Manage Services

Overview

The Banyan Command Center allows you to use templates to define and secure different types of corporate resources using Zero Trust policies:

  • Hosted Websites – Includes standard websites and HTTPS applications accessed through a web browsers. Supports defining single domain and multi-domain services.
  • Infrastructure - Includes SSH, RDP, Kubernetes, and other TCP Services for users.
  • SaaS Applications (Banyan Federated) – SaaS applications configured for SAML/OIDC authentication using Banyan TrustProvider.
  • IDP Routed (IDP Routed) – SaaS applications configured for SAML/OIDC authentication using your Identity Provider to federate to Banyan TrustProvider.
  • Custom Hosted Services for advanced use cases.

Additionally, you can create service bundles to organize similar sets of services commonly used by your end users.

Custom Hosted Service (JSON)

By creating a custom hosted service, you can further control specific features for individual services in your organization, such as Device Trust Verification for Sandboxed Appsand more.

To create a custom Service:

1. Navigate to Manage Services > Hosted Services and then click + Register Service.

2. Select the Custom Service (JSON) template.

3. Configure the Service Name, Description (shown to end users), and Icon. Then, select the applicable Cluster Name.

4. Configure the Service Metadata and Service Attributes.

Please refer to the Hosted Service Spec for details on Service Metadata and Service Attributes.

5. Attach a policy (optional) and then click Register Service.

Convert an Existing Hosted Service to a Custom Hosted Service

To convert an existing service definition, follow these steps:

1. Navigate to Manage Services > Hosted Services and then select the existing service.

2. Click Download Service Spec to download the service’s JSON file.

3. Open the JSON file (downloaded in step 2) and make the changes you need. For example, if you wish to add the suppress_device_trust_verification flag (true) to the oidc_settings section of http_settings:

"oidc_settings": {
    "enabled": true,
    "service_domain_name": "https://hosted-service.example.com", "post_auth_redirect_path": "",
    "api_path": "",
    "suppress_device_trust_verification": true
}

4. Create a Custom Service and configure the Service Name, Description (shown to end users), and Icon. Then, select the applicable Cluster Name.

5. Copy the tags from the JSON and paste them in the Service Metadata field.

6. Copy the spec attributes from the JSON and paste them in the Service Attributes field.

7. Attach a policy (optional) and then click Register Service.

8. Disable (or delete) the original service.


Modify SaaS Application JSON Spec

To modify the service definition for a SaaS App, follow these steps:

1. Get the full list of configured SaaS Apps using the endpoint /api/v1/saasapp. For example (cURL):

curl -H "Authorization: Bearer $API_TOKEN" https://demo.bnntest.com/api/v1/saasapp

2. Locate the specific SaaS App you are configuring, and make the change you need. For example, you can set the suppress_device_trust_verification flag to true.

3. Post the updated SaaS App spec using the endpoint /api/v1/insert_saasapp. For example (cURL):

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $API_TOKEN" -d  '{"kind":"BanyanSaasApp","apiVersion":"rbac.banyanops.com/v1","metadata":{"id":"","name":"Dropbox","description":"Access to Dropbox","tags":{"template":"BANYAN_TRUSTPROVIDER"}},"spec":{"client_id":"sp8mMSfdn6uXbGVb4MIPeAxXVrVYgYe2KGNTDl5gLQQ","client_secret":"ljcChVgQT2wNwTlcSAxwJBnX9yJWmBNE2_k9jC50SD8","redirect_url":"https://www.dropbox.com/saml_login","protocol":"SAML","type":"BANYAN_FIRST","audience_uri":"Dropbox","name_id_format":"email","suppress_device_trust_verification":true}}' https://demo.bnntest.com/api/v1/insert_saasapp
Last modified: Jul 27, 2021