: Tag Discovered SaaS Apps
Focus
Focus

Tag Discovered SaaS Apps

Table of Contents

Tag Discovered SaaS Apps

Learn how to categorize discovered SaaS applications on SaaS Security Inline as either trusted or untrusted.
SaaS Security Inline enables you to categorize discovered SaaS applications on
Data Security
to monitor users of SaaS apps more efficiently and filter SaaS apps.
Tags are local only to
Data Security
and will not be applied to your firewall or Prisma Access.
There are two ways to apply tags to SaaS applications on SaaS Security Inline:
  • Default Tags
    —Apply predefined tags (for example,
    Unsanctioned
    or
    Sanctioned
    ) to reflect whether or not your organization approves of the SaaS application.
  • Custom Tags
    —Create and apply custom tags to group applications with common attributes to reflect how your organization views SaaS applications. For example, create and apply a
    Communication
    tag to Gmail.
If you activated the Cloud Identity Engine on your tenant, and configured directory sync in Cloud Identity Engine for Azure AD or Okta Directory, SaaS Security Inline can also provide tagging recommendations. Specifically, SaaS Security Inline uses information from the Cloud Identity Engine to determine if a detected app is an enterprise application accessible through your identity provider. If the app is an enterprise application, SaaS Security Inline will recommend that you tag the app as
Sanctioned
. You can also open the
Tag Recommendations
window from the Discovered Applications view. The Discovered Applications view displays the Tag Recommendations action only if the Cloud Identity Engine available with the necessary directory syncs configured.

Apply Default Tags

Based on a SaaS application’s risk factors, use the default tags available to categorize a SaaS application as sanctioned or unsanctioned so that you can differentiate unsanctioned SaaS apps from the other SaaS apps that are being used by employees in your organization.
  • Sanctioned
    —App sanctioned by your organization and being used by employees in your organization.
  • Tolerated
    —App that isn’t trusted like a sanctioned app, but that is allowed to be used by employees until your organization is able to replace it with a more secure app so as not to inhibit the productivity of your users. However, consider creating SaaS policy rule recommendations for tolerated SaaS apps to implement restrictions on specific actions (for example, upload or download).
  • Unsanctioned
    —App unsanctioned by your organization for use by employees in your organization.
  • Unknown
    —Default for SaaS applications that you have not tagged.
  1. Navigate to SaaS Security Inline.
  2. To navigate to the Discovered Applications view, select
    Applications
    .
  3. Apply a default tag:
    • (Single App) Locate the SaaS application that you want to tag. In the Actions column, select
      Tag
      and choose the default tag.
    • (Multiple Apps) Locate and select the SaaS applications that you want to bulk tag. Select the
      Bulk Tag
      that you want to apply to the applications.

Create and Apply Custom Tags

SaaS applications in the Application Dictionary belong to an application category and subcategories to enable filtering, but you cannot modify these attributes. However, you can create your own categorization with custom tags. You can rename or delete a custom tag at any time. When you do, SaaS Security Inline updates or removes the tag from all SaaS apps that use that tag. You can create up to 100 custom tags. Custom tags display alongside default tags.
  1. Navigate to SaaS Security Inline.
  2. To navigate to the Discovered Applications view, select Applications.
  3. Create the custom tag.
    1. Locate a SaaS application that you want to tag with a custom tag. In the Actions column, select
      Custom Tag
      .
    2. Add a New Tag by providing a descriptive name for the tag.
  4. Apply a custom tag.
    1. Locate a SaaS application that you want to tag with a custom tag.
    2. In the Actions column, select
      Custom Tag
      , and select the custom tag.

Recommended For You