Live demo

Try a basic user → application SASE policy.

Fill in a user group, a cloud app, and an allow / deny decision. This demo shows you the Unified SASE canonical policy on the left and a vendor-shaped policy on the right (for Netskope, Zscaler, or Prisma). Nothing is saved or pushed to any vendor in this demo.

1. Define policy intent

A simple ZTNA-style rule: “This group can access this app with an allow or deny decision.” You can either use the structured fields, or describe the policy in plain English.

Describe policy intent in plain English (Generative)

Uses simple heuristics – then you can refine the fields below.

Policy name

Policy ID

Group ID

Group name

Application ID

Application domain (FQDN)

Decision: Allow Deny

Allow means this group can reach the app. Deny blocks access for this group.

Canonical unified sase policy Tenant: demo-tenant

{}

2. Translate to vendor shape

Pick a vendor to see how this canonical policy could be expressed in a simplified vendor-style payload. This helps you see how “user → app → decision” maps into Netskope, Zscaler, or Prisma terms.

Target vendor

Demo only – nothing is pushed

Vendor-shaped output Vendor: —

{}