SaaS Security Posture Management
The One Protect includes a SaaS Security Posture Management (SSPM) module that connects to your clients' SaaS applications, evaluates their security configurations, and provides remediation guidance for misconfigurations.
Supported SaaS Applications
| Application | Connection Method | Checks |
|---|---|---|
| Microsoft 365 | OAuth (Graph API) | MFA enforcement, conditional access, external sharing, mailbox forwarding, admin roles |
| Google Workspace | OAuth (Admin SDK) | 2-Step Verification, app passwords, external sharing, Drive permissions, admin roles |
| Salesforce | OAuth (REST API) | MFA enforcement, session settings, IP restrictions, API access, field-level security |
| Dropbox Business | OAuth | External sharing, link expiration, device approvals, SSO enforcement |
| Slack | OAuth | External channel access, file sharing permissions, SSO enforcement, app installations |
| Zoom | OAuth | Meeting security defaults, waiting room, recording permissions, SSO enforcement |
Connecting a SaaS Application
- Navigate to Protect → SaaS Security → Connected Apps
- Click Connect App
- Select the application
- Authenticate with an admin account in the target tenant
- Grant the requested permissions
- Click Complete Setup
The first security scan runs automatically within 15 minutes of connection.
Security Scoring
Each connected application receives a security score from 0 to 100 based on its configuration:
| Score Range | Rating | Meaning |
|---|---|---|
| 90–100 | Excellent | All critical settings are properly configured |
| 70–89 | Good | Minor misconfigurations that should be addressed |
| 50–69 | Fair | Several misconfigurations that increase risk |
| 0–49 | Poor | Critical misconfigurations requiring immediate attention |
The score is recalculated after each scan. View score history and trends from the Score History tab on each connected app.
Misconfiguration Detection
The SSPM module checks for common misconfigurations across connected apps:
Identity and Access
- MFA not enforced for all users
- Conditional access policies missing or misconfigured
- Admin roles assigned to too many users
- Stale accounts (no sign-in for 90+ days)
- Guest/external user access not restricted
Data Sharing
- External sharing enabled without restrictions
- Public link sharing with no expiration
- Mailbox forwarding rules to external addresses
- Drive/file sharing with "anyone with the link"
Security Settings
- SSO not enforced
- Session timeout too long or not configured
- API access granted without restrictions
- App installations not limited to approved list
- Audit logging not enabled
Each finding includes:
- Severity — Critical, High, Medium, or Low
- Description — What was detected
- Risk — Why it matters
- Remediation — Step-by-step instructions to fix the misconfiguration
Remediation Guidance
Each misconfiguration finding includes detailed remediation steps:
- Open the finding from SaaS Security → Findings
- Review the Remediation section for step-by-step instructions
- Click Mark as Remediated after applying the fix
- The next scan verifies the fix and updates the score
For findings that require action in the SaaS admin console, the remediation steps include direct links to the relevant settings page when available.