Skyhigh Cloud Connector 5.0.1 is updated to work with tenants that have been migrated to Skyhigh Security IAM login. Additionally, customers with Skyhigh Security Service Edge enabled must install Skyhigh Cloud Connector 5.0.1.
If you have an email address that is used on more than one tenant, during the install procedure, you will see a new step to select the tenant you want to log into. For details, see Download and Install Skyhigh Cloud Connector.
KNOWN ISSUE: There is also a Known Issue, that if you try to install Cloud Connector 5.0.1 on a tenant that has not yet been migrated to IAM login, you will see an error. For details, see Skyhigh Cloud Connector Known Issues.
KNOWN ISSUE: After the Skyhigh CASB login migrates to IAM, users created in the new Skyhigh CASB URL cannot be logged into Skyhigh Cloud Connector. To fix this issue, you must upgrade to Cloud Connector 5.0.2.
Existing customers with Skyhigh Cloud Connector 5.0.0 and earlier:
- Your CC tenant will be migrated to use Skyhigh Security IAM login.
- The CC User role must continue to be a non-SAML user (same as before – no changes).
- Older versions of CC continue to work.
- If the userid includes a +tenantID, continue to use it when you log in to the CC web UI. Once IAM is enabled, you will no longer use the +tenantID syntax to access Skyhigh CASB.
Existing customers upgrading to Skyhigh Cloud Connector 5.0.1:
- Your tenant must be enabled for IAM before you can upgrade to CC 5.0.1 and later.
- If you upgrade CC to 5.0.1 before IAM is enabled on your tenant, the install or upgrade will fail. (Known Issue.)
- During the upgrade (to 5.0.1 or later), you will be prompted to enter user credentials one time. If you have access to more than one tenant, select the tenant you want to upgrade from the provided drop-down list.
- Once you select a tenant, CC caches it locally and for subsequent upgrades. You will not be prompted for credentials again.
- For CC 5.0.1 and later, to log into the CC web UI, use the IAM userID. The +tenantID syntax is no longer required.
New customers (tenants) and new installations:
- All new tenants are configured for Skyhigh Security IAM login by default.
- For new tenants, you can only use CC 5.0.1 and later. Older CC versions up to 5.0.0 will fail to install.
- An existing customer with IAM enabled can also install a new CC using 5.0.1 and later (even when older CC instances continue to exist).
Gov Cloud Customers:
- Skyhigh Security IAM login is not available for Gov Cloud customers.
- If you need to install or upgrade to CC 5.0.1 and later, you must use the iamDisable command-line argument to bypass the IAM workflow:
- For Linux:
sh shnlp_unix64_5_0_1_4.sh -ViamDisable=true
- For Windows:
. \shnlp_windows-x64_5_0_1_4.exe -ViamDisable=true
- For Linux:
Add IAM URLs to Allow List before Installing Skyhigh Cloud Connector 5.0.1 or later
Before you install Skyhigh Cloud Connector 5.0.1 or later, you must allow list additional IAM URLs. For details, see Add Domains or URLs to Allow List for Skyhigh CASB.