Understand SaaS Custom Headers
Understand the custom HTTP headers you will use before you create HTTP Header Insertion Rules for your Palo Alto Networks® firewall.
Before you begin, make sure you understand the custom HTTP headers you will use with the SaaS application you are managing. You need to understand what you can accomplish with these headers and the information you need to specify to accomplish your goals.
Be aware that SaaS applications that use custom headers do not always use them to control access to types of accounts. For example, Palo Alto Networks® provides predefined support for YouTube custom headers that determine whether network users can access restricted content.
You should also read the documentation specific to the SaaS application to which you want to control access so that you understand the headers you need to use for that application.
The following table lists the headers that you can use for the SaaS applications for which Palo Alto Networks provides predefined support; each header also includes a link to more information specific to that header.
For More Information
You can allow access to sanctioned Enterprise Dropbox accounts. This header's value is the business account's team ID, which you can obtain from the network control section of the Dropbox admin console. You must also enable this functionality from the same location.
For details on managing this header, as well as how to enable your Dropbox clients so that you can decrypt their traffic, contact your Dropbox account representative.
Google G Suite
You can allow access to specific Google accounts from your domain. The values that you give to this header are your domain and subdomains.
Microsoft Office 365
Restrict-Access-To-Tenantswith a list of tenants you want to allow your users to access. You can use any domain that is registered with a tenant to identify the tenant in this list.
Restrict-Access-Contextwith the directory ID that is setting the tenant restriction. You can find your directory ID in the Azure portal. Sign in as an administrator, select
Azure Active Directory, then select