Adding managed cloud applications

There are two primary ways for adding a licensed application.

You can do so when sitting on the Policies page and clicking the green plus icon or you can select the Managed Apps option under Protect > Add Apps.

Doing either will take you to the Add Application page prompting you to select either a predefined application to add to your policies page for protection, or choose one of the customizable options (Any API, Custom Licensed App, or Unlicensed App).





Note:

It's important to mention the difference between predefined applications vs custom licensed applications. The main difference is that a predefined application is an application where Forcepoint ONE SSE already has the SAML SSO information configured for that app (for example, Entity ID, Login/Logout URLs, etc). For other SaaS applications or custom applications, this information must be manually configured.

Once an application has been added to your Forcepoint ONE SSE tenant it will no longer appear as an option in the add application page.

Once you are ready, select the application or option that best fits what you are trying to add to Forcepoint ONE SSE for protection. Refer to Configuration applications section to add and configure each application as the SSO IdP and enable API scan.

  • Any Managed Application: Allows admins to add any other cloud application that does not appear in the predefined list of applications within Forcepoint ONE SSE. This can include any SaaS application you have licenses for or any custom application you may have developed within your own servers/datacenters or IaaS/PaaS environments. The only requirement is that these applications are accessible over HTTPs. In order to fully support contextual access controls it is recommended this applications support SAML SSO for to Forcepoint ONE SSE integrate with.
  • Predefined Applications: As mentioned in the note, predefined applications are applications that can be added out of the box inside of Forcepoint ONE SSE as the SSO information will already be configured for you in Forcepoint ONE SSE.
  • Field Encryption Setup via Inline or API: Allows admins to provide protection over API calls or information being sent/pulled via API. Admins will configure the API endpoints so that the call is passed through the Forcepoint ONE SSE proxy where the API call can be encrypted or tokenized to ensure protection.