Skip to content

Viewing the SaaS Inventory

Select Inventory > SaaS from the left panel to view of all applications and user accounts discovered across your organization.

You can toggle between two primary modes using the Live toggle:

  • Default View - Displays consolidated inventory data refreshed automatically within approximately 24 hours. This view is optimized for reporting, performing advanced search queries, and visualizations such as charts, filters, and saved queries.
  • Live View - Displays real-time SaaS discovery data as discovered by active browser extensions/IdP API. This view can be searched by application name. Use this mode if you wish to see immediate updates, for example if you onboard a new application and want to make sure it is reflected in the SaaS Inventory, or when testing configuration changes such as defining custom applications.

Use quick filters to refine applications listed in the table by source, identity risks, and newly discovered. Additional filtering can be applied by selecting More filters.

By default, non-corporate assets, such as applications that users log in to with their consumer credentials are hidden from the SaaS Inventory. Some legitimate corporate assets may be accessed using unknown credentials (usernames without a domain suffix) or consumer / social login. To display all applications select the Suitcase icon .

The source column displays details of where the account data was discovered:

  • Browser Extension - The active sign-in activity was discovered from user browsers.
  • IdP Connector - SSO activity was observed for at least one account, or that the application was discovered using the IdP's installed applications API.

Select the Grid / Visualization toggle to switch between view types:

  • Grid View - The default tabular view displaying detailed application and account metrics.
  • Visualization Mode - Keeps the same underlying query but allows you to create visualization charts and visual summaries based on SaaS attributes, usage, or risk indicators.

Select the Export data as CSV icon to export the grid view as a CSV file for further analysis and reporting.

Selecting an application opens the detail panel with detailed contextual information:

  • App description - A short overview of the application and its purpose.
  • Show more - Expands additional labels and metadata associated with the application including tags or compliance labels.
  • Sensitivity - Indicates the applications sensitivity level. By default, this is derived from out-of-the-box mappings based on the applications category. Admins can override the sensitivity value manually if needed. This affects the overall risk score.
  • Risk levelAuthorization, and App owner - Provides quick visibility into the applications ownership and overall risk posture.

Building a Basic Application Search Query

Basic search queries can be created by searching for an application name and selecting the filter dropdowns to refine your search criteria.

To build a basic search query:

  1. Go to Inventory > SaaS from the left panel.

  2. (Optional) Enter an application name in the search and select Enter.

  3. Select the filter dropdowns to refine your search.

    • Sources - select the desired sources.
    • Identity risks - select the desired risk types.
    • Newly discovered - select the desired time frame during which the application was discovered.

  4. Select More Filters to further filter based upon authorizations and login methods.

The search results are displayed based upon your selected search query. To save your query, select the Database icon  next to the search box, and select Save as new query.

Building Advanced Application Search Queries

Custom search queries can be created using the search box. Search queries for specific use cases can be built using predefined search query syntax's and combined with AND, OR, NOT, AND NOT, and TO operators.

To build an advanced search query:

  1. Go to Inventory > SaaS from the left panel.

  2. Enter the required syntax into the search box.

  3. Select the Database icon  next to the search box, and select Save as new query.

Sorting and Risk Calculation

By default, the SaaS Inventory is sorted by overall identity-breach risk for each application.

The risk score is calculated by combining two weighted factors:

  1. Exposure - Measures how easy it would be for a threat actor to gain access to an account in the application. Factors that increase exposure include a high number of compromised accounts, weak passwords, and lack of MFA enforcement.
  2. Sensitivity - Reflects the potential impact of a breach. The score is determined by the applications sensitivity classification, which defaults to OOTB mappings based on application labels. Admins can override the classification sensitivity manually in the applications side panel.

The calculated Risk Level (Low, Medium, High, or Very High) determines the applications position in the inventory and how it appears in risk-based visualizations.