SaaS Custom HTTP Headers
With SaaS Custom HTTP Headers, admins can inject custom headers into users' sessions with SaaS Applications. Some SaaS Applications such as Microsoft Office 365, G-suite and Dropbox support account type control, for instance blocking personal account and allowing only access to corporate accounts, by using HTTP headers.
Configuring Custom HTTP Headers
- Log into the Axis Management console and navigate to the Policy->SaaS Applications screen.
- Configure a new SaaS Application instance as presented in the following article .
- Under the Custom HTTP Headers Section, enter the key-value pairs that will be injected to sessions destined to the configured SaaS Application by policy.
- Complete creation of the SaaS application by clicking on the “Submit” button. The SaaS application will now appear under the “Destinations” field in the Policy Rule form.
- Add the SaaS Application with the Custom HTTP Headers into a policy rule as the destination. The policy verdict should be "Allow". Note that SSL Inspection is required in order to inject Custom HTTP Headers.
- Click Apply Changes-> Commit Changes.
Custom HTTP Headers Examples
Common SaaS Applications Custom Header policy configurations:
| SaaS Application | Request Header | Description |
|---|---|---|
| Microsoft Office 365 | Restrict-Access-To-Tenants | Value of permitted tenant (office 365 tenant name or tenant ID, e.g, axissecurity.com, 72f977bf-86f1-41af-91ab-2d7cd011db57) you want to allow users to access |
| G-Suite | X-GoogApps-Allowed-Domains | Value of the domain (e.g axissecurity.com) you want to allow users to access |
| Dropbox | X-Dropbox-allowed-Team-Ids | Value of team ID (e.g 1235925) you want to allow users to access |
Notes
- In order to inject Custom HTTP Headers SSL Inspection is required.
- It is recommended to target the Login SaaS Application of the various SaaS providers, e.g "Microsoft Office 365 - Login", "Google Workspace - Login" for the Custom Header Injection feature.
Updated about 13 hours ago