Access Control service
The Access Control service enables the administrators to provide a cohesive experience integrating single sign-on, remote access, and content inspection into a single solution for end-to-end access control. IT administrators can govern access to approved SaaS apps with a simplified single sign-on experience. With the Access Control service, administrators can also protect the organization’s network and end user devices from malware and data leaks by filtering access to specific websites and website categories. Administrators can enforce enhanced access security policies for secure access to SaaS applications. Once authenticated, employees have access to all critical business applications from any device irrespective of whether they are in the office premises, at home, or traveling.
Administrators can monitor user activities, such as malicious, dangerous, or unknown websites visited, and the bandwidth consumed, and risky download and upload behaviors. Using the Analytics around websites and website categories accessed, administrators can take corrective action to protect the enterprise network. At the same time, the service provides end users seamless and secure access to all their hosted apps.
Administrators can also restrict actions, such as restricted printing, downloads, and clipboard access (copy-paste).
The following diagram is a visual depiction of the Access Control service.
Key capabilities of Access Control service
Some of the key tasks that you can complete with the Access Control service are as follows:
Publish SaaS apps with single sign-on access.
Set enhanced security policies for SaaS apps. (For example, watermark, copy-paste restriction, and prevent downloads.)
Define access policy for website categories and websites to be redirected to Secure Browser service.
Define access policy for website categories and websites to be blocked.
Understand users and websites activity in the context of SaaS apps and correlate it to defined policies.
Make policy changes to allow or block website access, and enable access in a secure browser service session.