Skip to content

Control access to SaaS apps

You can use Sophos ZTNA to control access to SaaS apps such as Salesforce and Dropbox.

Control access via IP allow lists on SaaS apps

You can allow trusted IP ranges directly from your SaaS apps.


Before you start, make sure that your SaaS app supports IP allow lists.

To configure access via IP allow lists on your SaaS app, do as follows:

  1. In Sophos Central, set up ZTNA and add the SaaS app as a resource. Assign user groups that need access to the resource. See Setup.


    When adding the SaaS app as a resource, you don't need to add an internal FQDN or IP address. If you leave the Internal FQDN/IP address field blank, the external FQDN is added automatically.

  2. On the SaaS app, allow the public IP address or IP range of the NAT interface, for example, the upstream firewall's IP range.

Now, users who are authorized to do so can access the SaaS app through the ZTNA gateway.