Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Create an Application Instance

For CASB, to differentiate between corporate and non-corporate SaaS application instances, administrators need to configure access policies using the instance parameter. To identify an instance, CASB requires instance ID, domain, and/or type. And, to monitor logs, tagging that are mapped with instances is used.

Use the Create Application Instance Page to configure application instances.

To create a new application instance:

  1. Select Secure Edge > Security Subscriptions > CASB > Application Instances.

    The Application Instances page opens.

  2. Click + to create an application instance.

    The Create Application Instance page.

  3. Complete the configuration according to the guidelines provided in Table 1.
  4. Click OK.

    An application instance is created, which you can associate with a CASB profile.

Table 1: Creating Application Instance Settings




Enter a new application instance name. For example, dropbox123.

The instance name must begin with an alphanumeric character. Spaces and special characters except for - : . are not allowed. The maximum length is 63 characters.

Application instance ID

A unique URL to access SaaS service. Instance ID comes in packet data of all SaaS application activities, such as, upload, download, and share. You use this Instance ID to apply in the Security policies.

Enter an application instance ID.

Each application can have its own instance ID. For the following example URLs, we are using the common string acmecorp7 as the instance ID within the application's SaaS URLs:

  • Box URL—

  • Microsoft OneDrive URL—

  • Salesforce URLs:




For Dropbox and Google Docs, URLs are and respectively. As these are generic URLs, instance ID is not applicable.


An email domain. During login activity, you get an email domain in packets, and it is part of instance.

Enter the domain address.

For example, is an organization domain. Then Box, Dropbox, Google Docs, Salesforce, and Microsoft OneDrive uses the same domain for all the users.


Select a value from the list to map a type with an application instance:

  • Unclassified

  • Work

  • Personal


You must configure the type of value for Dropbox. For other applications, this configuration is optional.


Select a value from the list to map a tagging with an application instance:

  • Untagged—Default value for the application instances that you have not tagged.

  • Sanctioned—Application instances sanctioned by your organization.

  • Unsanctioned—Application instances unsanctioned by your organization.