Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Adaptive Access Control in Private Access

Overview

Adaptive access controls in Skyhigh Private Access allow your organization's data to be protected by controlling access to your private applications and services based on user, device identity, locations, process, application tags, etc.

About Private Access Policy

Configure your Private Access policy to control and secure access to applications. A Private Access policy includes rules that specify criteria based on the application group, user name, user group, device profile, and location.

Configure Private Access Policy Rules

Configure the policy rules to enforce controlled access to private applications. You can create private access policy rules by applying Criteria, Operator, Value, and Actions. You can define up to five levels of nesting within a parent rule. You will see an error if you don't enter the rule name or when the rule name exceeds 200 characters. The nested rule can contain other nested rules, resulting in a hierarchy of rules. 

Skyhigh Private Access applies the access policy rules using the first-match principle and runs from top to down.  The rule set evaluates to true or false based on the criteria, value, and action specified in each rule. So make sure to provide valid inputs in all these fields. Rules are triggered when all their conditions are evaluated to be true. Within a parent rule, you can use drag and drop to move a rule from one level to another level.  

Note: Before creating an access policy rule, you should first configure the device profiles and private applications.

Configure Device Profile

Skyhigh Private Access continuously assess the security posture of the connecting device. The connecting device can be an enterprise-owned device, a personal computer, a mobile device, or a BYOD device. There are two methods to configure Device Profile:

1. Skyhigh Device Profile 

2. CrowdStrike Device Profile

Create a Private Access Policy

To create the Private Access policy :

  1. Go to Settings>  Policy > Access Control > Private Access Policy.

nestrule.png

  1. Click New Rule.
  2. Complete the following fields to create an access policy rule:
    • Name — The name of the policy.
    • Criteria — Select a criteria from the list and click OK. You can specify multiple criteria for a single rule. You can also view the logic used for the selected criteria.


NOTE: Select the device profile as the criteria to validate the device posture. 

  • Operator — Specify the operator for the selected criteria. 
  • Value — Specify the value based on the set criteria. 
  • Action — Specify the action to be performed when a policy is enacted.
    • Allow — Allows private application traffic.

Allow access to a subset of applications based on device and user risk

 

clipboard_ef0726982332a937fe9607edbd6c88d98.png

  • Block — Block access to private application traffic.

Block access to a subset of applications based on device and user risk

image.png

clipboard_e54d3c248003e55d57ae6a7818361ca87.png

  • Allow Web Policy — Applies the configured Web Policy rules to the private application traffic. For more information about Web Policy, see Web Policy.
  • Allow with DLP — Applies web policy rules along with the DLP rules to the private application traffic. For more information about DLP, see Data Loss Prevention.

Controlling application access to sensitive data based on device or user risk

clipboard_ec69c7d2895c1cbe6b1c0ea82663ac965.png

 

  • Isolate — Applies Remote Browser Isolation policy to the private application traffic. For more information about RBI, see Remote Browser Isolation (RBI).
  • Enter — Creates a new child rule. 
    • On/Off — Select On to enable a rule and Off to disable a rule. Click threedots.png to view options such as Add New Condition, Add Nested Rule, and Delete.
      • Add New Condition — Adds a new condition (criteria). Select a criteria from the list and click OK. You can specify multiple criteria for a single rule. You can also view the logic used for the selected criteria.
      • Add Nested Rule — The nestedicon.png  icon represents the nested rule. Click this icon to expand or collapse a nested rule. You can nest (up to four levels) rules inside a policy rule. You have to configure criteria, value, and action for this child rule. The Action option changes to Enter when you add a child rule. You can specify action to be performed according to the child's rules.

nested2.png

Note: Actions Allow with web, Allow with DLP and Isolate are supported only for http/https protocols. 

  1. Publish the saved changes to the cloud now or keep working and publish later.
    Once you publish, you can view the private access policy under the Web Policy (Policy > Web Policy > Policy > Private Access) page in the code view form.
  • Was this article helpful?