This article will show you how to enable device-based access control policies on a SaaS application using Banyan's Zero Trust security framework
This guide primarily refers to OIDC-enabled SaaS Applications. However, Banyan also supports SAML-enabled SaaS Applications and the same steps can be extended to SAML-enabled SaaS Applications.
For this quick start guide, we have a public internet-facing web application - commonly called a Software-as-a-Service (SaaS) Application - that supports user authentication using OpenID Connect (OIDC).
We assume your end users have been added to your Banyan directory, and that they have the latest Banyan Desktop or Mobile App installed on devices from which they will access the Jenkins application.
The setup for this quick start guide is as follows:
The SaaS Application we’ll secure supports OpenID Connect (OIDC) for authentication.
We have the SaaS Application’s authentication Redirect URL (aka Callback URL) and have rights to configure its OIDC settings.
Note: Banyan is NOT a primary Identity Provider; instead the Banyan TrustProvider component federates to your organization’s Identity Provider upon every login. Banyan then evaluates security posture against access policies.
We will add a security policy to the SaaS Application in 4 steps.
1.1 Navigate to Secure Access > Policies > Create New Policy and create a new Policy using the template Basic Authorization Policy for Users.
1.2 Name the policy
quickstart-user-saas and be sure to select the option that specifies this policy is intended for
Web - for accessing HTTP services via web browser.
Also set the policy attributes for minimal controls:
2.1 Navigate to Manage Services > SaaS Applications > + Publish SAAS APPLICATION.
Banyan Federatedto route to Banyan first.
2.3 Name the SaaS App
quickstart-saas-app and set the attributes:
Redirect URLto the well-known Redirect URL provided by the SaaS application you are securing
You can also configure device policies on SAML-enabled SaaS Applications.
2.4 Attach the
quickstart-user-saas policy we had previously created and set enforcement mode to
2.5 Click Register. The next screen will give you the details you need to enter into your SaaS App.
3.1 Fill in the data from Banyan Command Center for the SaaS App you are securing.
4.1 Now, you can navigate to your SaaS App and authenticate. You will be taken to your Identity Provider to login while, behind the scenes, Banyan is evaluate device posture and enforcing your security policies.
And, that’s it! You You have created a Zero Trust policy for your OIDC-enabled SaaS App.