Overview

The Banyan Command Center allows you to use templates to define and secure different types of corporate resources using Zero Trust policies:

  • Hosted Websites – Includes standard websites and HTTPS applications accessed through a web browsers. Supports defining single domain and multi-domain services.
  • Infrastructure - Includes SSH, RDP, Kubernetes, and other TCP Services for users.
  • SaaS Applications (Banyan Federated) – SaaS applications configured for SAML/OIDC authentication using Banyan TrustProvider.
  • IDP Routed (IDP Routed) – SaaS applications configured for SAML/OIDC authentication using your Identity Provider to federate to Banyan TrustProvider.
  • Custom Hosted Services for advanced use cases.

Additionally, you can create service bundles to organize similar sets of services commonly used by your end users.

Custom Hosted Service (JSON)

By creating a custom hosted service, you can further control specific features for individual services in your organization, such as Device Trust Verification for Sandboxed Apps and more.

To create a custom Service:

1. Navigate to Manage Services > Hosted Services and then click + Register Service.

2. Select the Custom Service (JSON) template.

3. Configure the Service Name, Description (shown to end users), and Icon. Then, select the applicable Cluster Name.

4. Configure the Service Metadata and Service Attributes.

Please refer to the Hosted Service Spec for details on Service Metadata and Service Attributes.

5. Attach a policy (optional) and then click Register Service.

Convert an Existing Hosted Service to a Custom Hosted Service

To convert an existing service definition, follow these steps:

1. Navigate to Manage Services > Hosted Websites and then select the existing service.

2. Select the Convert to Custom JSON button.

3. Select Continue.


Modify SaaS Application JSON Spec

To modify the service definition for a SaaS App, follow these steps:

1. Get the full list of configured SaaS Apps using the endpoint /api/v1/saasapp. For example (cURL):

curl -H "Authorization: Bearer $API_TOKEN" https://demo.bnntest.com/api/v1/saasapp

2. Locate the specific SaaS App you are configuring, and make the change you need. For example, you can set the suppress_device_trust_verification flag to true.

3. Post the updated SaaS App spec using the endpoint /api/v1/insert_saasapp. For example (cURL):

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $API_TOKEN" -d  '{"kind":"BanyanSaasApp","apiVersion":"rbac.banyanops.com/v1","metadata":{"id":"","name":"Dropbox","description":"Access to Dropbox","tags":{"template":"BANYAN_TRUSTPROVIDER"}},"spec":{"client_id":"sp8mMSfdn6uXbGVb4MIPeAxXVrVYgYe2KGNTDl5gLQQ","client_secret":"ljcChVgQT2wNwTlcSAxwJBnX9yJWmBNE2_k9jC50SD8","redirect_url":"https://www.dropbox.com/saml_login","protocol":"SAML","type":"BANYAN_FIRST","audience_uri":"Dropbox","name_id_format":"email","suppress_device_trust_verification":true}}' https://demo.bnntest.com/api/v1/insert_saasapp

Clone Services

To clone an existing service, complete the following steps:

(1) In the Banyan console, navigate from Manage Services > Hosted Websites or from Manage Services > Infrastructure. Select a hosted website service or an infrastructure service. On the selected service’s page, select the Clone Service icon, as shown in the image below:

(2) To clone your service, enter your new Service Name and your new Service Domain Name.

  • Note that all instances of your new Service Name and Service Domain Name will be automatically updated in your cloned service’s Specification.

Note: If you clone a service and use the original service name as the new service name (i.e., if you use identical names), the cloned service will overwrite your original service.

Disable Services

Disabling a service removes Banyan access controls, policies, and activity logging. This service can be reenabled at any time.

To disable a Service:

1. Navigate to service and then click the edit service icon

2. Select Disable and confirm


Delete Services

Deleting a service removes all relevant data about the service and is a non-recoverable action. To temporarily remove Banyan access controls, see Disable Services.

To delete a Service:

1. Ensure the service has been disabled and no policy is attached.

2. Navigate to service and then click the edit service icon

2. Select Delete and confirm



Last modified: Nov 04, 2021