Service Account

Cloud App Security protects:

  • Microsoft Office 365 services, including Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams

  • G suite, including Google Drive and Gmail

  • Other cloud applications, including Box and Dropbox

Cloud App Security requires service accounts to integrate with those services that it protects. The service accounts can be categorized as:

  • Delegate accounts to integrate with Exchange Online, SharePoint Online, and OneDrive for Business

  • Authorized accounts to integrate with Box, Dropbox, Google Drive, and Gmail

  • Authorized accounts to integrate with Exchange Online and Microsoft Teams

Go to Administration > Service Account. Click Add and select a service you want to protect to provision your account. The provisioned accounts will then be listed as the service accounts.

Cloud App Security requires an RMS account to get access to and scan RMS-protected files for those services it protects. For more information on adding the RMS account, see Adding an RMS Account. If the RMS account becomes invalid for some reason, for example, it reaches its expiration date, renew the RMS account as follows:

  1. Go to Administration > Service Account, select the RMS account, and then click Remove.

    The invalid RMS account will be deleted from Cloud App Security.

  2. Click Add, select Rights Management Services, and follow the instructions to add the RMS account. For details, see Adding an RMS Account.

    The created RMS account will appear in the list.

Note:

Cloud App Security also sends an email message to notify the administrator how to renew the RMS account.

For the Exchange Online service account that is provisioned using an access token, if for some reason the access token becomes invalid, recreate an access token as follows to continue using the service account:

  1. Click Recreate Access Token under Status of the Exchange Online service account.

    The Recreate Access Token for Exchange Online Service Account screen appears.

  2. Click Click here at the end of Step 1, specify your Office 365 Global Administrator credentials to sign in if prompted, and then click Accept on the screen that appears.

  3. Go back to the management console as instructed, click Click here at the end of Step 2, and then click Accept on the screen that appears.

  4. Go back to the management console as instructed and click Done.

    A green checkmark icon appears under Status of the Exchange Online service account, indicating that the access token and the service account are valid.