Orchestration Workspace
    • 10 Dec 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF

    Orchestration Workspace

    • Dark
      Light
    • PDF

    Article summary

    SaaS Authorization Management provides out-of-the-box support to leading SaaS vendors. It enables the Platform to integrate with SaaS vendors to provide standardization and centralized authorization management while supporting distributed deployment across the organization’s technology stack.

    Integration with the vendors is accomplished through Policy Orchestration. This service is designed to discover, map, and manage authorization policies of SaaS vendors by utilizing their native capabilities using available APIs.

    SaaS Authorization Management is managed within the Orchestration Workspace. The Orchestration Workspace lists all currently defined Policy Orchestration Points (POPs).

    Policy Orchestration Points (POPs) define the connection between the Platform Tenant and the Vendor Tenant typically running a third-party application.

    In the Orchestration Workspace, you can:

    • View all POPs.
    • View all discovered Vendor Policies and Objects.
    • Initiate a process to import and translate Vendor Policies and Objects into the Platform language.
    • Discover any modifcations made by the third-party vendor applications in the Vendor tenant and initiate a process to update the representation of those Policies in the Platform.
    • Deploy Policies created or modified in the Platform to the third-party vendor.

    By default, when a Tenant is created, there is one Identity Workspace and one Authorization Workspace. To implement SaaS Authorization Management, you must create an Orchestration Workspace first. See Managing the Orchestration Workspace for more information on how to create an Orchestration Workspace.

    After you finish defining the connection settings, which vary depending on which SaaS Authorization Management Authorizer you use, the Platform will initiate the first discovery of information from the Vendor Tenant and represent the results in the Platform Workspaces.

    Each time the Discovery process is initiated, the POPs will translate the third-party objects and Policies into the Platform language for external management. For more information, see About the Discovery Process.

    When you access the Orchestration Workspace, the POPs are listed on the left side of the screen. When you select a POP, the Vendor Policies for that POP are displayed. For more information on POPs, see Managing POPs and the specific POP vendor information in the SaaS Policy Management Authorizers area.

    In the main display area of the Orchestration Workspace, there are two tabs.

    • Vendor Policies tab
    • Objects tab

    Depending on the third-party vendor, filter options are available to help filter the list of objects on each tab. To remove a filter, click the X on the filter name. By default, the Vendor Policies tab is displayed when you select a Policy.

    Vendor Policies Tab

    The Vendor Policies tab lists all the discovered Policies for the selected POP. For each Policy, the name is displayed, in addition to other information based on the vendor. The total number of discovered Policies is indicated on the tab. You can also use the Search and Filter options to locate a Policy.

    The name of the POP is also displayed in this area, along with the Last Discovery date and time is displayed, as well as the Discover Now button, to initiate additional Discoveries as needed. For more information, see Discovery Process.

    Note that for Zscaler (ZPA) Policies, an Order number appears on each Policy tile, indicating the order in which the Policy is evaluated. For more information, see Zscaler.

    Objects Tab

    The Object tab displays all of the objects discovered during the Discovery process. The objects displayed are vendor-specific based on the specifiedd POP type. For example, for Power BI, objects would refer to tables while for Zscaler, displayed objects would refer to Applications such as Application Segments an Application Segment Groups.


    Was this article helpful?