Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Allow Access to Services with Coaching

Instead of simply blocking or allowing access to web services, you can restrict access to allow it only for users who have a business reason.

Restricting access in this way is also known as coaching. Users who attempt to access a coached service are prompted to confirm they have a business reason to be able to access it.

After confirming, users are allowed access. Their access is logged.

Coaching is applied to groups of services. You can create service groups under Governance > Service Groups.

Because content must be inspected when coached access is allowed, the rule set for content inspection must be enabled and precede the Application Coaching rule set, which controls coaching. on the policy tree.

  1. In Skyhigh CASB, select Policy > Web Policy > Policy.
  2. In the policy tree, select Application Control > Application Coaching.
  3. Optionally configure criteria to limit the scope of this rule set.
  4. From the service groups you have created, choose those that you want to apply coaching to.
  5. If these service groups are already shown on the rule set page, continue with step 5. Otherwise complete these substeps:
    1. Click the + sign next to Service Groups

      If no service groups are shown at all, you can also click Add Service Groups to Block Services.

      The Service Groups window opens. It shows the service groups that you have created.
       
    2. Select the service groups you want to apply coaching to. Then click Done.

      The window closes and the selected service groups are shown on the rule set page.
       
  6. Select the service groups you want to apply coaching to on the rule set page.

You have now allowed coached access to the web services in the groups you selected. Users can only access them if they confirm they have a business reason.

Your changes were already saved locally when you made them. You can publish them to the cloud now or keep working and publish later.

  • Was this article helpful?