Protect SaaS Applications by enabling Device Trust
Banyan uses OpenID Connect Federation flows to intercept authentication requests between your Identity Provider and the SaaS Application to enforce Device Trust policies. Banyan’s security mechanism is designed to be completely transparent to both the user and the SaaS Application.
The flow diagram below describes how Banyan’s Zero Trust access control security mechanism works for SaaS Applications. Review the Apply Device Policies on SaaS Applications quick start guide to see how to enable device-based access control policies on a SaaS application using Banyan’s Zero Trust security framework.
Access to SaaS Applications
Banyan supports two techniques to enable Zero Trust policy-based access controls for your SaaS applications:
As indicated in the diagram below, the two techniques accomplish the same policy-based access objective by using slightly different authentication flows.
You can either or both techniques to secure your SaaS Applications. The table below lists a few key considerations you should take into account when deploying each technique:
|Works with SaaS applications that support SAML|
|Works with SaaS applications that support OIDC|
|Granular policies per SaaS application|
|No change to SaaS application SSO configuration|
|Technique works with all IDPs||(Okta and OneLogin)|
|Easy configuration for small number of SaaS applications (~10)|
|Easy configuration for large number of SaaS applications (10+)|