JumpCloud SaaS Management gives you insight and control over shadow IT in your org. The following is a list of commonly asked questions about SaaS Management.
App Tracking
When SaaS Management is enabled, the JumpCloud Go browser extension collects data in the user’s browser on their device and sends it to JumpCloud. The data collected can be broken into the two categories that are reported in SaaS Management:
- Login information
- User access to sites is monitored:
- The browser extension checks for a specific set of criteria to determine if the site visit is a login, registration, or a return visit using an email address or username for authentication.
- If the user accesses a site that meets these criteria, the extension then checks if the site matches an existing JumpCloud SSO app in the org or an entry in the SaaS app catalog.
- Only activity to a site that matches both of these conditions is reported to JumpCloud.
- SaaS Management doesn’t read or collect password data values.
- Admins can also limit tracking to specific email domains to ensure users’ personal activity is not monitored. For example, you can configure SaaS Management to track activity using only your company’s email addresses. See Browser Extension Domain Tracking Settings to learn more.
- User access to sites is monitored:
- Usage information:
- The browser extension also tracks page navigations to sites to build reports on when users access SaaS apps. There are three types of access:
- A new registration of an app.
- A login or authentication to the app.
- A return visit to the URL of the app from a previously authenticated session logged by the browser extension.
- The browser extension also tracks page navigations to sites to build reports on when users access SaaS apps. There are three types of access:
Yes, you can exclude specific user groups from tracking in the SaaS Management settings. See Browser Extension User Tracking Settings to learn more.
You can specify which email domains you want to track and user activity only from these specified domains will be tracked. You can configure this in the SaaS Management settings.
Yes, but users need to authenticate to the JumpCloud User Portal and establish a session first for SaaS Management to be able track activity in their browser.
JumpCloud collects website visits under the following condition: if a user accesses a SaaS app, cookies are used to detect the account information. After detection, website visits are logged once a day to generate usage data.
- Irrelevant activity is not tracked based on the following criteria:
- SaaS Management tracks logins, signups, and already logged in accounts to SaaS apps that are included in our SaaS app catalog.
- SaaS Management only tracks website visits if an associated account has already been discovered to the given SaaS app.
- If a user doesn't have an account associated with the SaaS app and only visits the website, this data is not collected.
By default, SaaS Management tracks events from all email domains, but you can restrict this in the settings and limit tracking to specific email domains. If the email domain matches a tracked domain, login and usage events are processed and sent to the backend; otherwise, no data is tracked, and all such events are discarded before reaching our backend.
If an app or website is not part of JumpCloud SSO or the SaaS app catalog, SaaS Management doesn't track any user activity. SaaS Management only tracks apps from the browser that are part of the SaaS app catalog.
SaaS Apps
JumpCloud maintains a list of predetermined SaaS apps called the SaaS app catalog. SaaS Management tracks activity related to these apps only. User interaction with sites not on this list aren't reported to SaaS Management.
Yes, SaaS Management gives you multiple options to restrict user access to unapproved apps. You can set the default option to warn or block users when accessing unapproved apps. You can also set specific overrides for each app within its review modal.
App blocking prevents navigation in the user’s browser UI with the extension installed, but doesn’t block network traffic or access to the site on the device.
Browser Extension
When an org has JumpCloud Go enabled, users need to log in to the extension only once and their activities are tracked in every browser on the device that has the extension installed.
However, if JumpCloud Go is disabled, users need to log in to the JumpCloud User Portal or a JumpCloud SSO app in each browser that has the extension installed. In other words, discovery works only in browsers that a) have the extension installed and b) have a JumpCloud User Portal or JumpCloud SSO app login.
You can use a JumpCloud policy or CBCM to distribute the browser extension. See Get Started: JumpCloud Go to learn more.
General Questions
- Full Edit Access: Admin, Admin with Billing, and Manager
- Read Only: Help Desk, Read Only
- Other roles do not have any access at this time.
When a user authenticates to the User Portal on their managed device with the JumpCloud Go browser extension installed, data collection begins within 5 minutes. However, it can take at least 15 minutes for SaaS app data to appear in the Admin Portal.