search cancel

Page Access denied: Invalid User or Tenant.

book

Article ID: 173385

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway

Issue/Introduction

Unable to access SaaS sites with CASB Gatelets enabled.

Page access Denied: Invalid user or Tenant for unknown [email protected]

Or DomainORWorkstation\userid  is listed.

Or no user is listed.

 

 

 

Cause

No Guest user in CloudSOC.

Environment

CASB Proxy Chaining is enabled with:

  • User Signaling (Agentless)
  • Unauthorized User as Guest

 

Resolution

In CloudSOC, Users page:

  1. Create the user "guest".
  2. Give that user an email address of [email protected] (domain.com is the primary domain in CASB) 

If no user is reported, but the invalid user or tenant exists.  Verify that WSS is not bypassing authentication.

If the Invalid User or Tenant reports a user as  DomainORWorkstation\userid  verify the user exists as a SecondaryID in CloudSOC.