Guidelines for SaaS Policy Collaboration

• Collaborate on policy rule authoring—Product integration enables collaboration, but isn’t intended to replace communication. Because a NGFW administrator or Prisma Access administrator understands all the intricacies of Security policy and your organization’s rulebase, the integration provides the NGFW administrator or Prisma Access administrator complete control and flexibility to override any SaaS administrator’s SaaS policy rule recommendation. Although a SaaS administrator can recommend Security policy rules, the actual rule that the NGFW administrator or Prisma Access administrator creates determines enforcement and isn’t displayed in the SaaS Security Inline web interface. However, collaboration works best when both administrators operate as if the SaaS side is the source of truth.
• Collaborate on policy rule management—SaaS policy rule recommendations might require changes, either to improve the rule or to resolve an error. In such cases, NGFW administrators or Prisma Access administrators don’t delete the SaaS policy rule recommendations, or the Security policy rules on which the SaaS policy rule recommendations are based; rather, the NGFW administrator or Prisma Access administrator asks the SaaS administrator to modify the existing recommendation or delete and create a new rule with the agreed upon changes to keep the interfaces in sync.
• Collaborate daily—The sooner your policy rule recommendations are active, the sooner your organization will prevent risky SaaS app usage. It's recommended that NGFW administrators or Prisma Access administrators check and implement policy rule recommendations daily. If the NGFW administrator or Prisma Access administrator did not import a SaaS policy rule recommendation, the recommendation might not be in good order, and the SaaS administrator must promptly coordinate with the network administrator to modify the recommendation.