Get Started: SaaS Management

Gain visibility, insight, and control over shadow IT in your org with JumpCloud® SaaS Management. Using the JumpCloud Go™ browser extension, discover software as a service (SaaS) apps used in your org and obtain the tools to classify and track their usage. Improve your org’s compliance and security posture by warning your users or blocking access to unapproved apps. Gather valuable daily usage statistics that identify underutilized or unused apps, helping you streamline your application portfolio and minimize unnecessary licensing. SaaS Management also seamlessly integrates with existing JumpCloud SSO apps, enabling usage information and reporting.

Prerequisites:

  • The JumpCloud Go browser extension must be installed on end user’s devices in order to discover unmanaged applications. And for the fullest and most seamless experience, it is recommended to enable the JumpCloud Go feature for your organization. See Get Started: JumpCloud Go™ to learn more. 

Considerations:

  • SaaS Management is a premium feature and requires the Platform Prime package. See JumpCloud Pricing to learn more.
  • When you enable SaaS Management, the JumpCloud Go browser extension collects specific data to discover SaaS apps. Jump to the FAQ to learn more.
    • The browser extension doesn’t track or collect data until you enable SaaS Management. 
    • Review your employee policy obligations and ensure they’re consistent with the data collected.
  • SaaS app licensing information isn't tracked automatically. You’ll need to manually enter licensing details for each app in JumpCloud. 

Features

  • Discover SaaS app use in your JumpCloud org. Apps are discovered and tracked from the following sources:
    • Existing JumpCloud SSO apps are automatically added to SaaS Management as approved apps. See Get Started: SAML Single Sign-on (SSO) to learn more.
    • Using the JumpCloud Go™ browser extension, discover SaaS apps that users register, log in to, and access in their browser:
      • Track user visits to SaaS apps to understand usage optimization. 
      • Control which users and accounts are tracked by limiting SaaS Management to specific email domains or excluding certain user groups.
  • SaaS apps can also be added manually.
    • Search from JumpCloud's SaaS App catalog, or add via domain.
  • Monitor and review discovered SaaS apps. Take control over user access and categorize them according to your org’s policies:
    • Approved apps: Allow users to access these apps as normal across your org.
    • Unapproved apps: Specify warning or blocking actions for apps users shouldn’t access.
      • Redirect users to an approved resource when they access an unapproved app in their browser with the extension installed.
      • Or block user access entirely to an unapproved app in their browser with the extension installed.
  • Collect critical insights for security and compliance requirements. Eliminate insecure or redundant apps to help save on licensing costs. 
  • Manually track licensing information for each discovered app, providing a central location to manage all of your SaaS apps. 

Start Using SaaS Management 

See Configure SaaS Management to learn how to enable the feature and understand the admin configuration workflow.

FAQ

What data does SaaS Management collect from users?

When SaaS Management is enabled, the JumpCloud Go browser extension collects data in the user’s browser on their device and sends it to JumpCloud. The data collected can be broken into the two categories that are reported in SaaS Management:

  • Login information
    • User access to sites is monitored:
      • The browser extension checks for a specific set of criteria to determine if the site visit is a login, registration, or a return visit using an email address or username for authentication. 
      • If the user accesses a site that meets these criteria, the extension then checks if the site matches an existing JumpCloud SSO app in the org or an entry in the SaaS app catalog. 
      • Only activity to a site that matches both of these conditions is reported to JumpCloud.
    • SaaS Management doesn’t read or collect password data values. 
    • Admins can also limit tracking to specific email domains to ensure users’ personal activity is not monitored. For example, you can configure SaaS Management to track activity using only your company’s email addresses. See Browser Extension Domain Tracking Settings to learn more. 
  • Usage information:
    • The browser extension also tracks page navigations to sites to build reports on when users access SaaS apps. There are three types of access:
      • A new registration of an app.
      • A login or authentication to the app.
      • A return visit to the URL of the app from a previously authenticated session logged by the browser extension.
What is the difference for how SaaS Management works with or without JumpCloud Go enabled?

When an org has JumpCloud Go enabled, their users only need to log into the extension once and their activities will be tracked on every browser that extension works with. However, if JumpCloud Go is not enabled, the employees will need to have at least logged into the Jumpcloud User Portal one time for each browser. Discovery will work only on the browser that has a Jumpcloud User Portal login.

Which Admin Portal roles have access to SaaS Management functionality?
  • Full Edit Access: Admin, Admin with Billing, and Manager
  • Read Only: Help Desk, Read Only
  • Other roles do not have any access at this time.
How long does it take for data to populate after enabling SaaS Management?

When a user authenticates to the User Portal on their managed device with the JumpCloud Go browser extension installed, data collection begins within 5 minutes. However, it can take at least 15 minutes for SaaS app data to appear in the Admin Portal.

What SaaS Apps are supported? Does JumpCloud have a list of predetermined SaaS apps? 

JumpCloud maintains a list of predetermined SaaS apps called the SaaS app catalog. SaaS management tracks activity related only to these apps. User interaction with sites not on this list are not reported to SaaS Management.

Can I prevent users or groups of users from being tracked? 

Yes, you can exclude specific user groups from tracking in the SaaS Management settings. See Browser Extension User Tracking Settings to learn more.

How can I track activity only from work email domains?

You can specify which email domains you want to track and user activity only from these specified domains will be tracked. You can configure this in the SaaS Management settings. 

Are you able to track logins if users don’t access sites with JumpCloud Go?  

Users need to authenticate to the JumpCloud User Portal and establish a session first for SaaS Management to be able track their activity in their browser.

Can I block user access to a SaaS app in their browser?

Yes, SaaS Management gives you multiple options to restrict user access to unapproved apps. You can set the default option to warn or block users when accessing unapproved apps. You can also set specific overrides for each app within its review modal.

Note:

App blocking prevents navigation in the user’s browser UI with the extension installed, but doesn’t block network traffic or access to the site on the device.

Additional Resources

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case