SOLVED

Conditional access app control differences

Iron Contributor

Hello

 

I have a bunch of saml enterprise apps that have been added to Azure enterprise applications. Azure is the IDP for  these apps. If i create a CA policy and add for example the "Docusign" app to "Use Conditional access app control" and select "Monitor" , after logging into the app i can now see the app in "Connected apps" in cloud app security. My question is what is the difference between adding "Docusign" using the wizard below vs. adding the app using a CA policy ?

 

Skipster3111_0-1627942520576.png

 

2 Replies
best response confirmed by Skipster311-1 (Iron Contributor)
Solution
There should be no difference. It’s just another wizard to add an app. If it’s however already integrated using the enterprise apps gallery in Azure AD you’re good to go.
Yes, all my saml apps are already added to Azure enterprise apps, so based on your comment it appears the correct path for adding these apps to cloud app security is to use CA policy? If my saml apps were not already added to Azure enterprise apps would i then use the "add a SAML application with your identity provider" method ? just trying to understand the different use cases.
1 best response

Accepted Solutions
best response confirmed by Skipster311-1 (Iron Contributor)
Solution
There should be no difference. It’s just another wizard to add an app. If it’s however already integrated using the enterprise apps gallery in Azure AD you’re good to go.

View solution in original post