SaaS Tenancy Control
- 13 Feb 2024
- 1 Minute to read
- DarkLight
- PDF
SaaS Tenancy Control
- Updated on 13 Feb 2024
- 1 Minute to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Many popular cloud services provide "business" and "personal" accounts. While you may use Google Workspace or Microsoft 365 as your organziation's productivity platform of choice, a user may have their own "personal" account on that same cloud platform.
This means that if you allow Google or Microsoft logins from an organization managed endpoint, you are implictly allowing login using both "business" and "personal" credentials.
SaaS tenancy control enables you to only allow login to admin-defined tenants within these types of cloud services on managed devices.
Partner Subscription Required
Jamf does not provide TLS decryption, which is required to add HTTP headers that are necessary for SaaS tenancy controls.
Jamf has partnered with Cloudflare to deliver this capability to our shared customers.
If you are not yet a Cloudflare customer and you would like to trial these capabilities, contact cloudflare@jamf.com.
Prerequisites
- Configure Jamf Connect ZTNA
- Setup an Access Gateway to Cloudflare via Magic WAN
- Deploy the Cloudflare root certificates to devices via your MDM
Steps
- In Jamf Security Cloud, configure a SaaS Access Policy that defines the cloud service in which you would like to enable tenant controls. Use the below pre-defined SaaS application access policies as required:
- Microsoft Authentication for Microsoft 365
- Google Apps for Google Workspace
- Dropbox for Dropbox
- Slack for Slack
- Configure SaaS tenant control in your Cloudflare One portal.