SaaS Custom HTTP Headers

With SaaS Custom HTTP Headers, admins can inject custom headers into users' sessions with SaaS Applications. Some SaaS Applications such as Microsoft Office 365, G-suite and Dropbox support account type control, for instance blocking personal account and allowing only access to corporate accounts, by using HTTP headers.

Configuring Custom HTTP Headers

  1. Log into the Axis Management console and navigate to the Policy->SaaS Applications screen.
  2. Configure a new SaaS Application instance as presented in the following article .
  3. Under the Custom HTTP Headers Section, enter the key-value pairs that will be injected to sessions destined to the configured SaaS Application by policy.
  4. Complete creation of the SaaS application by clicking on the “Submit” button. The SaaS application will now appear under the “Destinations” field in the Policy Rule form.
  5. Add the SaaS Application with the Custom HTTP Headers into a policy rule as the destination. The policy verdict should be "Allow". Note that SSL Inspection is required in order to inject Custom HTTP Headers.
  6. Click Apply Changes-> Commit Changes.

Custom HTTP Headers Examples

Common SaaS Applications Custom Header policy configurations:

SaaS ApplicationRequest HeaderDescription
Microsoft Office 365Restrict-Access-To-TenantsValue of permitted tenant (office 365 tenant name or tenant ID, e.g, axissecurity.com, 72f977bf-86f1-41af-91ab-2d7cd011db57) you want to allow users to access
G-SuiteX-GoogApps-Allowed-DomainsValue of the domain (e.g axissecurity.com) you want to allow users to access
DropboxX-Dropbox-allowed-Team-IdsValue of team ID (e.g 1235925) you want to allow users to access

📘

Notes

  • In order to inject Custom HTTP Headers SSL Inspection is required.
  • It is recommended to target the Login SaaS Application of the various SaaS providers, e.g "Microsoft Office 365 - Login", "Google Workspace - Login" for the Custom Header Injection feature.