API Protection Integration. Many-to-One?- Yes. One-to-Many? Caution!

This post is about API Protection (previously known as API Introspection) integration best practice:

• Can I integrate multiple instances of the  same SaaS app (e.g. My company's Sharepoint dev and Sharepoint prod) to one Netskope tenant?

-Sure you can. And most customers do. There is no problem as long as you are within your license quota. For licensing questions reach out to your Sales team.

-Having multiple SaaS apps in one tenant is also not uncommon (e.g. Box, Webex, Zoom, O365 in one Netskope tenant). Again it is just the license you need to purchase for additional SaaS app.

• I have more than 2 Netskope tenants but I have only one SaaS app tenant. Can I have the same instance of one SaaS app integrated to multiple Netskope tenants?

Caution! Even though the integration may succeed (i.e. the instance grant process turns green on both Netskope tenants) few immediate side effects I would like to alert you about -

• You are essentially doubling your API usage because now calls made to the SaaS apps will increase if not double up.
• If you have taken a remediation action e.g. quarantine or removed public links for an object on one Netskope tenant that action is no longer available on the next Netskope tenant for the same object.
• Policy management may become challenging for your SaaS app admin.

There may be other supportability issues such as these. Some SaaS apps are very sensitive to number of calls you make. Some charge you for the number of API calls made.

In short I would caution against One to Many! 🙂