Invalid user or tenant on a non Gatelet SaaS URL
search cancel

Invalid user or tenant on a non Gatelet SaaS URL

book

Article ID: 382986

calendar_today

Updated On:

Products

CASB Gateway Advanced CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

CASB block page: Invalid user or tenant occurs while accessing a SaaS that is not a Gatelet.

In this specific example user was accessing monday.com but could happen with other services.

Fiddler\Har export will indicate the URL that is blocked. In this specific case https://export-board-excel-production-monday.s3.amazonaws.com.

Searching for block in the Har file:

https://app.eu.elastica.net/static/ng/appLogin/index.html#/blocked?code=BLOCK_DISALLOWED_USER&dest_url=https://export-board-excel-production-monday.s3.amazonaws.com/&app=

 

Resolution

Bypassing the URL listed in the block event in Cloud SWG or the chaining proxy forwarding to Cloud SWG.

In this specific case: export-board-excel-production-monday.s3.amazonaws.com

 

If the domain cannot be bypassed another option is to create a guest account in CloudSOC ([email protected]). Create a support ticket to unable unauthorized user as a guest. Any unauthenticated traffic from WSS will show up in investigate by user guest.  Additional policy can be applied to user guest as needed.

 

https://knowledge.broadcom.com/external/article/173385

Additional Information

Many vendors use services from s3.amazonaws.com, this potentially could happen with other services that use amazon services.

Powered by Wolken Software