Forcepoint Data Security Cloud | SSE Administrative Guide Document Subtitle

BETA | 2025-06-26

Home
Protect
The Protect section is the primary area for adding and managing your applications you wish to protect.
Configure applications
Forcepoint Data Security Cloud | SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
Box
Forcepoint Data Security Cloud | SSE supports the ability to control access to Box via SSO and API.

Introduction
CASB provide data security and access management for SaaS applications, ensuring safe and compliant cloud usage. Security teams rely on CASB to perform the following types of functions:
Product updates
Explore the details of newly introduced and updated features here, along with an overview of resolved and known issues.
Sign into the Forcepoint Data Security Cloud | SSE portal
Signing into Forcepoint Data Security Cloud | SSE to configure manage CASB, web and private application traffic.
Getting started
This page helps the admins in setting up and configuring the Forcepoint Data Security Cloud | SSE for the first time and also explains the layout of Forcepoint Data Security Cloud | SSE.
Home
The Home page provides a visually intuitive, data-driven dashboard that consolidates critical SaaS data discovery metrics, including Summary and Activity Log, along with quick access to key product updates.
Analyze
The Analyze section contains all of your log reports and alerts for visibility into user's activity and suspicious behavior.
Protect
The Protect section is the primary area for adding and managing your applications you wish to protect.
- Add Applications
- Configure applications
  Forcepoint Data Security Cloud | SSE supports various cloud applications so that Admins can monitor data which is in transit, in motion and at rest.
  - Microsoft
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Microsoft 365 via SSO and API. Forcepoint Data Security Cloud | SSE also supports CSPM audit scanning for Azure.
  - Google Workspace
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Google Workspace and Google Cloud Platform (GCP) via SSO and API. Forcepoint Data Security Cloud | SSE also supports CSPM audit scanning for GCP.
  - Dropbox
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Dropbox via SSO and API.
  - Box
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Box via SSO and API.
    - Box: Deploying Forcepoint Data Security Cloud | SSE as a SAML IdP
      This topic describes the procedure to setup the SSO configuration for Box.
    - Box: Configuring API access
      These instructions show you how to authorize Forcepoint Data Security Cloud | SSE to access your Box account via the API. All the files at rest will then be analyzed against DLP patterns and a report will be generated to identify any DLP violations in your corporate account.
  - AWS
    Forcepoint Data Security Cloud | SSE supports the ability to control access to AWS via SSO and API. Forcepoint Data Security Cloud | SSE also supports CSPM audit scanning.
  - Slack
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Slack via SSO and API.
  - Salesforce
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Salesforce via SSO and API.
  - ServiceNow
    Forcepoint Data Security Cloud | SSE supports the ability to control access to ServiceNow via SSO and API. Also, Forcepoint Data Security Cloud | SSE supports SSPM scanning feature.
  - Atlassian (Confluence and JIRA)
    Forcepoint Data Security Cloud | SSE supports the ability to control access to Atlassian via SSO and API.
  - GitHub
    Forcepoint Data Security Cloud | SSE provides SSO and API integrations with GitHub in order to scan and surface sensitive data at rest.
  - Egnyte: Configuring API access
    This guide page will walk you through how to setup Egnyte for API scanning with Forcepoint Data Security Cloud | SSE. It is important to note that Egnyte enforces API rate limits on all tenants which will not be suitable enough for Forcepoint Data Security Cloud | SSE API scanning.
  - Configure Forcepoint Security Manager
    Forcepoint Security Manager (FSM) is an Any HTTP/S ZTNA App/Service application which can be used for adding multiple FSM ZTNA internal applications while onboarding a large customer.
  - Cisco WebEx Teams (Formerly Spark): Configuring API access
    Forcepoint Data Security Cloud | SSE can provide visibility into data at rest inside of Cisco WebEx Teams (Spark) and quarantine sensitive files.
  - Mobile Mail Cutoff (M365, Google, Exchange)
    Mobile Mail cutoff features enable you to enforce that all ActiveSync traffic goes through Forcepoint Data Security Cloud | SSE.
- Application Controls
- Configuring notifications
  Admins can create custom notification objects that can be applied to policies and reports. This will determine which admins or users are notified when a policy is violated and what the custom message says.
- Setup traffic steering
  Forcepoint Data Security Cloud | SSE supports SmartEdge Agent and Cloud SWG traffic steering methods. This chapter describes steps to deploy each of those so that traffic can be forwarded to Forcepoint Data Security Cloud | SSE.
- Configuring SWG policies
  You can configure SWG Connection Policy, Cloud SWG Authentication Policy and SWG Content Policy to manage traffic through Cloud SWG and SmartEdge agent.
- Device Profiling Proxy
  The Device Profiling Proxy page will allow you to both configure the means to distinguish between a managed and an unmanaged device as well as implement a forward proxy deployment for applying inline policy actions.
- Configure Zero Trust Network Access
  Forcepoint Data Security Cloud | SSE's Agentless and Agent-based Zero Trust Network Access (ZTNA) provides an alternative to VPNs allowing admins to provide inline protection to internal apps without the need for VPN service to be running on the user's local machine.
- Configuring Advanced Threat Protection
  Forcepoint Data Security Cloud | SSE provides Advanced Threat Protection (ATP) via partnerships with Bitdefender.
- Encrypting data
  Forcepoint Data Security Cloud | SSE enterprise edition allows users to encrypt data at rest in cloud applications for both file and field level data. Keys can be managed in the Forcepoint Data Security Cloud | SSE Keystore or customers can add their own KMIP Key Store to utilize existing key management appliance/servers (KMS or HSM).
- Integration
IAM
The IAM section contains the configuration pages used for maintaining your organization in Forcepoint Data Security Cloud | SSE (adding your domain, managing users/devices/etc).
Settings
The Settings section contains the majority of your setting configurations to be used in policies or integrations.
Support
The Support section contains links to Admin guide, URL Lookup page, and Forcepoint Customer Hub.
Appendices

Box

Forcepoint Data Security Cloud | SSE supports the ability to control access to Box via SSO and API.

Box: Deploying Forcepoint Data Security Cloud | SSE as a SAML IdP
This topic describes the procedure to setup the SSO configuration for Box.
Box: Configuring API access
These instructions show you how to authorize Forcepoint Data Security Cloud | SSE to access your Box account via the API. All the files at rest will then be analyzed against DLP patterns and a report will be generated to identify any DLP violations in your corporate account.

Copyright © 2025 Forcepoint LLC
DRAFT | 2025-06-26