Cloud Apps tab

The cloud service includes a database of cloud applications that can be used to allow or block user access to selected applications.

Click the Cloud Apps tab to configure a list of cloud apps to be blocked and a separate list of cloud apps to be allowed by this policy.

Note that customers who have licensed and use the Protected Cloud Apps feature will see slight differences when using the Cloud Apps tab for policies for which protected cloud apps should be applied. See Using the Cloud Apps tab with Protected Cloud Apps below.

Enable Always allow access to cloud apps on the Allow Access list to always permit user access to cloud apps that have been added to the Allow Access list. User requests to these applications are allowed regardless how the corresponding category is configured on the Web Categories tab.

See Filtering action order for details on how the cloud service applies filtering actions.

Select Block all high risk level applications to block access to any cloud app that is considered high risk.

The number of high risk applications is provided in a link that can be used to open a scrollable list of the qualifying apps. When the list is open, use your browser search feature to locate specific apps.

Click the link to the Cloud Apps block page to navigate to Web > Block & Notification Pages > Page Details and customize the block page created specifically for blocking user access to cloud apps.

In the Block Access list, select specific cloud apps that should always be blocked, regardless of their risk level.

Enter all or part of a cloud app name in the search box.

A drop-down list appears, containing cloud app names that qualify for the search. As text is entered, the list of qualifying apps changes to match the search criteria. Search results are listed alphabetically within each risk level.

Note that, if Block all high risk level applications has been selected, the selection list is limited to medium and low risk apps. Search results provide only the total number of high risk apps.

Select the app or apps you wish to add to the blocked list by marking the check box next to the app name.

Apps that have already been included in the Allow Access list cannot be selected. They must first be removed from that list.

Click Done when you have finished making your selections. Each selected cloud app is added to the blocked list.

Remove an app from the list by removing the check mark.

The number of selected apps included in each risk level is provided next to the risk level name. Cloud apps in the list are sorted alphabetically within each risk level.

If Block all high risk level applications was enabled, the risk level and total is automatically included in the list. The actual apps are not listed. If one of the high risk apps is specifically selected in the Allow Access list, the count is reduced by the number of high risk apps allowed.


	Important The Block Access list takes precedence over actions assigned on the Web Categories tab. If a blocked cloud app is requested using a URL categorized in a category that is set to allow, access to it is blocked.

In the Allow Access list, select cloud apps that should always be permitted.

Enter all or part of a cloud app name in the search box.

Select the app or apps you wish to add to the allowed list by marking the check box next to the app name.

Apps that have been included on the Block Access list cannot be selected. They must first be removed from that list.

Click Done when you have finished making your selections. Each selected cloud app is added to the permitted list.


	Important The Allow Access list takes precedence over the Block all high risk level applications option. Access to a high risk app that is on the permitted list is allowed even if Block all high risk level applications is enabled.

Remove an app from the list by removing the check mark.

The number of selected apps included in each risk level is provided next to the risk level name. Cloud apps in the list are sorted alphabetically within each risk level.

Click Save.


	Important Block actions assigned on the Web Categories tab take precedence over the Allow Access list. If a permitted cloud app is requested using a URL categorized in a category that is set to block, access to it is blocked.

A count of the number of selected apps is provided above each selection pane. Each list is limited to 100 selections. When the limit is reached, search results no longer allow selection of additional apps. An app that was previously selected must first be removed from the list.

Using the Cloud Apps tab with Protected Cloud Apps

When the Protected Cloud App feature has been enabled (see Configure protected cloud apps for details), the selections made on the Web > Settings > Protected Cloud Apps page impact the Block Access and Allow Access selections.

Protected cloud apps display on both lists and are indicated with a hash mark (#).

To easily find them, use a hash mark at the beginning of the search string.

Cloud apps selected on Web > Settings > Protected Cloud Apps as a protected app are automatically selected on the Allow Access list. They appear in search results on both lists, but cannot be selected or removed on either.

Attempts by an end user to access these apps are forwarded to Forcepoint CASB for analysis and policy enforcement unless the app is in a blocked category (configured on the Web Categories tab).

Cloud apps listed but not selected on Web > Settings > Protected Cloud Apps can be either allowed or blocked on the Cloud Apps tab. If an app is blocked and later selected on Web > Settings > Protected Cloud Apps, it is automatically moved to the Allow Access list and marked as selected.