icon-unified.svg
Experience Center

About SaaS Application Tenants

Zscaler Data at Rest Scanning provides visibility and security for sanctioned SaaS applications used in your organization. You can authorize sanctioned SaaS applications with Zscaler by adding them as tenants. You can see general information about each tenant, such as the authorization status and configured policies.

SaaS Application Tenants provides the following benefits and allows you to:

  • Add or edit SaaS application tenants.
  • View general information about each tenant.

About the SaaS Application Tenants Page

On the SaaS Application Tenants page (Policies > Common Configuration > Out-of-band CASB > SaaS Application Tenants), you can do the following:

  1. Add a SaaS application tenant.
  2. Search for a configured SaaS application tenant.
  3. View a list of all configured SaaS application tenants. For each tenant, you can see the following:
    • Application: The type of sanctioned SaaS application (e.g., Box, Microsoft OneDrive, SharePoint, etc.).
    • Tenant Name: The name of the SaaS application tenant that is displayed when configuring the DLP policy, Malware Detection policy, and Scan Configuration.
    • Status: The status of the SaaS application tenant. The following states appear:
      • Active: The tenant is in use. Policies are enforced for this SaaS application.
      • Inactive: The tenant is not in use. Policies are not enforced for this SaaS application.
      • Validation Failed: There were issues validating the admin credentials and authorizing the SaaS application. To learn more, see SaaS Application Validation Error Codes​​​​​.
      • Reauthorization Required: Edit the tenant, and click Reauthorize to log in to the SaaS application and give Zscaler access to it.

If you're reauthorizing GitHub, you must revoke the existing Zscaler OAuth application authorization in the GitHub portal. To learn more, refer to the GitHub documentation.

  • Last Modified On: The last time the SaaS application tenant was edited.
  • Last Modified By: The name of the admin who last edited the SaaS application tenant.

  • Owner: Indicates whether the SaaS application tenant was created in Internet & SaaS or Digital Experience Monitoring. If the tenant was created in Digital Experience Monitoring, the delete functionally is removed in Internet & SaaS. Edits in Internet & SaaS for tenants created in Digital Experience Monitoring are allowed on any fields except those relating to Workflow Automation.

    To learn more about adding or editing applications in Digital Experience Monitoring, see About Applications.

  • Policy Configured: The Data at Rest Scanning policies (DLP and Malware Detection) configured for the SaaS application tenant.
  • External Trusted Domains: Displays the total number of added external trusted domains. Click to view a list of the domains. This only applies to email SaaS application tenants.

  • External Trusted Users: Displays the total number of added external trusted users. Click to view a list of the users. This only applies to email SaaS application tenants.

  1. Edit a SaaS application tenant.
  2. Modify the table and its columns.
  3. Delete the SaaS application tenant.

Screenshot highlighting the features of the SaaS Application Tenants page in the ZIA Admin Portal.

Related Articles
Authorizing a Custom Zscaler Connector for Google ApplicationsAuthorizing a Custom Zscaler Connector for Microsoft ApplicationsAbout SaaS Application TenantsAdding SaaS Application TenantsSaaS Application Validation Error CodesAdding Object Types for ServiceNow Tenants