Setup instructions

Provides instructions for first-time users on how to set up the App Security.

The following image is a visual representation of the key steps to complete setup, enhance security, and initiate activity monitoring. There are eight steps to complete the configuration. Clicking on each step in the image will take you to detailed instructions. By configuring this, you can successfully set up App Security.

Initial Configuration

To verify access to App Security, see the Signing in to Forcepoint Data Security Cloud page.

Integrate Identity

To manage users, groups, user roles, and SAML or Active Directory (AD) configurations, see the Admin section.

Policy Configuration

Preconfigure policy objects:
1. Configure custom inline popup notifications, user email or group email notifications, and other messages notifications.
2. Configure custom notification files.
3. Add custom locations.
Set up login policies
- Configure a delay login policy.
- Configure a block login policy.
- Set up multi-factor authentication.
- Configure an expire session policy.
- Test the policies and update policy configuration if necessary.
Note: At this point in time, these policies will apply to App Security only. The policies will also apply to managed cloud applications, once configured.
Set up automatic log collection for Shadow IT reporting:
Manually upload logs for Shadow IT discovery.

OR
1. Set up one of the following methods for automatic log collection:
  - Configure Downloadable OVA.
  - Configure Syslog-ng relay.
  - Configure Rsyslog.
2. Map forwarded logs to App Security fields.
3. Review the reports generated in preparation for policy planning.
Configure managed device identification:
1. Discover the methods to distinguish managed devices.
2. Select the managed device identification method you want to use.
  - Configure managed client certificates.
  - Set up SmartEdge agent custom device profiles.
  - Configure SAML attribute match.

Setup traffic steering

Configure and deploy traffic steering for inline protection through SmartEdge Agent for a control group.

Setup DLP and data patterns

Configure DLP and data patterns.

You can integrate with Forcepoint Data Security Cloud | DLP and Forcepoint DLP to enforce DLP policy in App Security:

Integrate with and leverage Forcepoint Data Security Cloud | DLP policies:
1. Import your JSON file to Integrate App Security with the Forcepoint Data Security Cloud | DLP Protection Service.
2. Apply Data Security policy actions to flagged traffic to or from managed cloud applications.
3. Apply Data Security policy actions to data discovered at rest on cloud applications using the cloud API.
Integrate with and leverage Forcepoint DLP policies:
1. Import your JSON file to Integrate App Security with Forcepoint DLP policies.
2. Apply FSM based policy actions to flagged traffic to or from managed cloud applications.
3. Apply FSM based policy actions to data discovered at rest on cloud applications using the cloud API.

Add managed applications

Add pre-defined cloud applications as managed applications.
Add custom cloud applications as managed applications.

Protection for data at rest

Set up API access.
Set up API scanning in App Security.
Configure policy actions for data at rest.

Protection for data in motion

Configure SSO for cloud applications for a control group:
Review this video for more information.
1. Select and deploy the SSO method appropriate for your application and organization.
  This may be SAML relay or SAML ACS proxy.
2. Verify access to the cloud application.
Configure inline policies for managed cloud applications for a control group:
1. Configure contextual access control and set proxy policy actions.
2. Test the inline policies.
3. Update policy configurations if necessary.