SphereShield CASB API Data flow

The following is one of the options for the deployment of SphereShield for Teams & Webex.

SphereShield CASB API (recommended)

Used for Channel Management, Near-real-time prevention, detection and awareness requirements.

CASB API Hosted API Topology

Channel management hosted solution Architecture Diagram


CASB API On-premises topology

  1. Client 1 sends a message/file to client 2. 

  2. Client 2 receives the message. 

  3.  Office 365 updates the Webhook Listener Site (WLS) that an action was done (Webhook) 

  4. WLS stores in the DB the action that was done. 

  5. CASB checks the DB for events, if it sees an event, it inspects it and decides if this is an allowed action. 

  6. If the action is not allowed, the CASB will delete/remove permissions in Office 365 cloud. 

  7. Office 365 cloud will delete/remove permissions from client 2 

High level diagram for API

The sign-in scenario in a multi-tenant app