Block non work accounts with third-party cloud app

%3CLINGO-SUB%20id%3D%22lingo-sub-1398043%22%20slang%3D%22en-US%22%3EBlock%20non%20work%20accounts%20with%20third-party%20cloud%20app%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1398043%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20third%20party%20cloud%20based%20application%20that%20out%20company%20is%20using.%20We%20are%20federated%20with%20them%20using%20ADFS%2C%20but%20we%20are%20looking%20at%20using%20Azure%20AD%20for%20authentication%20shortly.%20However%2C%20this%20third%20party%20also%20allows%20users%20to%20create%20their%20own%20accounts.%20What%20we%20would%20like%20to%20do%20is%20block%20non-work%20related%20account%20from%20logging%20on%20to%20the%20service%20on%20work%20computers.%20Mainly%20to%20prevent%20data%20leakage....%20yes%20i%20know%20Azure%20IP%20is%20the%20best%20way%20to%20do%20this...%20yes%20i%20know%20that%20they%20could%20just%20logon%20via%20another%20non-work%20computer%20and%20access%20the%20service.%20Yes%2C%20i%20know%20if%20i%20did%20SSL%20inspection%20i%20could%20do%20this%20(but%20i%20dont%20want%20to%20do%20that)%20...%20But%20even%20if%20there%20was%20a%20way%20to%20see%20this%20when%20this%20happens%20that%20is%20not%20via%20a%20work%20account%20that%20would%20be%20good....%20Hope%20it%20makes%20sense%3F%20looking%20for%20any%20ideas%20or%20guidance...%20thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1398043%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

We have a third party cloud based application that out company is using. We are federated with them using ADFS, but we are looking at using Azure AD for authentication shortly. However, this third party also allows users to create their own accounts. What we would like to do is block non-work related account from logging on to the service on work computers. Mainly to prevent data leakage.... yes i know Azure IP is the best way to do this... yes i know that they could just logon via another non-work computer and access the service. Yes, i know if i did SSL inspection i could do this (but i dont want to do that) ... But even if there was a way to see this when this happens that is not via a work account that would be good.... Hope it makes sense? looking for any ideas or guidance... thanks

0 Replies