SaaS Authorization Management

<Early Access Feature>

The SaaS Authorization Management enables you to benefit from the centralized management capabilities as well as the ease-of-use in creating Policies within the Platform while integrating between the Platform and your third-party vendor.

All Policies in the Platform including those created with the Policy Wizard, Polices imported as code, and those discovered and translated in the Orchestration Workspace, appear in the Policy Catalog in the Authorization Workspace. Also, they can be exported as code and viewed in the Policy Map, which offers a graphical representation of the Policy.

Once the discovery process is completed and the third-party vendor Policies and Objects have been populated to the Authorization, you can continue to synchronize between the third-party vendor and the Authorization in the following ways:

• Creating a New Policy
• Modifying an Existing Policy
• Discovering new Policies or modifications made to existing Policies in a third-party vendor application
• Changing the modes between Learn and Managed.

Creating New Policies

Policies are created in the Authorization Workspace in one of three ways:

• Creating the Policy in the Policy Wizard and deploying it back to the third party vendor tenant
• Discovering a Policy in a third party vendor tenant

To create a Policy for a POP:

1. After completing the initial Policy Details (Name, Generated Policy ID, Description and Access Type), you must enable the Policy is used for Policy Orchestration Point (POP) option. Once you do, the Fill in Policy Details section appears.
2. In the Fill in Policy Details section, enter the following third party vendor information. Note that this information is vendor-specific.
3. Click Continue, and then continue with the process of defining the WHO and WHAT elements of the Policy in the Policy Wizard.

Once you complete the Policy creation, the Policy appears in the Policy Catalog. The new Policy can then be deploying from the Platform to the third-party vendor. This is accomplished by clicking Deploy Suggested Policy in the Orchestration right side panel.

Modifying an Existing Policy in the Platform

Just as you can modify a Policy created in the Platform by clicking on it in the Policy Catalog, you can also modify a Policy that was created in a third-party vendor, discovered and listed in the Policy Catalog as well.

When you have completed the modifications, you can view the Policy in the Orchestration right side panel. You will notice that the Policy and the left, in the Suggested Policy section does not match the Policy detailed in the Deployed Policy section.

To deploy the modified Policy, click Deploy Suggested Policy. You will then notice that the deployed Policy, with all the modifications you made, will appear in the third-party vendor and the two sides of the right side panel will again be synched.

This process will identify and deploy all changes you make to the Policy. If you delete the Policy, when you click Deploy Suggested Policy, the Policy will be deleted on the third-party vendor as well.

Creating or Modifying a Policy and Synchronizing with the Platform

In cases where you create or modify Policies in a third-party vendor application, you can syncronize thediscover and translate them to the Platform language when a POP is created or when you click Discover Now in the Orchestration Workspace.

The Platform will identify changes made since the last discovery. It will delete the Policy in the Platform and create a new Policy with the updated information.