Setting up API access to managed cloud applications
To enable offline scanning of cloud applications, configure an API connection to one or more of your selected cloud applications. Then configure data at rest and API-based enforcement policy actions.
Historical scanning of API data is handled based on licensing:
- For customers who purchased a dedicated nodes license, Forcepoint ONE SSE will scan files based on the specified scanning period on a sliding window.
For example customers who purchased 2 years for historical scanning will have Forcepoint ONE SSE scan data that was either created or modified within the last 2 years on a continuous sliding window.
- For standard API purchases, Forcepoint ONE SSE will only scan recent files no older than 2 weeks on a sliding window from the start of the scan.
For example, if you purchased and have setup API scanning today then Forcepoint ONE SSE will include in the scan any file that was created or modified as of 2 weeks ago from today on a continuous sliding window.
Existing customers who have API scanning enabled and have scanned historical data already will not be affected.
The first step is to setup the API for each application. Make sure that you check the box to Enable API scanning for each application on their API Setup page.
Once you have done that, refer to the following steps to setup the API for each application.
- Microsoft 365: Configuring API access
- Google Workspace: Configuring API access
- Dropbox: Configuring API access
- Box: Configuring API access
- Amazon S3: Configuring API access
- Slack: Configuring API access
- Salesforce: Configuring API access
- ServiceNow: Configuring API access
- Atlassian: Configuring API access
- GitHub: Configuring API access
- Egnyte: Configuring API access
- Cisco WebEx Teams (Formerly Spark): Configuring API access
Modifications to API setting configurations (such as adjusting User/Groups or adding/modifying data patterns) will only apply to scans of newly created/modified files and will not rescan prior historical data by default.
Some cloud applications ingest the metadata of files such as creation/modified date of offline files that were uploaded. For example an offline word doc that was created 1 year ago and uploaded to Google Drive will be seen to have been last created or modified 1 year ago. If you do not have historical scanning longer than 1 year, then Forcepoint ONE SSE will see the file as older than the sliding scanning window allows and skip the file until it is modified or edited in the cloud application thus updating it's metadata modified time.
Once the API has been setup for an application, you will be able to configure policy actions for data at rest.