Views:

Configure values for the HTTP/HTTPS header fields that you use to control access to a supported cloud app.

Procedure

  1. On the Secure Access Resources screen, click the Tenancy Restrictions tab and then click Add.
    The Tenancy Restriction Rule screen appears.
  2. Select a cloud app from the dropdown list.
  3. Specify a unique name and a description for the rule.
  4. Confirm or modify the applicable domains for the selected cloud app.
  5. Specify values for each header field to allow the cloud app to implement the tenancy restriction.
    Cloud app
    Header Field
    Value description
    Microsoft Office 365
    Restrict-Access-To-Tenants
    Name or ID of at least one tenant that you want to allow users to access
    Example: mytenant1.com,mytenant2.com,<my_tenant_id>
    Restrict-Access-Context
    Single directory ID of the tenant that sets tenant restrictions
    Example: <my_tenant_id>
    Google Workspace
    X-GoogApps-Allowed-Domains
    Name of at least one domain that you registered with Google Workspace and want to allow users to access
    Example: mydomain1.com,mydomain2.com
    Dropbox
    X-Dropbox-allowed-Team-Ids
    ID of at least one Dropbox team that you want to allow users to access
    Example: <dropbox_team_id>,<dropbox_team_id>
    YouTube
    x-Channel-Ids
    Id of at least one channel to which you want to allow users to access.
    Example: <Youtube_Channel_Id>,<Youtube_Channel_Id>
    Note
    Note
    Users can access only those channels that are listed in the Header Field.
    Microsoft consumer apps
    sec-Restrict-Tenant-Access-Policy
    Fixed value controlling access to Microsoft consumer apps such as Hotmail and OneDrive
    Required value: restrict-msa
    Note
    Note
    Tenancy restrictions for Microsoft consumer apps require the applicable domain login.live.com.
    Other cloud app
    <header_field_name_of_the_cloud_app>
    • Specify a header field and configure an operation on the field.
      • Add: Specify a value in the string type.
        If the specified field exists, the Internet Access Gateway replaces the field value with the specified value. If it does not exist, the Internet Access Gateway adds the field to the header.
      • Delete: If the specified field exists, the Internet Access Gateway deletes the field from the header. If it does not exist, the Internet Access Gateway ignores the action.
      Note
      Note
      Some HTTP/HTTPS header fields are reserved and cannot be modified, such as Host, Path, and Cookie.
    • To add more header fields and set an action for each header field, click +Add.
      Note
      Note
      You can specify a maximum of 10 header fields.
    • To delete an existing header setting, click trash_icon=GUID-47cf6867-6315-438e-8670-86ff36f22a28.png.
    Note
    Note
    • For more information about header field settings for tenancy restriction, see the documentation of each cloud app provider.
    • For each header field with multiple values, you can specify a maximum of 1024 characters.
  6. Click Save.