Gain visibility, insight, and control over shadow IT in your org with JumpCloud® SaaS Management. Using the JumpCloud Go™ browser extension, discover software as a service (SaaS) apps used in your org and obtain the tools to classify and track their usage. Improve your org’s compliance and security posture by warning your users or blocking access to unapproved apps. Gather valuable daily usage statistics that identify underutilized or unused apps, helping you streamline your application portfolio and minimize unnecessary licensing. SaaS Management also seamlessly integrates with existing JumpCloud SSO apps, enabling usage information and reporting.
Prerequisites:
- JumpCloud Go is enabled in your org and the browser extension is installed on user devices. See Get Started: JumpCloud Go™ to learn more.
Considerations:
- SaaS Management is a premium feature and requires the Platform Prime package. See JumpCloud Pricing to learn more.
- When you enable SaaS Management, the JumpCloud Go browser extension collects specific data to discover SaaS apps. Jump to the FAQ to learn more.
- The browser extension doesn’t track or collect data until you enable SaaS Management.
- Review your employee policy obligations and ensure they’re consistent with the data collected.
- SaaS app licensing information isn't tracked automatically. You’ll need to manually enter licensing details for each app in JumpCloud.
Features
- Discover SaaS app use in your JumpCloud org. Apps are discovered and tracked from the following sources:
- Existing JumpCloud SSO apps are automatically added to SaaS Management as approved apps. See Get Started: SAML Single Sign-on (SSO) to learn more.
- Using the JumpCloud Go™ browser extension, discover SaaS apps that users register, log in to, and access in their browser:
- Track user visits to SaaS apps to understand usage optimization.
- Control which users and accounts are tracked by limiting SaaS Management to specific email domains or excluding certain user groups.
- SaaS apps can also be added manually.
- Search from JumpCloud's SaaS App catalog, or add via domain.
- Monitor and review discovered SaaS apps. Take control over user access and categorize them according to your org’s policies:
- Approved apps: Allow users to access these apps as normal across your org.
- Unapproved apps: Specify warning or blocking actions for apps users shouldn’t access.
- Redirect users to an approved resource when they access an unapproved app in their browser with the extension installed.
- Or block user access entirely to an unapproved app in their browser with the extension installed.
- Collect critical insights for security and compliance requirements. Eliminate insecure or redundant apps to help save on licensing costs.
- Manually track licensing information for each discovered app, providing a central location to manage all of your SaaS apps.
Start Using SaaS Management
See Configure SaaS Management to learn how to enable the feature and understand the admin configuration workflow.
FAQ
When SaaS Management is enabled, the JumpCloud Go browser extension collects data in the user’s browser on their device and sends it to JumpCloud. The data collected can be broken into the two categories that are reported in SaaS Management:
- Login information
- User access to sites is monitored:
- The browser extension checks for a specific set of criteria to determine if the site visit is a login, registration, or a return visit using an email address or username for authentication.
- If the user accesses a site that meets these criteria, the extension then checks if the site matches an existing JumpCloud SSO app in the org or an entry in the SaaS app catalog.
- Only activity to a site that matches both of these conditions is reported to JumpCloud.
- SaaS Management doesn’t read or collect password data values.
- Admins can also limit tracking to specific email domains to ensure users’ personal activity is not monitored. For example, you can configure SaaS Management to track activity using only your company’s email addresses. See Browser Extension Domain Tracking Settings to learn more.
- User access to sites is monitored:
- Usage information:
- The browser extension also tracks page navigations to sites to build reports on when users access SaaS apps. There are three types of access:
- A new registration of an app.
- A login or authentication to the app.
- A return visit to the URL of the app from a previously authenticated session logged by the browser extension.
- The browser extension also tracks page navigations to sites to build reports on when users access SaaS apps. There are three types of access:
- Full Edit Access: Admin, Admin with Billing, and Manager
- Read Only: Help Desk, Read Only
- Other roles do not have any access at this time.
When a user authenticates to the User Portal on their managed device with the JumpCloud Go browser extension installed, data collection begins within 5 minutes. However, it can take at least 15 minutes for SaaS app data to appear in the Admin Portal.
JumpCloud maintains a list of predetermined SaaS apps called the SaaS app catalog. SaaS management tracks activity related only to these apps. User interaction with sites not on this list are not reported to SaaS Management.
Yes, you can exclude specific user groups from tracking in the SaaS Management settings. See Browser Extension User Tracking Settings to learn more.
You can specify which email domains you want to track and user activity only from these specified domains will be tracked. You can configure this in the SaaS Management settings.
Users need to authenticate to the JumpCloud User Portal and establish a session first for SaaS Management to be able track their activity in their browser.
Yes, SaaS Management gives you multiple options to restrict user access to unapproved apps. You can set the default option to warn or block users when accessing unapproved apps. You can also set specific overrides for each app within its review modal.
App blocking prevents navigation in the user’s browser UI with the extension installed, but doesn’t block network traffic or access to the site on the device.
Additional Resources
- Enroll: SaaS Management Course