Setting Permissions for your cloud applications

For Coro to monitor and report security issues, at least one cloud application must be connected.

Coro supports the ability to set access permissions for connected cloud applications. Admin users with sufficient permissions can allow access to a cloud application based on whether a user meets a defined set of criteria.

Configuring new access permissions

To configure new access permissions for a connected cloud application:

1. Sign into the Coro console and go to Control Panel > Cloud Security.
2. From your list of connected cloud applications, select the corresponding ACCESS PERMISSIONS option:

   

   attention

   If your selected application has no current access permissions set, Coro shows a banner page instead:

   

   In this scenario, select NEW PERMISSIONS to start the process.

3. Select from the permission levels displayed:

   

   • All users: The new permission applies to everyone.
   • Specific groups: The new permission applies to a named group within the corresponding cloud application:

     

     note

     When a user belongs to several groups, they inherit the collective permissions of all those groups.

   • Specific users: The new permission applies to users within the application, specified by their email addresses:

     

     note

     You can assign access permissions to existing admin users within the corresponding cloud application.

4. Select IP Address or Country from the following Allow access from options:

   

   • IP Address: Restricts access to a defined range of IP addresses. Enter the allowed IP addresses into the IP Addresses field and provide an optional short description:

     

   • Country: Restricts access to named countries or US States. Select either All Countries or USA states :

     warning

     US state permissions are independent of country permissions. You can select several countries and/or states. If United States is selected as a Country then permissions apply to all US states.

     

     A list of countries or US states appears based on your selection for Allow access from. Select the US states and/or countries to allow access from:

     

5. Set the type of automatic remediation Coro should apply when a user that does not meet the permission criteria attempts to access the application. Choose from:

   Setting	Description
   None	No remediation steps are required.
   Suspend	The user account is automatically suspended.
   Sign in	The user must re-enter their credentials.

   Coro creates an Access permissions violation ticket if a user successfully logs into a protected service from an origin in violation of the configured access rules.

6. Select SAVE PERMISSIONS to save your changes.

   The New Access Permissions dialog closes and a confirmation message appears on the Cloud Security page:

Editing and deleting existing access permissions

Admin users with sufficient permissions can edit and delete existing access permissions.

To edit or delete existing access permissions for a connected cloud service:

1. Sign into the Coro console and go to Control Panel > Cloud Security .
2. From your list of connected cloud applications, select the corresponding action from the 3-dot menu:
   1. Select Edit to change an existing access permission.
   2. Select Delete to remove an existing access permission.