Header Insertion

Header Insertion

Header Insertion (formerly known as Application Feature Support) provides special configurations for all discovered and custom apps, allowing you to enable certain app-specific features through a key-value pair setting. With this feature, you can control user access to different account types for the apps your organization uses.

You can manually add headers for all apps, including custom apps you configured in Netskope. Certain apps have predefined headers that you can select and configure. The following table includes examples of apps with available predefined headers.

ApplicationsPredefined HeadersDescriptions
Asana

  • Asana-Allowed-Domain-Ids

  • Asana-Allowed-Domains-Requester-Id


This feature enables you to enforce restrictions on workspace access in Asana. If you want to only allow your domain, the values for both headers must be the same. To allow multiple headers, enter multiple values for Asana-Allowed-Domain-Ids.
Cisco WebexCiscoSpark-Allowed-DomainsThis feature enables you to control traffic to Cisco Webex.
DropboxTeam IDsThis feature enables you to allow or block traffic sent to Dropbox. When the Allow Dropbox Traffic feature is enabled in Dropbox, the team ID information is used to determine whether to allow or block the connection between Dropbox and a user.
Google Suite

  • X-GoogApps-Allowed-Domains

  • X-GoogApps-Drive-Deny-Anonymous


This feature enables you to control traffic to Google Suite apps. Users are allowed to access domains listed with the X-GoogApps-Allowed-Domains header. For example, add your corporate domains (e.g., netskope.com). This allows users to access your corporate Google apps, but not personal Google apps. You can list multiple domains.

Note


If users are already logged into YouTube, Meet, Contacts, and Hangouts, Netskope will not be able to block access.


Microsoft Office 365 Accounts

  • Cross-tenant Access Policy

  • Permitted Tenant List

  • Tenant Context


This feature enables you to control traffic to Office 365 cloud apps. When the Tenant Restrictions feature is enabled in Microsoft Entra ID, the tenant ID information is used to provide tenant access to Office 365 apps.

Note


You can find the Directory ID in the Entra ID portal on the Properties page.



You can select the ‘Cross-tenant Access Policy’ key from the dropdown for ‘Microsoft Office 365 Suite’ or ‘Microsoft Live Suite’ and enter the corresponding Values (DirectoryId:<policyGuid>) obtained from Microsoft’s Cross Tenant Access Policy (XTAP) APIs. This allows admins to control the external accounts accessed from their networks and devices.
Slack

  • X-Slack-Allowed-Workspaces

  • X-Slack-Allowed-Workspaces-Requester


This feature enables you to enforce restrictions on workspace access in Slack.

To configure header insertion for an app:

  1. Go to Settings > Manage > Header Insertion.
  2. Click New Header Insertion Profile. The New Key-Value Pair page appears.
  3. On the New Key-Value Pair page:
    • Application: Search for and choose the app you want to configure key-value pairs for.

      Once you choose an app you can click the Go-To-Icon-Header-Insertion.png icon to view more information about the app. If the app is a discovered one, the relevant Cloud Confidence Index page appears. If the app is a custom one, the App Definition page appears.

    • Header Key-Value: Click Custom to manually add a header key. Depending on the app, you can also choose a predefined header key. Next, enter a value for the header in the text box below.

      Click the +ADD button to add another key-value pair. Click delete_icon.png to delete a key-value pair.

    Configuring a New Key-Value Pair on the Netskope Header Insertion page
  4. Click Save.

Once you save a header, you can edit or delete it. If the header insertion profile includes multiple key-value pairs, click View Additional Key-Value pairs to see all the pairs that belong to the profile.

How to view, edit, or delete a Key-Value Pair on the Netskope Header Insertion page.
Share this Doc

Header Insertion

Or copy link

In this topic ...