Create Data Jurisdictions for Sanctioned Services
Sanctioned Data Jurisdictions are the second layer of access control for Skyhigh CASB users. Data Jurisdictions for Sanctioned Services are based on Service names or Service instances or AD Attributes.
- Go to Settings > User Management > Data Jurisdiction.
- On the Data Jurisdictions page, click New Jurisdiction.
- Click Sanctioned Service.
- On the New Sanctioned Service Data Jurisdiction page, configure the following details:
- Name. Enter a name for your Data Jurisdiction.
- AD Attributes. Define your Data Jurisdiction by selecting one or more AD attributes and/or attribute values to associate it with.
- Service Names. Define your Data Jurisdiction by selecting the Service(s) and/or instance(s) to associate it with.
- Name. Enter a name for your Data Jurisdiction.
NOTE: Only configured services are available for data jurisdiction. If you are unable to find a particular service in the Service Name tab, you will need to create a service and service instance in the Settings > Service Management page. For details, see About the Service Management Page.
- Click Save.
- Once your Data Jurisdiction is defined, you can find Sanctioned Service Data Jurisdictions in the Settings > User Management > Users page. Here you can assign users to limit access to the selected Sanctioned Service. For more details on users, see About the Users Page.
Edit a Data Jurisdiction
To edit a data jurisdiction:
- Go to Settings > User Management > Data Jurisdiction.
- On the Sanctioned Service Jurisdictions tab, select the pencil icon to edit.
- Edit the criteria of the Data Jurisdiction by selecting a new Service and/or instance or AD attributes and/or attribute values.
- Click Save.