Forcepoint ONE SSE Deployment Guide Document Subtitle

Home
Configure applications
Forcepoint ONE SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
Dropbox
Forcepoint ONE SSE supports the ability to control access to Dropbox via SSO and API.

Verify access and perform initial configuration
Describes about initial account configurations, such as creating and assigning administrator accounts and roles, and configuring portal access and timeout policies in Forcepoint ONE Security Service Edge.
Integrate identity
You can configure user identity settings and synchronize user information from your directory in order to assign policies to users or groups.
Configure common components
Describes how to configure common components such as login policies, various notifications, custom notification files and so on.
Setup traffic steering
Forcepoint ONE SSE supports SmartEdge Agent and Cloud SWG traffic steering methods. This chapter describes steps to deploy each of those so that traffic can be forwarded to Forcepoint ONE SSE.
Configure DLP
DLP is a data loss prevention capability that allows for pattern matching (via regular expressions and keywords) against data as it is either being downloaded, uploaded, or scanned via API at rest.
Configure Zero Trust Network Access
Forcepoint ONE SSE's Agentless and Agent-based Zero Trust Network Access (ZTNA) provides an alternative to VPNs allowing admins to provide inline protection to internal apps without the need for VPN service to be running on the user's local machine.
Protect cloud applications
This chapter describes how to setup various cloud applications in Forcepoint ONE SSE so that Admins can monitor the data at rest and data in motion.
Configure policies
Describes how to configure policies for your application in Forcepoint ONE SSE portal so that you can monitor the data at rest and data in motion.
Monitor and analyze traffic
You can perform steps to monitor and analyze the traffic. Forcepoint ONE SSE Log Export REST API allows customers to query and pull cloud and access Logs. Alternatively, customers with Splunk or QRadar can instead utilize the Forcepoint ONE SSE Splunk app or the Forcepoint ONE SSE QRadar App for easy integration with the Forcepoint ONE SSE REST API to extract Forcepoint ONE SSE logs.
Configure applications
Forcepoint ONE SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
- Microsoft
  Forcepoint ONE SSE supports the ability to control access to Microsoft 365 via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning for Azure.
- Google Workspace
  Forcepoint ONE SSE supports the ability to control access to Google Workspace and Google Cloud Platform (GCP) via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning for GCP.
- Dropbox
  Forcepoint ONE SSE supports the ability to control access to Dropbox via SSO and API.
  - Dropbox: Deploying Forcepoint ONE SSE as a SAML IdP
    This section will guide you through configuring Forcepoint ONE SSE as a SAML Identity provider for Dropbox single sign-on (SSO) authentication. This will ensure visibility and access control of Dropbox via Forcepoint ONE SSE CASB.
  - Dropbox: Configuring API access
    These instructions show how to authorize Forcepoint ONE SSE to access your Dropbox account via the API. All the files at rest will then be analyzed against DLP Patterns and a report will be generated to identify any DLP violations in your corporate account.
- Box
  Forcepoint ONE SSE supports the ability to control access to Box via SSO and API.
- AWS
  Forcepoint ONE SSE supports the ability to control access to AWS via SSO and API. Forcepoint ONE SSE also supports CSPM audit scanning.
- Slack
  Forcepoint ONE SSE supports the ability to control access to Slack via SSO and API.
- Salesforce
  Forcepoint ONE SSE supports the ability to control access to Salesforce via SSO and API.
- ServiceNow
  Forcepoint ONE SSE supports the ability to control access to ServiceNow via SSO and API. Also, Forcepoint ONE SSE supports SSPM scanning feature.
- Atlassian (Confluence and JIRA)
  Forcepoint ONE SSE supports the ability to control access to Atlassian via SSO and API.
- GitHub
  Forcepoint ONE SSE provides SSO and API integrations with GitHub in order to scan and surface sensitive data at rest.
- Egnyte: Configuring API access
  This guide page will walk you through how to setup Egnyte for API scanning with Forcepoint ONE SSE. It is important to note that Egnyte enforces API rate limits on all tenants which will not be suitable enough for Forcepoint ONE SSE API scanning.
- Configure Forcepoint Security Manager
  Forcepoint Security Manager (FSM) is an Any HTTP/S ZTNA App/Service application which can be used for adding multiple FSM ZTNA internal applications while onboarding a large customer.
- Cisco WebEx Teams (Formerly Spark): Configuring API access
  Forcepoint ONE SSE can provide visibility into data at rest inside of Cisco WebEx Teams (Spark) and quarantine sensitive files.
- Mobile Mail Cutoff (M365, Google, Exchange)
  Mobile Mail cutoff features enable you to enforce that all ActiveSync traffic goes through Forcepoint ONE SSE.

Dropbox

Forcepoint ONE SSE supports the ability to control access to Dropbox via SSO and API.

Dropbox: Deploying Forcepoint ONE SSE as a SAML IdP
This section will guide you through configuring Forcepoint ONE SSE as a SAML Identity provider for Dropbox single sign-on (SSO) authentication. This will ensure visibility and access control of Dropbox via Forcepoint ONE SSE CASB.
Dropbox: Configuring API access
These instructions show how to authorize Forcepoint ONE SSE to access your Dropbox account via the API. All the files at rest will then be analyzed against DLP Patterns and a report will be generated to identify any DLP violations in your corporate account.