Corporate employees are often required to do work that involves using publicly-accessible resources (e.g., Salesforce or a staging website), which go beyond the bounds of private network control. In light of the need to connect their workforce to these public SaaS applications, many organizations recognize the need for better security, visibility, and flexibility than legacy VPNs can offer. In other words, organizations want the security of a modern cloud VPN with continuous authorization throughout user sessions, as well as the flexibility for employees to work on public applications. So how can a Service Tunnel help?
This is where Banyan Security’s new cloud VPN feature comes in handy: Service Tunnel (our modern VPN as a Service) can now secure public resources based on domain or IP.
In this blog, we’ll explain how this works and how you can set up a Service Tunnel to provide your users a secure path to Salesforce.
The challenge
- Orgs require employees to use public resources (like Salesforce), but they have no way to ensure the security of their employees’ usage of these apps beyond the single authentication check that occurs during login.
- Lost or stolen credentials can be used to access public SaaS applications, putting the integrity and availability of sensitive organizational data at risk.
- Public SaaS apps have no authentication or continuous authorization built in; admins need to configure IDP integrations.
- Legacy IP whitelisting techniques require admins to manage large lists of continually changing employee source IPs.
Banyan’s Solution: Service Tunnel for Public Domains
In addition to routing traffic to your private networks, Service Tunnels can route public traffic destined for the internet. Internet traffic routed through Service Tunnel(s) uses the source IP of a Banyan Access Tier (the brain of Banyan’s product; a reverse proxy).
Admins can then IP whitelist to restrict user access on login and throughout a user’s session on a SaaS platform.
How to securely connect to Salesforce using Banyan
Here, we show how to use a Service Tunnel to route to multiple Salesforce subdomains:
- Register a Service Tunnel with Banyan, and configure it to route to public domains;
- Set IP whitelist rules for your users in Salesforce; and finally,
- Connect your Service Tunnel in the Banyan app, and securely access Salesforce.
For an in-depth guide on how to connect to a public SaaS service, like Salesforce, using Banyan, check out our Salesforce solution guide.