Forcepoint ONE SSE can restrict tenant access based on HTTP Header Requests by domains applied to the entirety of users in Microsoft 365, or by domains
applied by contextual policies.
If admins want to apply login controls contextually, follow the steps below:
Steps
-
Start on the page and either add a new policy line or edit the Action column of an already configured policy line.
-
Scroll to the bottom of the Action dialog window and you will see three check boxes you can enable for login controls.
-
Restrict access to approved domains: Will only allow users to access domains configured within your Microsoft 365 instance in Forcepoint ONE SSE as well as any domains that you add to the
list.
-
Restrict managed device login to approved username domains: Will only allow users with the specific domains within your Microsoft 365 instance that
match their username domain.
-
HTTP Header Restrictions: Configure HTTP Headers that are sent with the SAML Request to apply login controls enforced by M365.
-
To configure simply check the box to display the table. Add a new row(s) to the table and input the domains you wish to allow users to connect to and save your settings. You can
add as many domains as needed on individual row lines.