Overview

The Banyan Command Center allows you to use templates to define and secure different types of corporate resources using Zero Trust policies:

  • Hosted Websites – Includes standard websites and HTTPS applications accessed through a web browsers. Supports defining single domain and multi-domain services.
  • Infrastructure - Includes SSH, RDP, Kubernetes, and other TCP Services for users.
  • SaaS Applications (Banyan Federated) – SaaS applications configured for SAML/OIDC authentication using Banyan TrustProvider.
  • IDP Routed (IDP Routed) – SaaS applications configured for SAML/OIDC authentication using your Identity Provider to federate to Banyan TrustProvider.
  • Custom Hosted Services for advanced use cases.

Additionally, you can create service bundles to organize similar sets of services commonly used by your end users.

Custom Hosted Service (JSON)

By creating a custom hosted service, you can further control specific features for individual services in your organization, such as Device Trust Verification for Sandboxed Appsand more.

To create a custom Service:

1. Navigate to Manage Services > Hosted Services and then click + Register Service.

2. Select the Custom Service (JSON) template.

3. Configure the Service Name, Description (shown to end users), and Icon. Then, select the applicable Cluster Name.

4. Configure the Service Metadata and Service Attributes.

Please refer to the Hosted Service Spec for details on Service Metadata and Service Attributes.

5. Attach a policy (optional) and then click Register Service.

Convert an Existing Hosted Service to a Custom Hosted Service

To convert an existing service definition, follow these steps:

1. Navigate to Manage Services > Hosted Websites and then select the existing service.

2. Select the Convert to Custom JSON button.

3. Select Continue.


Modify SaaS Application JSON Spec

To modify the service definition for a SaaS App, follow these steps:

1. Get the full list of configured SaaS Apps using the endpoint /api/v1/saasapp. For example (cURL):

curl -H "Authorization: Bearer $API_TOKEN" https://demo.bnntest.com/api/v1/saasapp

2. Locate the specific SaaS App you are configuring, and make the change you need. For example, you can set the suppress_device_trust_verification flag to true.

3. Post the updated SaaS App spec using the endpoint /api/v1/insert_saasapp. For example (cURL):

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $API_TOKEN" -d  '{"kind":"BanyanSaasApp","apiVersion":"rbac.banyanops.com/v1","metadata":{"id":"","name":"Dropbox","description":"Access to Dropbox","tags":{"template":"BANYAN_TRUSTPROVIDER"}},"spec":{"client_id":"sp8mMSfdn6uXbGVb4MIPeAxXVrVYgYe2KGNTDl5gLQQ","client_secret":"ljcChVgQT2wNwTlcSAxwJBnX9yJWmBNE2_k9jC50SD8","redirect_url":"https://www.dropbox.com/saml_login","protocol":"SAML","type":"BANYAN_FIRST","audience_uri":"Dropbox","name_id_format":"email","suppress_device_trust_verification":true}}' https://demo.bnntest.com/api/v1/insert_saasapp

Disable Services

Disabling a service removes Banyan access controls, policies, and activity logging. This service can be reenabled at any time.

To disable a Service:

1. Navigate to service and then click the edit service icon

2. Select Disable and confirm


Delete Services

Deleting a service removes all relevant data about the service and is a non-recoverable action. To temporarily remove Banyan access controls, see Disable Services.

To delete a Service:

1. Ensure the service has been disabled and no policy is attached.

2. Navigate to service and then click the edit service icon

2. Select Delete and confirm



Last modified: Oct 13, 2021