Help Center Home > AI & SaaS Management > Get Started: AI & SaaS Management

Get Started: AI & SaaS Management

Gain visibility, insight, and control over shadow IT and generative AI usage in your org with JumpCloud® AI & SaaS Management. Using the JumpCloud Go™ browser extension and connectors, discover AI and SaaS apps used in your org, and obtain the tools to classify and track their usage.

Improve your org’s compliance and security posture by warning your users or blocking access to unapproved apps. Gather valuable daily usage statistics that identify underutilized or unused apps, helping you streamline your application portfolio and minimize unnecessary licensing. AI & SaaS Management also seamlessly integrates with existing JumpCloud SSO apps, enabling usage information and reporting.

Prerequisites:

The JumpCloud Go browser extension must be installed on end user’s devices in order to discover unmanaged applications. And for the fullest and most seamless experience, it is recommended to enable the JumpCloud Go feature for your org. See Get Started: JumpCloud Go™ to learn more.
Private Preview - To utilize discovery of desktop applications installed on managed devices, ensure the JumpCloud Agent is installed and running on macOS, Windows, and Linux devices. Device Agent Enabled must be toggled on in your Settings to discover these locally installed applications.

Considerations:

AI & SaaS Management is a premium feature and requires the Platform Prime package. See JumpCloud Pricing to learn more.
When you enable AI & SaaS Management, the JumpCloud Go browser extension collects specific data to discover AI and SaaS apps. See FAQ: AI & SaaS Management to learn more.
- The browser extension doesn’t track or collect data until you enable AI & SaaS Management.
- Review your employee policy obligations and ensure they’re consistent with the data collected.
Licensing information is automatically tracked for supported connectors. For other applications, you must manually enter licensing details. See Managing Licenses in Configure AI & SaaS Management

Features

Discover AI and SaaS apps and how they're used in your JumpCloud org. Jump to Discovery Methods to learn more.
AI and SaaS apps can also be added manually.
- Search from JumpCloud's AI and SaaS App catalog, or add via domain.
Monitor and review discovered AI and SaaS apps. Take control over user access and categorize them according to your org’s policies:
- Approved Apps: Allow users to access these apps as normal across your org.
- Unapproved Apps: Specify warning or blocking actions for apps users shouldn’t access.
  - Redirect users to an approved resource when they access an unapproved app in their browser with the extension installed.
  - Or block user access entirely to an unapproved app in their browser with the extension installed.
Gain visibility and governance over generative AI apps with the Shadow AI Dashboard. View key metrics on users with AI access, most active users, and usage by department. Discover and set the status of AI apps before discovery.
Collect critical insights for security and compliance requirements. Eliminate insecure or redundant apps to help save on licensing costs.
- Connect directly with supported SaaS app providers to track usage and gather Security Insights.
Customize email notifications to help admins stay informed of discovery and renewal events.
Track licensing information for discovered apps, including automated tracking for supported connectors and manual entry for others, providing a central location to manage all your AI and SaaS apps. See Managing Licenses in Configure AI & SaaS Management for more information.

Discovery Methods

Discovery Method	Use Case	Learn More
JumpCloud SSO Apps	Existing SSO apps are automatically added to AI & SaaS Management as approved apps.	Get Started: SAML Single Sign-on (SSO)
Browser Extension	Use the JumpCloud Go browser extension to discover AI and SaaS apps that users register, log in to, and access in their browser: Track visits to AI and SaaS apps when users have an active session to understand usage optimization. Control which users and accounts are tracked by limiting AI & SaaS Management to specific email domains or excluding certain user groups.	Browser Extension Discovery
Connectors	Enable API driven discovery by integrating directly with AI and SaaS service providers. The Google Workspace and Microsoft Entra ID connectors can also discover additional apps logged in via OAuth.	SaaS Management Connectors
Private Preview - Device Agent	Discover applications installed directly on managed macOS, Windows, and Linux devices.	Device Agent Discovery

Browser Extension Discovery

To use browser extension tracking and discover unmanaged apps, the JumpCloud Go browser extension must be installed on end-user devices. Users must authenticate to the JumpCloud User Portal or a JumpCloud SSO app to begin tracking. SaaS Management discovery does not require JumpCloud Go passwordless authentication to be enabled.

Tip:

For the most secure and seamless user experience, enable the JumpCloud Go feature for your organization, which offers passwordless authentication. See Get Started: JumpCloud Go to learn more.
If you use Google Workspace Managed Chrome browsers, enable seamless authentication to start tracking without requiring users to authenticate first. See SaaS Management: Enable JumpCloud Go Extension Seamless Authentication in Chrome.

Device Agent Discovery

Private Preview – Device Agent Discovery

Note:

This feature is in Private Preview. If you don’t see it, contact your Account Manager to enable it. Features in Preview are continuing to evolve with the help of feedback directly from our users. If you have suggestions, let us know at the bottom of this article. See JumpCloud Private and Public Previews.

The JumpCloud Agent discovers locally-installed software and desktop applications across Windows, macOS, and Linux endpoints. The Agent installed on each device scans its system and reports the full inventory of installed applications to the SaaS Management console.

User Identification: The Agent attributes application activity to a specific JumpCloud user based on the device's Primary User, a Single Bound User, or a matching local OS username.
Account Identification: Applications discovered directly from device data may show as Unknown accounts as the JumpCloud Agent identifies the User but cannot capture the private credentials used inside the desktop app process.

FAQ

See FAQ: AI & SaaS Management

Start Using SaaS Management

See Configure AI & SaaS Management to learn how to enable the feature and understand the admin configuration workflow.

Additional Resources

Enroll: AI & SaaS Management Course

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case

Use Cases

Identity Management

Access Management

Device Management

AI & SaaS Management

Become a Partner

Partner Resources

Engage

Learn

Support