CloudSOC investigates events that could be missing the Cloud Service Username for some CASB Gateway activity. The Cloud Service Username is the user's SaaS login name example: [email protected].
The CloudSOC Username is the corporate user that attempted the activity in the SaaS and is not affected by this potential issue.
The potential problem:
A CloudSOC Gateway enforcement policy could be affected by this issue if the policy specifies the account type as internal or external. The procedure may not be enforced because CloudSOC cannot identify the external user.
This issue does not affect policies that are enforced by the CloudSOC username instead of the account type.
If a user's connectivity method is switched during an active SaaS session, the new session may not have the Cloud Service Username (SaaS username) example: [email protected]. The Gateway access enforcement policy may not be enforced properly in this condition.
The gateway connectivity methods include:
To resolve the issue before the synchronization occurs, logout and login of the SaaS will send the Cloud Service username in the new session and resolve the issue. The user may need to log out of more than one SaaS or clear the browser cache, which will result in a new login for the SaaS.
This issue may be minimized by: