Browser Extension
The SAAM browser extension provides visibility and supports governance processes across both managed and unmanaged SaaS environments. It operates in the browser to detect, correlate, and enhance governance of certain identity-related activities, without requiring any end-user configuration or interaction.
Note
The browser extension must be deployed in a currently-supported browser. Contact your Customer Success Manager for more information.
Deployment and Operation
Deployment is supported by any MDM solution, including Intune, Jamf, and Workspace ONE (to be provided by the customer). Once deployed, the browser extension installs and begins operation.
It is recommended to deploy the browser extension in a locked state, preventing end users from disabling it. For cases requiring flexibility, the browser extension supports temporary pause functionality, governed by role-based policy controls.
If disabled or temporarily suspended, the browser extension will not operate as described in this documentation.
The browser extension automatically authenticates using the logged-in user’s corporate identity, ensuring continuous correlation to the employee’s IdP account.
| Intune | Chrome for Windows Edge for Windows Chrome for Mac |
| Microsoft SCCM | Chrome for Windows Edge for Windows |
| Group Policy (GPO) | Chrome for Windows Edge for Windows |
| Jumpcloud | Chrome for Windows Chrome for Mac |
| Jamf Pro | Chrome for Mac Edge for Mac |
| Chrome Enterprise | Chrome Enterprise |
| Workspace ONE UEM | Chrome for Mac |
| Powershell template | Chrome Edge |
| Powershell (Self Signed) | Chrome Edge Certificate |
Intelligent Sign-In Detection
Using a generic sign-in detection algorithm, the browser extension recognizes authentication events across any web application. This includes commercial business applications such as Salesforce and Workday, applications accessed for personal, non-work purposes, applications developed in house, and unsanctioned applications, often referred to as shadow IT applications.
For each login event, the browser extension:
- Detects the username used during authentication.
- Evaluates password complexity.
- Checks whether the password has appeared in any known breach databases.
Correlation and Identity Context
Because users are always authenticated against the enterprise IdP, the browser extension inherently correlates all discovered accounts and credentials back to the verified corporate identity. This enables SAAM to map the full relationship between a user’s primary identity and every account they access across the SaaS environment.
Activity and Metadata Logging
The browser extension records detailed activity logs with contextual metadata. Logged events include:
- Browsing session initiation.
- File uploads and downloads.
- Credential submissions and sign-ins.
- Clipboard paste and print operations.
This telemetry can be aggregated and analyzed at the browsing-session level, providing security and compliance insights without capturing private content.
Privacy and Control
Administrators can define allowlists and bypass rules for specific websites to preserve user privacy.
Password complexity and keyword checks are performed entirely on the client side, while compromised and reused passwords are validated using a cryptographically hashed version of the password that is designed to ensure that no plaintext credentials are exposed.
All privacy-related features can be managed and optionally disabled under Settings > General Settings > General > Privacy.
Important
The browser extension does not differentiate between personal applications and business applications, or between a user’s personal activities and business activities. It will capture the same details for personal activities conducted using any browser in which the extension is deployed. Customers are responsible for ensuring that the collection and use of personal activity data complies with applicable law and contract terms, which may include obtaining consent and/or notifying users about potential personal data collection and processing. Please contact your legal department with any questions.