Microsoft O365 & SAML apps

The problem statement from a financial institution was that they wanted to restrict the access of Microsoft Office 365 suite of applications only from approved devices which are compliant with organizational policies and from specific geographic locations to reduce the risk of unauthorized access and data breaches.

The InstaSafe Zero Trust platform offers the capability to integrate with Microsoft 0365 and any web application which supports SAML and acts as an Identity Provider. The access to the Microsoft Office 365 suite of applications is granted only after the user connects to the InstaSafe agent.

The InstaSafe agent performs the following contextual access checks:

Device Binding check: validates that the application access request is from a known device which is approved.

Device Compliance check: validates that the device posture is compliant with organizational policies.

Gelocation check: validates that the user request is from a known geographical location.

If the above contextual access checks are successful then the InstaSafe agent gets connected and the user can access Microsoft Office 365 suite of applications.

Please refer to the below video for an illustration on contextual access to Microsoft Office 365 suite of applications only after the user is successfully connected to the InstaSafe agent.

  • as illustrated in the video, if the user disconnects from the InstaSafe agent then he/she loses access to the Office 365 applications from the web portal.

  • if the user is not connected to the InstaSafe agent and tries to access the Office 365 applications by directly trying the url then access is forbidden.

  • only after the user connects to the InstaSafe agent, he/she will be able to access the Office 365 applications.

0365ContextualAccess

Comments