Specify internal and external collaborators, and trusted
and untrusted users to configure the incident settings on Prisma
Although different SaaS applications have different terminology
for sharing and collaboration, within Prisma SaaS, a collaborator
is any person who can access, view, preview, download, comment,
or edit a managed asset. To provide granular control over what types
of sharing pose a risk within your organization, Prisma SaaS classifies
Because Collaborators apply to all cloud apps on Prisma
SaaS, you must be an administrator with a Super Admin role or an
Admin with access to all apps to modify this setting.
Internal vs. External Users
—Prisma SaaS uses the
domain name in the email address associated with the user’s cloud
app account to determine whether the user is internal to your organization
or not. You must Define Your Internal Domains before
you begin scanning your application data so Prisma SaaS can properly
identify assets shared with users who are external to your organization.
Trusted vs. Untrusted Users
—Using Prisma SaaS, you
can configure a policy rule to create an incident if an external
user has access to an asset. In some cases, sharing with external
users—even though they are not part of your organization—does not
pose a threat. For example, they may be partners or other trusted
third-parties who you can mark as
Or, if you have entire domains that belong to trusted partners or
user groups, you can mark those domains as
those users with email addresses from that domain are trusted users.
and mark the domain
as either trusted or untrusted.
when you View Asset Details you can
explicitly designate an external collaborator as
exclude from incident discovery or
ensure both new and modified assets shared create incidents. Changing
trust settings for a user or a domain changes the underlying global
policy Prisma SaaS uses when scanning assets. Trust settings enable
more granular policy control while still allowing you to distinguish
between internal and external sharing.