with Data Security
    4. Configure Settings on Data Security
    5. Collaborators
    Download PDF
    SaaS Security

    Collaborators

    Table of Contents

    Collaborators

    Specify internal and external collaborators, and trusted and untrusted users to configure the incident settings on Data Security.
    Although different SaaS applications have different terminology for sharing and collaboration, within Data Security, a collaborator is any person who can access, view, preview, download, comment, or edit a managed asset. To provide granular control over what types of sharing pose a risk within your organization, Data Security classifies Collaborators differently:
    Because Collaborators apply to all cloud apps on Data Security, you must be an administrator with a Super Admin role or an Admin with access to all apps to modify this setting.
    • Internal vs. External UsersData Security uses the domain name in the email address associated with the user’s cloud app account to determine whether the user is internal to your organization or not. You must Define Your Internal Domains before you begin scanning your application data so Data Security can properly identify assets shared with users who are external to your organization.
    • Trusted vs. Untrusted Users—Using Data Security, you can configure a policy rule to create an incident if an external user has access to an asset. In some cases, sharing with external users—even though they are not part of your organization—does not pose a threat. For example, they might be partners or other trusted third-parties who you can mark as Trusted. Or, if you have entire domains that belong to trusted partners or user groups, you can mark those domains as Trusted so those users with email addresses from that domain are trusted users.
      When you assess incidents, you can update the domain trust settings in ConfigurationSaaS SecuritySettingsManage External Collaborators and mark the domain as either trusted or untrusted.
      Alternatively, when you view asset details you can explicitly designate an external collaborator as Trusted to exclude from incident discovery or Untrusted to ensure both new and modified assets shared create incidents. Changing trust settings for a user or a domain changes the underlying global policy Data Security uses when scanning assets. Trust settings enable more granular policy control while still allowing you to distinguish between internal and external sharing.

    © 2026 Palo Alto Networks, Inc. All rights reserved.