SaaS Applications

Use the Saas Applications page to see a consolidated view of all SaaS applications in the Axonius Catalog (a repository of SaaS applications that you can use to evaluate potential vendors) and applications detected in your organization. The Saas Applications page delivers increased management and oversight over the various applications used in your organization. It helps security, IT, and risk teams understand:

• How each application is managed

• What level of security risk is posed by each application

• Who is using each application

• Whether their SaaS accounts are paid or unpaid

• Which security standards an application is compliant with

• and more...

Click the Assets icon and from the left pane, select SaaS Applications.

Overview

The Overview section contains three visual displays of the SaaS applications in your organization. These charts adjust reflect any query applied to the page.

You can click the Hide Charts icon to hide the graphs in the Overview section. Click it again to display the graphs.

• The Application Categories graph shows the number of SaaS applications per category (Sales, Security, Productivity, etc.). Hover over the various bars to see the percentage of applications for each category.
• The Affiliated Users per Application graph shows the number of affiliated users detected for each SaaS Application. Hover over the various bars to see the percentage of organization users for each application.
• The Application Risk chart shows the segmentation of the SaaS applications in your organization by risk level. Hover over the segments of the pie chart to see the number of applications represented by each segment. Select the checkboxes corresponding to the risk levels you want to display in this chart.

Views

You can display SaaS Applications in a Table that shows data for the applications in its various columns, or in a Tiles view that displays an individual tile for each application. The page opens displaying the default Table view. You can change to the Tiles view by selecting the Tiles icon .

To set the Tiles view as the default SaaS Applications view, select the option in Configuring User Interface Settings.

Tiles View

Application Tiles

The Tiles view displays a tile for each SaaS application used in your organization that meets the defined filter criteria.

The Repository page contains similar tiles and pages for over 1800 SaaS applications that you can use to evaluate potential vendors.

Each card contains the following information:

• Risk level
• Tags indicating if and how the application is managed
• The number of users managed by SSO
• The number of users managed by the application
• The number of inactive users

You can click any of the numbers to view the list of users that it represents. For more information about these fields, see Enrichment Fields.

Sort the Tiles

To change how the tiles are displayed:

1. Open the Sort By drop-down.
   

2. Select to sort the tiles alphabetically from A to Z, Z to A, Risk, or Application Category.

Table View

Each row in the Table view represents an individual SaaS application. Not all of the fields are displayed by default. Use Edit Columns to add or remove columns. Each user can customize what fields appear in their own, personalized default view. For more information, see Setting Page Columns Displays.

Click the arrow next to any of the fields to see more details about that field.

Adapter Connections

The Adapter Connections column displays the icons of the adapter connections from which this SaaS Application was seen or the source from which Axonius draws the data for any of the displayed applications.

Axonius Catalog - A repository of SaaS applications that you can use to evaluate potential vendors. This connection includes all data from the catalog. You can use the aggregated adapter to query all of the fields from the Axonius Catalog (such as SSO, security, policies, and more) to display applications that meet your selected criteria.

Axonius Discovery- Axonius leverages its device inventory to discover SaaS application usage per device.

Axonius adapter - The Axonius adapter connection.

CSV Adapter - Application data manually uploaded to Axonius from a CSV file. For more information, see CSV - Applications.

Application Fields

You can view and query many fields on the SaaS Applications page. These fields include the following categories:

Static Fields

These fields display static data about the application. This data is not subject to change across different user accounts. Some examples of these fields include:

• Name- Name of the application.

• Category - The industry category that defines the application type.

• Risk -An assessment of the application's potential security risks (Low, Medium, or High). For more information, see Application Risk Level.

• Compliance - The security standards that are relevant for this application, based on information provided by the application's vendor. Hover over the number to see all the relevant standards.

• Approval Status - Indicates whether a SaaS Application is approved or not. 'Approved' values appear in green and 'Not Approved' values appear in red.

• Recommendations - A complex field that displays insights to help users resolve potential issues related to applications. The complex field contains the following sub fields: includes the following fields for each relevant SaaS Application:

  • Name - Category to describe the insight (for example: Unmanaged Extension Users of an unmanaged app).
  • Type - The type of entity affected by this application issue.
  • Severity - Indication if the issue represents a high, medium, or low level security threat.
  • Description - A description of the insight about the application.
  • Quantity - Number of application entities affected by this issue.
  • Remediation - Steps to be taken to resolve this issue.

• Multi Factor Authentication - Indicates if the application uses MFA for sign-in.

• SSO Supported - Indicates if the application is an SSO application.

• Preferred Category - Displays a single application category, even for applications with multiple categories. For Apps fetched by Zscaler, the field prefers the Axonius SaaS Repository category value.

• Owner - The application's owner who is responsible for the application with in your organization. When this value is empty, you can manually add an owner using the Edit functionality.

  • To do this, first add the Owner to the table, using Edit Table.
  • Hover over a row, a Pencil icon is displayed.
  • Click the icon and from the dialog that appears, edit the Owner value.

• Bitsight Security Rating - A complex field that includes the following fields for each relevant SaaS Application:

  • Security Rating - Bitsight's numeric rating for the application from 250 - 900.
  • Risk - The corresponding risk assigned to the application based on the security rating. Values include High (250-630), Medium (640-730), and Low (740-900).
    For more information, see What is a Bitsight Security Rating?

Enrichment Fields

These fields provide an additional level of detailed insights on your SaaS environments' applications, their users, and spending (based on account). These fields provide either a number of results for a specific query, an aggregated number that represents a dollar value connected to spending for a SaaS application, or a True/False value for an application parameter. For fields that display a number, you can click the number to view the list of items that it represents. The relevant data is derived from information fetched from the application.

You can use these fields as indicators of where you might want to do more research on the activities in your organization's SaaS environment. For example, if an application has a high number of Total Misconfigured Settings, then you'll likely want to further research how that application is being used and if it's posing security risks for your organization.

Alternatively, you might want to take note if an expense amount is particularly high for an application to see if you are spending significantly more than you need to be on that application.

• Dynamic fields - Some examples of these fields include:
  • Associated Owner - Displays the value of the 'Username', 'Email, and 'User Department' fields from the Axonius User associated with the SaaS Application Owner.
  • Is Discovered - Indicates if the application was discovered in your organization's SaaS environment (a subset of the SaaS Applications Repository).
  • Is managed - Indicates if the application is managed (via Axonius adapter, SSO or both) or not managed at all.
  • Is managed by Connected App - Indicates if the application is managed by its own adapter (for example: Zoom is managed by the Zoom adapter).
  • Is managed by SSO - Indicates if the application is managed by the organization’s SSO solution.
  • SSO Provider - Displays the logo of the application configured as the Single Sign-On (SSO) provider for accessing the SaaS application.

System Settings New Features and Enhancements

• Generated From - An indication on how a SaaS application was discovered (by its own connected adapter, from an installed software or a CVE on a device, an extension, a DNS record, an expense, or a license).
• Excessive Write Permissions - The application's user extensions with Write permissions.
• Excessive Read Permissions - The application's user extensions with Read permissions.
• Counter fields - Calculated fields that display the number of users that meet the criteria defined for that field. You can click on the number to open the list of assets that the number represents on the relevant asset page, with the query automatically populated in the Query Wizard. Some examples of these fields include:
  • Affiliated Users - All users for the application. These users are retrieved using the app's adapter, extensions used by the app, or DNS records that connect the users to the app.
  • Direct Adapter Users - Users fetched from the same application's adapter.
  • Managed Operational Active Users - Users who have logged into the application in the past number of days defined in the System Settings.
  • Managed Operational Inactive Users - Users who have not logged into the application in the past number of days defined in the System Settings.
  • SSO Users - Users that are managed by the organization’s SSO (user extensions fetched from the SSO adapter, and their extension type is “SSO").
  • Direct Operational Not SSO - Users who have been off-boarded from the SSO (removed, suspended, or deleted) but are still managed by the application.
  • SSO Not Direct Users - Users that are managed in the organization's SSO solution, but not directly in the app.
  • Last enrichment run - The date of the last enrichment on this application.
  • Suspended Users - The number of suspended users for this application.
  • Expense Amount - The total aggregated expenses cost for this application for the current calendar year.
  • License Cost - The total aggregated cost of licenses (active and inactive) for this application for the current calendar year.
  • External Users - The number of external users for this application.
  • User Extensions Used by App - The number of users that have extensions used by this application.
  • Upcoming renewals - The number of licenses for this application that are set to be renewed in the next 90 days.
  • Total Misconfigured Settings - The number of settings defined as misconfigured for this application.
  • Total Accounts - The number of separately managed instances of this application.

Access The SaaS Applications Repository

The SaaS Application Repository page contains data and pages for a myriad of SaaS applications that you can use to evaluate potential vendors. This includes general information about these apps and their vendors and is not limited to applications that are used in your organization.

To open the SaaS Applications Repository, click Repository.

Creating Queries on SaaS Applications

You can create queries on this page using the Query Wizard or the Basic Query and query fields such as the fetch time, adapter connections, or Single Sign On. You can add additional levels to the query, such as querying by risk and security policy. Use these queries to find out which applications exist with asset context in your environment or how many applications have a particular risk score. Refer to Creating Queries with the Queries Wizard and how to create Queries in Basic mode to learn more about creating queries.

For example, this query enables you to determine how many high-risk applications were discovered in your SaaS environment:

After running the query, the overview and table show the queried applications, filtered by the criteria you defined in your query.

Adding Custom Data to an Application

You can add custom fields to one or more SaaS Application assets at the same time. You can use this to add and manage your own organization-specific data. For example, for an application your organization uses, you may want to add an Owner, Business Critical Designation, Custom Risk Evaluation, or other data points that you can edit for an application.
Select one or more applications and from the Actions menu choose Add Custom Fields.

Refer to Working with Custom Data to learn about adding custom fields.

Add Tags to SaaS Applications

Use tags to assign context to your assets for granular filters and queries. Apply new or existing tags to the selected applications. The list of selected tags is applied to all selected applications.

Refer to Working with Tags to learn about adding tags to applications.

View an Application Profile

You can click on an individual application asset to see all the data for that particular application. For more information, see Asset Profile Page.