Views:

Configure values for the HTTP/HTTPS header fields that you use to control access to a supported cloud app.

Procedure

  1. On the Secure Access Resources screen, click the Tenancy Restrictions tab and then click Add.
    The Tenancy Restriction Rule screen appears.
  2. Select a cloud app from the dropdown list.
  3. Specify a unique name and a description for the rule.
  4. Confirm or modify the applicable domains for the selected cloud app.
  5. Specify values for each header field to allow the cloud app to implement the tenancy restriction.
    Cloud app
    Header Field
    Value description
    Microsoft Office 365
    Restrict-Access-To-Tenants
    Name or ID of at least one tenant that you want to allow users to access
    Example: mytenant1.com,mytenant2.com,<my_tenant_id>
    Restrict-Access-Context
    Single directory ID of the tenant that sets tenant restrictions
    Example: <my_tenant_id>
    Google Workspace
    X-GoogApps-Allowed-Domains
    Name of at least one domain that you registered with Google Workspace and want to allow users to access
    Example: mydomain1.com,mydomain2.com
    Dropbox
    X-Dropbox-allowed-Team-Ids
    ID of at least one Dropbox team that you want to allow users to access
    Example: <dropbox_team_id>,<dropbox_team_id>
    Microsoft consumer apps
    sec-Restrict-Tenant-Access-Policy
    Fixed value controlling access to Microsoft consumer apps such as Hotmail and OneDrive
    Required value: restrict-msa
    Note
    Note
    Tenancy restrictions for Microsoft consumer apps require the applicable domain login.live.com.
    Other cloud app
    <header_field_name_of_the_cloud_app>
    • Specify a header field and configure an operation on the field.
      • Add: Specify a value in the string type.
        If the specified field exists, the Internet Access Gateway replaces the field value with the specified value. If it does not exist, the Internet Access Gateway adds the field to the header.
      • Delete: If the specified field exists, the Internet Access Gateway deletes the field from the header. If it does not exist, the Internet Access Gateway ignores the action.
      Note
      Note
      Some HTTP/HTTPS header fields are reserved and cannot be modified, such as Host, Path, and Cookie.
    • To add more header fields and set an action for each header field, click +Add.
      Note
      Note
      You can specify a maximum of 10 header fields.
    • To delete an existing header setting, click trash-icon.png.
    Note
    Note
    • For more information about header field settings for tenancy restriction, see the documentation of each cloud app provider.
    • For each header field with multiple values, you can specify a maximum of 128 characters.
  6. Click Save.