Cloudflare Docs
Learning Paths
Secure your Internet traffic and SaaS apps (Learning Path)
Edit this page on GitHub
Set theme to dark (⇧+D)

Scan SaaS applications with Cloudflare CASB

  3 min read

Cloudflare CASB provides comprehensive visibility and control over SaaS apps to prevent data leaks and compliance violations. It helps detect insider threats, shadow IT, risky data sharing, and bad actors.

Cloudflare’s API-implemented CASB addresses the final, common security concern for administrators of SaaS applications or security organizations: How can I get insights into the existing configurations of my SaaS tools and proactively address issues before there is an incident? CASB integrates with a number of leading SaaS applications and surfaces instant security insights related to misconfiguration and potential for data loss. CASB also powers risk score heuristics organized by severity.

For more information on Cloudflare CASB, including available SaaS integrations, refer to Scan SaaS applications.

​​ Manage CASB integrations

When you integrate a third-party SaaS application with Cloudflare CASB, you allow CASB to make API calls to the application and read relevant data on your behalf. The CASB integration permissions are read-only and follow the least privileged model. In other words, only the minimum access required to perform a scan is granted.

​​ Prerequisites

Before you can integrate a SaaS application with CASB, your SaaS account must meet certain requirements. To view the prerequisites and permissions for your application, refer to its integration guide.

​​ Add an integration

  1. In Zero Trust, go to CASB > Integrations.
  2. Select Add integration.
  3. Browse the available SaaS integrations and select the application you would like to add.
  4. Follow the step-by-step integration instructions in the UI.
  5. To run your first scan, select Save integration. You will be redirected to the Findings page to see an in-depth listing of issues found.

After the first scan, CASB will automatically scan your application on a frequent basis to keep up with any changes. Due to each application having their own set of requirements, scan intervals will vary, but the frequency is typically between every 1 hour and every 24 hours.

​​ Pause an integration

  1. In Zero Trust, go to CASB > Integrations.
  2. Find the integration you would like to pause and select Manage.
  3. To stop scanning the application, turn off Scan findings.

You can resume application scanning at any time by turning on Scan findings.

​​ Delete an integration

  1. In Zero Trust, go to CASB > Integrations.
  2. Find the integration you would like to delete and select Manage.
  3. Select Delete.

​​ Integrate DLP policies

If you use both Cloudflare CASB and Cloudflare Data Loss Prevention (DLP), you can use DLP to discover if files stored in your SaaS application contain sensitive data. CASB integrations supported by DLP include:

For more information, refer to Scan SaaS applications with DLP.