Getting BLOCK_DISALLOWED_USER error from a Gatelet-enabled URL
search cancel

Getting BLOCK_DISALLOWED_USER error from a Gatelet-enabled URL


Article ID: 261882


Updated On:


CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Premium CASB Security Standard


The customer is trying to configure the Microsoft Intune endpoint. However, the endpoint failed to log in and connect to the Intune services due to the BLOCK_DISALLOWED_USER error for Microsoft PowerApps Gatelets: PowerApps&username=&tenant=Customer's_tenant_ID&agentless=true


Release : 1


The customer configured an authentication bypass for the URL in this case. Therefore, the traffic sent to the CASB Gateway was missing the username.


After removing this URL from the authentication bypass list, the endpoint could log in successfully and connect to the Intune portal.

Additional Information

If you use ProxyFowarding or Management Center to modify the default WSS forwarding rules, please include the SSL interception and Authentication for any CASB domain of interest. Specifically, please check identity and authentication for WSS: If your WSS account is provisioned for CloudSOC Gateway (CloudSOC-only mode), then Auth Connector is not required. WSS does not require users or groups for policies. The on-premises ProxySG appliance provides the user/group information to CloudSOC. CloudSOC Gateway uses SpanVA to map users to groups.

Please view the Setting Up Proxy Forwarding tech doc for complete technical requirements.