Header Insertion
Header Insertion
Header Insertion (formerly known as Application Feature Support) provides special configurations for all discovered and custom apps, allowing you to enable certain app-specific features through a key-value pair setting. With this feature, you can control user access to different account types for the apps your organization uses.
You can manually add headers for all apps, including custom apps you configured in Netskope. Certain apps have predefined headers that you can select and configure. The following table includes examples of apps with available predefined headers.
Applications | Predefined Headers | Descriptions |
---|---|---|
Asana |
| This feature enables you to enforce restrictions on workspace access in Asana. If you want to only allow your domain, the values for both headers must be the same. To allow multiple headers, enter multiple values for Asana-Allowed-Domain-Ids. |
Cisco Webex | CiscoSpark-Allowed-Domains | This feature enables you to control traffic to Cisco Webex. |
Dropbox | Team IDs | This feature enables you to allow or block traffic sent to Dropbox. When the Allow Dropbox Traffic feature is enabled in Dropbox, the team ID information is used to determine whether to allow or block the connection between Dropbox and a user. |
Google Suite |
| This feature enables you to control traffic to Google Suite apps. Users are allowed to access domains listed with the X-GoogApps-Allowed-Domains header. For example, add your corporate domains (e.g., netskope.com). This allows users to access your corporate Google apps, but not personal Google apps. You can list multiple domains. Note If users are already logged into YouTube, Meet, Contacts, and Hangouts, Netskope will not be able to block access. |
Microsoft Office 365 Accounts |
| This feature enables you to control traffic to Office 365 cloud apps. When the Tenant Restrictions feature is enabled in Microsoft Entra ID, the tenant ID information is used to provide tenant access to Office 365 apps. Note You can find the Directory ID in the Entra ID portal on the Properties page. You can select the ‘Cross-tenant Access Policy’ key from the dropdown for ‘Microsoft Office 365 Suite’ or ‘Microsoft Live Suite’ and enter the corresponding Values (DirectoryId:<policyGuid>) obtained from Microsoft’s Cross Tenant Access Policy (XTAP) APIs. This allows admins to control the external accounts accessed from their networks and devices. |
Slack |
| This feature enables you to enforce restrictions on workspace access in Slack. |
To configure header insertion for an app:
Note
Netskope Header Insertion overrides any existing header of the same name. If you have existing configurations for header insertion (e.g. header insertion via Chrome Browser), and create a Header Insertion Profile on Netskope for the same headers, any previously inserted headers will be overridden.
- Go to Settings > Manage > Header Insertion.
- Click New Header Insertion Profile. The New Key-Value Pair page appears.
- On the New Key-Value Pair page:
- Application: Search for and choose the app you want to configure key-value pairs for.
Once you choose an app you can click the icon to view more information about the app. If the app is a discovered one, the relevant Cloud Confidence Index page appears. If the app is a custom one, the App Definition page appears.
- Header Key-Value: Click Custom to manually add a header key. Depending on the app, you can also choose a predefined header key. Next, enter a value for the header in the text box below.
Click the +ADD button to add another key-value pair. Click to delete a key-value pair.
- Application: Search for and choose the app you want to configure key-value pairs for.
- Click Save.
Once you save a header, you can edit or delete it. If the header insertion profile includes multiple key-value pairs, click View Additional Key-Value pairs to see all the pairs that belong to the profile.