The BlastShield™ SaaS Proxy Agent
BlastShield™ can secure access to SaaS applications such as Microsoft 365 using its zero-trust methodology combined with password-less multi-factor user authentication (MFA). Using a Proxy Agent running on a server, BlastShield™ will secure the application authentication traffic. The domains to be secured are configurable in the Orchestrator and you can proxy different sets of domains for different users. Combined with conditional access controls in the SaaS application, you can use BlastShield's zero-trust access to extend the security perimeter of your SaaS application. All user activity is monitored by BlastShield™ and may be exported to syslog for analysis.
Important
To use the SaaS Proxy Agent feature, you must have Proxies Allowed enabled in your license. Please contact us if you would like to enable this feature.
Here is a summary of the steps required for the setup.
Create a BlastShield™ Exit Agent.
Create the BlastShield™ proxy instance.
Configure the end users
Configure conditional access rules on your SaaS application.
Configure conditional access rules on your SaaS application.
When you use the BlastShield™ SaaS Proxy, you must enable the conditional access functionality on your SaaS application to limit access to only connections with a source IP address of the Exit Agent used in the BlastShield™ Proxy. This ensures only authenticated users from the BlastShield™ network can connect to your SaaS application.
Refer to the articles in this section for further information on configuring and using the BlastShield™ SaaS Proxy.