Configuring proxy policy actions

The final column under each app titled Actions allows you to apply DLP policy actions via secure app access, grant direct app access, isolate (only for SWG Content Policy) or deny access to the app.

Forcepoint ONE SSE can scan and apply policy actions in real time through the Forcepoint ONE SSE proxy on the Office Docs, PDFs, HTML, and Text files document types.



  • Secure App Access: Will connect users to the applications through Forcepoint ONE SSE's proxy. This will also implicitly deny them the ability to access the cloud application directly.

    This is where you configure actions for data leakage prevention. Users are sent either through the Forcepoint ONE SSE reverse proxy or through the forward proxy if you are using either the forward proxy agent or PAC file.

  • Direct App access: After authentication, allows users to connect directly to the cloud application bypassing the Forcepoint ONE SSE reverse proxy. When this access mode is matched users will authenticate against either Forcepoint ONE SSE or your SAML IdP, and upon successful authentication, will be redirected to access the application directly, bypassing the Forcepoint ONE SSE proxy.
    • Many customers use this mode as a mechanism for migrating groups of users to Forcepoint ONE SSE over time. When you wish to migrate a particular group, simply change the policy to ensure that the group matches a Secure App Access rule.
    • Another common use case is providing Direct App Access for managed devices while using Secure App Access for unmanaged devices.
  • Isolate: This option is available only if the RBI license is enabled for the tenant and if it is a SWG Content Policy. This option enables you to apply RBI profile to policy so that when user access suspicious or risky websites, their session is isolated and behaves as per the selected RBI profile.
  • Deny: Allows you to block users from using an application based on a rules match criteria (for example, when using an unmanaged device outside the United States).
Note: When adding a new policy line on the application page, there will be no default policy actions configured. Admins will need to click into the action column and set the data patterns and policy actions they wish to enforce.