SaaS Security
Enable Group-Based Policy
Table of Contents
Enable Group-Based Policy
Learn how to enable group-based policy on Data Security.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Data Security license:
|
The steps to enable group-based policies are the same for
both new customers integrating CIE with Data Security and
legacy customers integrating Azure Active Directory with Data Security.
- Create a new data asset policy.As you configure the policy:
- Select File Owner’s Group as match criteria.Use the Equals or Does not Equal operator to select the AD group and Choose a group to match on any or all selected groups.You can also apply policy when group information is Not Available. This can happen because the asset owner has a user name instead of an email address or because the user does not belong to any of the 100 Azure AD groups for which the Data Security service has user-group mapping information.
![]()
Create the new policy when you’re done choosing among the other options.If a group or a user is removed from the AD catalog, Data Security automatically closes the incidents for that group or user. This process normally takes up to 48 hours; in some cases, when you have millions of incidents, Data Security requires multiple days to close the incidents.
