>
    Strata Copilot
    Configuration: SaaS Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Strata Cloud Manager Getting Started
    4. Configuration: Strata Cloud Manager
    5. Configuration: SaaS Security
    Download PDF
    Strata Cloud Manager

    Configuration: SaaS Security

    Table of Contents

    Configuration: SaaS Security

    Manage your organization’s shadow IT risks, secure SaaS applications from cloud threats, and ensuee compliance across all SaaS applications.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    		Either one of these licenses:
    • Prisma Access license
    • ADEM Observability license or AI-Powered ADEM license
    Go to ConfigurationSaaS Security to manage your organization’s shadow IT risks, secure SaaS applications from cloud threats, and ensuee compliance across all SaaS applications.
    Identify cloud-based threats and risky user activity in sanctioned and unsanctioned apps with SaaS Security Inline.
    SaaS Security is an integrated CASB (Cloud Access Security Broker) solution that:
    • Provides visibility and control over all your shadow IT risks.
    • Secures SaaS apps from known and unknown cloud threats.
    • Protects sensitive data and ensures compliance across all SaaS apps.
    • Allows access to corporate apps only for legitimate users.
    SaaS Security Inline is built-in to Prisma Access Managed by Strata Cloud Manager to give you a centralized view of network and CASB security. It offers SaaS visibility—which includes advanced analytics and reporting—so that your organization has the insights to understand the data security risks of sanctioned and unsanctioned SaaS application usage on your network.
    Cloud Access Security Broker (CASB) bundle includes Saas Security Inline, Enterprise Data Loss Prevention (DLP) Inline, SaaS Security API, Data Loss Prevention (DLP) API, and SaaS Security Posture Management (SSPM).
    The Next-Generation Cloud Access Security Broker (CASB-X) license contains all the CASB components such as SaaS Security Inline, SaaS Security API, SaaS Security Posture Management (SSPM), and Enterprise DLP. It can be applied on Cloud-Managed Prisma Access, Panorama Managed Prisma Access, and Panorama-Managed Next Generation Firewall (NGFW) devices in a single tenant environment.
    Here’s everything you need to know to use SaaS Security on Strata Cloud Manager.

    Get Started

    Here’s how to get up and running with SaaS Security Inline on Prisma Access Managed by Strata Cloud Manager:
    • Confirm that the SaaS Security add-on license is included with your Prisma Access subscription.
      Go to ConfigurationOverview to check what's available with your license.
    • If you haven’t already, activate the SaaS Security Inline app on the hub.
      After activation, SaaS Security Inline automatically discovers all SaaS applications and users and analyzes users’ SaaS activity and usage data from your Prisma Access logs that are stored in Strata Logging Service.
    • Review and manage administrator roles and access
      Go to System SettingsIdentity and Access to provide role-based access to SaaS Security controls in Prisma Access Managed by Strata Cloud Manager.
      To comprehensively manage SaaS Security, users must also be an administrator for the SaaS Security Inline app. Jump directly from the Prisma Access Cloud Management dashboard to the SaaS Security Console to add SaaS Security Inline administrators.
    • Explore the SaaS Security dashboard
      • Discovered Apps
        Learn about the SaaS apps that are in use and how many users are accessing them. Use the filter and sort capabilities to analyze metrics and App Details to assess risks.
      • Data Security
        Data Security protects against cloud‑based threats by scanning and analyzing all your assets and applying Security policy to identify exposures, external collaborators, risky user behavior, and sensitive documents and identifying the potential risks associated with each asset.
      • Posture Security
        To detect posture risks, the apps must first be connected to SSPM. SSPM must also have the necessary permissions to scan a SaaS app's settings. During onboarding, SSPM prompts you for the configuration information that is needed to establish a connection with the SaaS app.
      • Behavior Threats
        Identify potential threats to your organization from compromised accounts, malicious insiders, and data breaches. Specifically, Behavior Threats examines how your organization’s users are interacting with sanctioned SaaS apps to identify suspicious user activities that might indicate attempts to steal or corrupt data.
      All dashboard views are supported directly in Prisma Access Managed by Strata Cloud Manager. Examine these views to identify risky SaaS applications and users and SaaS Security Posture Management. SaaS Security Posture Management (SSPM) helps detect and remediate misconfigured settings in sanctioned SaaS applications through continuous monitoring.
    • Review and share the SaaS Security report
      SaaS Security Inline includes a SaaS Security report that provides a snapshot of application usage with advanced aggregated data and views. This report serves as a communication tool between your SaaS security team and executive management. You can share this on-demand PDF report with your SaaS security team for a periodic check-in, or email the report to your executives to highlight the SaaS applications in use in your organization and the security risks they pose.
    • See what else you can do with SaaS Security and Prisma Access Managed by Strata Cloud Manager.

    © 2025 Palo Alto Networks, Inc. All rights reserved.