Enable Group-Based Policy

Learn how to enable group-based policy on SaaS Security API.
Group-based visibility on SaaS Security API requires Azure Active Directory integration, which has many benefits, including the ability to create policies that enforce compliance with your corporate use policy based on the groups to which your end users belong. First, however, you must Connect Azure Active Directory to SaaS Security. Group-based policy applies to asset rules only because enforcement requires the file owner’s group as match criteria.
If a group or a user is removed from the AD catalog, SaaS Security API automatically closes the incidents for that group or user. This process normally takes up to 48 hours; in some cases, when you have millions of incidents, SaaS Security API requires multiple days to close the incidents.
  1. As you configure the rule:
    1. Select
      File Owner’s Group
      as match criteria.
    2. Use the
      Equals
      or
      Does not Equal
      operator to select the AD group and
      Add another
      to match on any or all selected groups.
    You can also apply policy when group information is
    Not Available
    . This can happen because the asset owner has a username instead of an email address or because the user does not belong to any of the 100 Azure AD groups for which the SaaS Security API service has user-group mapping information.
  2. Save
    the new rule when you’re done choosing among the other options.

Recommended For You