Configure the cloud application connection in the Forcepoint Security Manager

Steps

  1. In the Forcepoint Security Manager, go to DATA > Policy Management>Resources > Cloud Applications.
  2. In the cloud applications table, click the Application Name.
    The Cloud Application Properties screen opens to allow configuration of the selected application.
    • Pop-up blockers might prevent this screen from opening. If this occurs, disable the pop-up blocker and try again.
    • It might take a while for the screen to open. Wait for the screen to load, then complete the steps below. Do not close the screen while it is still loading.
  3. On the General tab, click Configure Connection.
    The Forcepoint CASB service uses the connection to retrieve activity logs, scan files at rest, and retrieve user lists. It does not store the user credentials. For more information about account requirements, see the Forcepoint CASB Service Provider API Connection Guide .
  4. Open the DLP Cloud Service tab. In the DLP Cloud API section:
    1. Select Enable activity import to allow the Forcepoint CASB service to access and import user activity logs for the selected cloud application.
    2. For Office 365 and Box assets, select Unshare parent folder to remove the sharing permissions for a sensitive file's parent folder. Select this option to remove sharing permissions when sensitive files inherit sharing permissions from a parent folder in the hierarchy. This removes the sharing permissions for the affected folders and all files located in them. This option applies only if one of the unshare actions is selected in the action plan of the DLP policy.
  5. Open the General tab. In the Mitigation Settings section, configure an Archive folder within the selected cloud service for files moved or copied in response to a DLP incident. The archive folder must reside on the scanned asset, so the path needs to match the browser URL.
  6. Under Quarantine Notes, optionally configure messages that can replace quarantined files and explain to users that files have been moved.
  7. Click Test Connection to verify activity download, data classification, and the validity of the archive folder.
  8. To save the changes and return to the cloud applications list, click OK.
    • The new application is added to the cloud applications list, which shows the application name, type, description, and status.
    • You can edit the cloud application’s properties by clicking the Application Name.

    The new application is added to the cloud applications list even if configuration is canceled before this step is completed. Open the cloud application’s Properties screen to finish configuration if necessary.

  9. To deploy all the configured changes, click Deploy.
    Note: If you are logged on to the Forcepoint Security Manager, but want to edit the cloud application in Forcepoint CASB, click the Launch CASB Portal button to open the Forcepoint CASB management portal.