Scan SaaS applications
Cloudflare's API-driven Cloud Access Security Broker (CASB) scans SaaS applications for misconfigurations, unauthorized user activity, shadow IT, and other data security issues that can occur after a user has successfully logged in.
When you integrate a third-party SaaS application with Cloudflare CASB, you allow CASB to make API calls to the application and read relevant data on your behalf. The CASB integration permissions are read-only and follow the least privileged model. In other words, only the minimum access required to perform a scan is granted.
Before you can integrate a SaaS application with CASB, your SaaS account must meet certain requirements. To view the prerequisites and permissions for your application, refer to its integration guide.
- In Zero Trust ↗, go to CASB > Integrations.
- Select Add integration.
- Browse the available SaaS integrations and select the application you would like to add.
- Follow the step-by-step integration instructions in the UI.
- To run your first scan, select Save integration. You will be redirected to the Findings page to see an in-depth listing of issues found.
After the first scan, CASB will automatically scan your application on a frequent basis to keep up with any changes. Due to each application having their own set of requirements, scan intervals will vary, but the frequency is typically between every 1 hour and every 24 hours.
- In Zero Trust ↗, go to CASB > Integrations.
- Find the integration you would like to pause and select Manage.
- To stop scanning the application, turn off Scan findings.
You can resume application scanning at any time by turning on Scan findings.
- In Zero Trust ↗, go to CASB > Integrations.
- Find the integration you would like to delete and select Manage.
- Select Delete.