Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service.