>
    Strata Copilot
    Onboard SaaS Apps Supported by SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    Download PDF
    SaaS Security

    Onboard SaaS Apps Supported by SSPM

    Table of Contents

    Onboard SaaS Apps Supported by SSPM

    Onboarding sanctioned SaaS apps to SSPM.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    To detect posture risks, the apps must first be connected to SSPM. SSPM must also have the necessary permissions to scan a SaaS app's settings. During onboarding, SSPM prompts you for the configuration information that is needed to establish a connection with the SaaS app. The configuration information that SSPM requires differs and app to app, and you might need to collect configuration information prior to onboarding. Before onboarding an app, you can refer to the app's configuration requirements.
    Once connected, SSPM begins scanning the app's configuration to determine whether best practices are being followed.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application.
    3. Optionally, filter for Type: Posture to show only apps supported by SSPM.
    4. Click on the tile for the SaaS app that you want to onboard.
    5. Under posture security instances, Add Instance or, if there is already an instance configured, Add New instance.
    6. Follow the onscreen prompts to connect to the app.
      If SSPM integrates with the app through OAuth 2.0 authorization, you're redirected to the login screen for your app. If you're redirected, log in to the app and grant SSPM the permission it requires.
      You might be prompted to provide configuration information that SSPM uses to connect to the SaaS app. The required information varies from app to app. For more information, refer to the app's configuration requirements.
      After SSPM connects to your app instance, SSPM displays a unique name that it generated for the app and prompts you to select an app owner.
    7. (Optional) Replace the unique name that SSPM generated for the app with a more meaningful name. For example, if you're adding multiple instances of the app to SSPM, customize the name to differentiate this instance for the others.
    8. Specify the app owner and Continue. The app owner is the administrator who manages all posture security for this app instance. This app owner will receive alerts whenever SSPM detects a misconfiguration. The administrator who you specify must have an account on the same cloud management tenant.
      You can later modify the owner to transfer posture security responsibilities to a new owner.
      After you add the app, SSPM automatically begins scanning your instance against SSPM’s predefined rules. SSPM reports any violations on its Security Configurations page (Posture SecuritySecurity Configurations), and notifies the app owner.

    © 2026 Palo Alto Networks, Inc. All rights reserved.