Skip to content

Configuring Privacy Controls

Admins can set when the browser extension monitors and logs browser activity through privacy controls.

  • Send password hashes to the cloud - When enabled, password hashes are sent to the SailPoint Accelerated Application Management cloud so SailPoint Accelerated Application Management can detect reused passwords and compromised accounts.
  • Store hashed passwords - When enabled, hashed passwords are stored so SailPoint Accelerated Application Management can detect reused passwords.
  • Activate when using personal profile - When enabled, and a non-corporate browser profile is used, SailPoint Accelerated Application Management will monitor and log the activity.
  • Global allowlist - When an application, domain, or IP address is added, SailPoint Accelerated Application Management will not monitor activity for sessions involving matching items.
  • Set who can pause the browser extension - Set whether all or only specific users are allowed to pause the extension.

Sending Password Hashes to the Cloud

The Send Hashed Passwords to the Cloud toggle allows the SailPoint Accelerated Application Management browser extension to transmit a cryptographically hashed version of the user’s username and password to the SailPoint Accelerated Application Management cloud. This transmission supports security checks, including:

  • Breached/Compromised Credentials - Determines whether the account appears in known breach or dark-web datasets.
  • Password Reuse Detection - Detects whether the same password is used across multiple applications.

Important

  • Enabling Send Password Hashes to the Cloud only submits the hash for external verification. The hashed username and password is not stored. This is sufficient for the detection of compromised credentials.
  • To support password reuse detection, Send Password Hashes to the Cloud and Store Hashed Passwords must be enabled.

To send password hashes to the cloud:

  1. Go to General settings > General tab.

  2. Within the Privacy section, select the toggle next to Send password hashes to the cloud.

Storing Hashed Passwords

The Store Hashed Passwords toggle allows the SailPoint Accelerated Application Management browser extension to store a cryptographically hashed version of the user’s password on their endpoint to support detection of reused passwords.

To store hashed passwords:

  1. Go to General settings > General tab.

  2. Within the Privacy section, select the toggle next to Store hashed passwords so Savvy can detect reused passwords.

Important

To fully support password reuse detection, Send Password Hashes to the Cloud and Store Hashed Passwords must be enabled.

Logging Personal Profile User Activity

The Activate when using personal profile toggle controls if SailPoint Accelerated Application Management monitors and logs user activity when a non-corporate browser profile is used.

To activate browser extension when using a non-corporate browser profile:

  1. Go to General settings > General tab.

  2. Within the Privacy section, select the toggle next to Activate when using personal profile.

Note

This setting only applies if your organization requires the use of separate browser profiles for corporate and personal web browsing.

Managing Global Allowlist

The Global Allow List is a policy-level feature that allows admins to explicitly exclude specific websites or applications from being monitored. When a website or application is included in the global allow list, the browser extension does not trigger for that destination resulting no activity being collected or logged.

To add an application to the allowlist:

  1. Go to General settings > Global allowlist tab.

  2. Select Add items.

  3. Select Applications.

  4. Select Next.

  5. On the allow items window, select the Value field and complete the following:

    • Select Lists to choose lists of applications.
    • Select Applications to choose individual applications.

  6. Select Add.

SailPoint Accelerated Application Management will not monitor activity for sessions involving matching websites or applications.

To add a domain to the allowlist:

  1. Go to General settings > Global allowlist tab.

  2. Select Add items.

  3. Select Domains.

  4. Select Next.

  5. On the allow items window, select the Value field.

  6. Select the desired list of domains.

  7. Select Add.

SailPoint Accelerated Application Management will not monitor activity for sessions involving matching domains.

To add an IP address to the allowlist:

  1. Go to General settings > Global allowlist tab.

  2. Select Add items.

  3. Select Domains.

  4. Select Next.

  5. On the allow items window, select the Value field.

  6. Select the desired list of IP addresses.

  7. Select Add.

SailPoint Accelerated Application Management will not monitor activity for sessions involving matching IP addresses.

Pausing the Browser Extension

Admins can configure whether all users or only specific users can pause the browser extension on their endpoint.

To configure who can pause the browser extension:

  1. Go to Extensions > Settings tab.

  2. In the Set who can pause the extension section, complete the following:

    • All users – Select to allow all users to pause the browser extension.
    • Only the following users – Select to choose specific users or groups that can pause the browser extension.

  3. Select Save.