User account domains: origin (Preview)
|
To enable this Preview feature, contact Fortinet Support. |
The User account domains parameter, available in the File origin parameters or Attachment origin parameters template sections, allows detections to be generated based on the login account name used to download files from a protected website (that is, one defined by the URL patterns: origin (Preview) parameter) or a protected web app (that is, one defined by the SaaS apps: origin (Preview) parameter).
You can use the User account domains parameter to specify a list of domains that match the user account names you want to monitor.
|
For example, entering |
The User account domains parameter helps distinguish between corporate and non-corporate web activity for users who have signed in to a site or web app using:
- username- and password-based authentication
- OAuth, or
- SAML 2.0.
|
|
OAuth and SAML logins are supported with Microsoft, Google, or Okta as identity providers. |
The User account domains parameter is available in various templates, with some templates providing the capability to generate detections considering a file's web origin and destination.
|
|
For example, using the Sensitive file uploaded template, you could prevent files that were originally downloaded from a OneDrive file share website from being uploaded to any website unless users are logged in using their corporate email address as follows. In the Website parameters section:
In the File origin parameters section:
|
Known limitations
Be mindful of the following limitations:
- Password-free logins, where a one-time code, face, fingerprint, pin, or security key is used for authentication, are not recognized and will be reported as unknown logins.
|
|
If the User account domains parameter is set, you can generate detections when file downloads associated with unknown logins are subsequently egressed by turning the Monitor unknown user accounts toggle on during template configuration. |