Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure Active Directory for Sanctioned IT

NOTE: If you are on version 4.3.2 and above, click Cloud Connector Config Custom Attributes.

Once Skyhigh Cloud Connector has connected to your Directory Server or collected your CSV file, you can configure Custom Attributes for use with Sanctioned IT.

NOTE: There is a limit of 10 Sanctioned Custom Service Attributes that can be mapped.

  1. After connecting to the attribute source, click Sanctioned Settings.
  2. To upload AD attributes for user groups in Sanctioned IT, under Skyhigh CASB Data Upload, select Enabled. This will also send your unique Salt to Skyhigh CASB to tokenize user information received through API and proxy integration feeds.  

Setup Custom Attributes_Sanctioned Settings Disabled.png

  1. For all the attributes you want to send for user group configuration, activate the Attribute to Send checkbox. 
  2. For all attributes that are needed to uniquely identify a user, activate the Include as Key checkbox. 
    IMPORTANT: If an Attribute you need it missing, add it to the default Attributes list on the Domain Configuration > Domain Setup page. 
  3. Click Save.

When an event occurs that pertains to a Custom Attribute, the data for that Custom Attribute will be appended to the event.


Upload Sanctioned Custom Attributes from the Command Line

You can use the command line to import and upload custom attributes using the shnlpcli ca --upload command.

For example:

shnlpcli ca --upload 


shnlpcli ca --import --upload

The complete details for using customattributes(ca) are as follows:

customattributes(ca)      Command To Manage Custom Attributes Settings
  Usage: customattributes(ca) [options]
         Dumps the imported custom attributes to a file
         Default: false
         Output CSV file for custom attributes information
         Performs import of custom attributes
         Default: false
         Resets the last import timestamp
         Default: false
         Uploads the custom attributes for Sanctioned user groups after importing
         Default: false
  • Was this article helpful?