FAQ: SaaS Management

JumpCloud SaaS Management gives you insight and control over shadow IT in your org. The following is a list of commonly asked questions about SaaS Management.

App Tracking

What data does SaaS Management collect from users?

When SaaS Management is enabled, the JumpCloud Go browser extension collects data in the user’s browser on their device and sends it to JumpCloud. The data collected can be broken into the two categories that are reported in SaaS Management:

  • Login information
    • User access to sites is monitored:
      • The browser extension checks for a specific set of criteria to determine if the site visit is a login, registration, or a return visit using an email address or username for authentication. 
      • If the user accesses a site that meets these criteria, the extension then checks if the site matches an existing JumpCloud SSO app in the org or an entry in the SaaS app catalog. 
      • Only activity to a site that matches both of these conditions is reported to JumpCloud.
    • SaaS Management doesn’t read or collect password data values. 
    • Admins can also limit tracking to specific email domains to ensure users’ personal activity is not monitored. For example, you can configure SaaS Management to track activity using only your company’s email addresses. See Browser Extension Domain Tracking Settings to learn more. 
  • Usage information:
    • The browser extension also tracks page navigations to sites to build reports on when users access SaaS apps. There are three types of access:
      • A new registration of an app.
      • A login or authentication to the app.
      • A return visit to the URL of the app from a previously authenticated session logged by the browser extension.
Can I prevent users or groups of users from being tracked? 

Yes, you can exclude specific user groups from tracking in the SaaS Management settings. See Browser Extension User Tracking Settings to learn more.

How can I track activity only from work email domains?

You can specify which email domains you want to track and user activity only from these specified domains will be tracked. You can configure this in the SaaS Management settings. 

Can you track logins if users don’t access sites with JumpCloud Go?  

Yes, but users need to authenticate to the JumpCloud User Portal and establish a session first for SaaS Management to be able track activity in their browser.

Does JumpCloud track personal activity and visits to sites that don’t require a JumpCloud login? How does JumpCloud ensure that irrelevant activity is not logged?

JumpCloud collects website visits under the following condition: if a user accesses a SaaS app, cookies are used to detect the account information. After detection, website visits are logged once a day to generate usage data. 

  • Irrelevant activity is not tracked based on the following criteria:
    • SaaS Management tracks logins, signups, and already logged in accounts to SaaS apps that are included in our SaaS app catalog.
    • SaaS Management only tracks website visits if an associated account has already been discovered to the given SaaS app.
    • If a user doesn't have an account associated with the SaaS app and only visits the website, this data is not collected.
Does JumpCloud detect or track activity using personal email addresses on managed devices even if the settings are configured to limit tracking to work email domains? If so, how long is that data retained and when is it deleted?

By default, SaaS Management tracks events from all email domains, but you can restrict this in the settings and limit tracking to specific email domains. If the email domain matches a tracked domain, login and usage events are processed and sent to the backend; otherwise, no data is tracked, and all such events are discarded before reaching our backend.

What happens with sites that require a login but don’t match a JumpCloud SSO app or an app in the SaaS app catalog?

If an app or website is not part of JumpCloud SSO or the SaaS app catalog, SaaS Management doesn't track any user activity. SaaS Management only tracks apps from the browser that are part of the SaaS app catalog.

SaaS Apps

Which SaaS apps are supported? Does JumpCloud have a list of predetermined SaaS apps? 

JumpCloud maintains a list of predetermined SaaS apps called the SaaS app catalog. SaaS Management tracks activity related to these apps only. User interaction with sites not on this list aren't reported to SaaS Management.

Can I block user access to a SaaS app in their browser?

Yes, SaaS Management gives you multiple options to restrict user access to unapproved apps. You can set the default option to warn or block users when accessing unapproved apps. You can also set specific overrides for each app within its review modal.

Note:

App blocking prevents navigation in the user’s browser UI with the extension installed, but doesn’t block network traffic or access to the site on the device.

Browser Extension

Does SaaS Management work differently if JumpCloud Go is enabled or disabled for the org?

When an org has JumpCloud Go enabled, users need to log in to the extension only once and their activities are tracked in every browser on the device that has the extension installed.

However, if JumpCloud Go is disabled, users need to log in to the JumpCloud User Portal or a JumpCloud SSO app in each browser that has the extension installed. In other words, discovery works only in browsers that a) have the extension installed and b) have a JumpCloud User Portal or JumpCloud SSO app login.

How can I distribute the JumpCloud Go browser extension to my users?

You can use a JumpCloud policy or CBCM to distribute the browser extension. See Get Started: JumpCloud Go to learn more.

General Questions

Which Admin Portal roles have access to SaaS Management functionality?
  • Full Edit Access: Admin, Admin with Billing, and Manager
  • Read Only: Help Desk, Read Only
  • Other roles do not have any access at this time.
How long does it take for data to populate after enabling SaaS Management?

When a user authenticates to the User Portal on their managed device with the JumpCloud Go browser extension installed, data collection begins within 5 minutes. However, it can take at least 15 minutes for SaaS app data to appear in the Admin Portal.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case