Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create an Application Instance

For CASB, to differentiate between corporate and non-corporate SaaS application instances, administrators need to configure access policies using the instance parameter.

  • To identify an instance, CASB requires the instance ID, the instance domain, and the instance type.

  • To monitor logs, the instance tags are used. Tags indicate whether the application instance is sanctioned by your organization.

Each application can have its own instance ID. See Table 1.

Table 1: Application Instance ID

Application

Example URL

Instance ID

For the following example URLs, consider a common string acmecorp07 as the instance ID within the application's SaaS URLs.

Box

  • acmecorp07.app.box.com

  • acmecorp07.account.box.com

acmecorp07

GitHub

Organization name is the instance ID

 acmecorp07

Google Chat

-

 acmecorp07

Microsoft Teams

  • acmecorp07ms.sharepoint.com

  • acmecorp07ms-my.sharepoint.com

acmecorp07ms

Salesforce

  • acmecopr7.my.salesforce.com

  • acmecorp7.lightning.force.com

acmecopr7

Microsoft OneDrive

SharePoint

  • acmecorp07ms.sharepoint.com

  • acmecorp07ms-my.sharepoint.com

acmecorp07ms

Microsft Outlook

acmecorp07ms-onmicrosoft.com

acmecorp07ms

Slack

acmecorp-zoy8730.slack.com

acmecorp-zoy8730

AmazonEFS

Instance ID is Amazon account ID

392719858104

AmazonS3

Instance ID is Amazon account ID

392719858104

Generic URLs where instance ID is not applicable

Dropbox

dropbox.com

-

Gmail

mail.google.com

-

Google Docs

docs.google.com

-

Microsoft OneDrive Personal

No instance

-

Use the Create Application Instance Page to configure application instances.

To create a new application instance:

  1. Select Secure Edge > Security Subscriptions > CASB > Application Instances.

    The Application Instances page opens.

  2. Click + to create an application instance.

    The Create Application Instance page.

  3. Complete the configuration according to the guidelines provided in Table 2.
  4. Click OK.

    An application instance is created, which you can associate with a CASB profile.

Table 2: Creating Application Instance Settings

Setting

Guideline

Cloud application

Select a cloud application from the list.

Name

Enter a new application instance name. For example, dropbox123.

The instance name must begin with an alphanumeric character. Spaces and special characters except hyphens(-), colons(:), and periods(.) are not allowed. The maximum length is 63 characters.

Application instance ID

A unique URL to access SaaS services. Instance ID comes in packet data of all SaaS application activities, such as, upload, download, and share. You use this Instance ID to apply in the Security policies.

See Table 1 to enter an application instance ID.

Login Domain

An email domain. During login activity, you get an email domain in packets, and it is part of instance.

Enter the domain address.

For example, acmecorp07.com is an organization domain. Then, for all users, CASB-supported cloud applications uses the same domain.

Note:

Domain configuration is not required for the Microsoft OneDrive Personal application.

Type

Select a value from the list to map a type with an application instance:

  • Unclassified

  • Work

  • Personal

Note:

You must configure the type of value for Dropbox. For other applications, this configuration is optional.

Tag

Select a value from the list to tag an application instance:

  • Untagged—Default value for the application instances that you have not tagged.

  • Sanctioned—Application instances sanctioned by your organization.

  • Unsanctioned—Application instances unsanctioned by your organization.

Related Documentation