Extensions | Axonius SaaS Management

The Axonius SaaS Management Extensions module allows you to see all the extensions created by users in your organization. An extension is one instance of a SaaS application giving access permissions to another SaaS or native application. Extensions enable a seamless SaaS application user experience.

With the Extension module you will discover:

• Who is using extensions to access your SaaS applications.
• What extensions exist in your cloud environment.
• Which extensions may compromise the organization’s data compliance program.
• What risks exist if third party applications used in the organization are breached.

Getting Started With Extensions

From the left navigation bar, click Extensions.

Overview of Extension Usage

At the top of the Extensions page are four graphs.

The graphs are:

• Tags count - Axonius assigns a status tag to each extension. The tags are:
  • Active extensions & inactive user - The extension is active and executing action while the user that created the extension has been inactive for the past 90 days.
  • Inactive user - A user that has been inactive on the application associated with the extension for 90 days.
  • Inactive extension - Extensions that have not been used for 90 days.
  • Non-identity - A type of extension permission that collects more than just the user’s identity. An example is read and write permissions
• Extensions by tags - The number of extensions associated with the different applications in your environment. You can filter the graph by the Account and tags drop-downs.
• Usage over time - Derived from the access logs collected by Axonius. To populate this graph, use the Account and time frame drop-downs.
• Users by extension count - The number of extensions per user. You can filter the list by Account.

Granular view of all extensions

Main View

The Main View tab shows the details of all the extensions created by users in your organization.

Use the drop-downs to filter the results in the table:

The following list defines the drop-downs and the column headings in the tables:

• Application - A SaaS application that gives access permissions to a Used by SaaS or native application.
• Account - The account name associated with an application.
• Unique user - the identity of the user that created the extension.
• Used by - The name of the SaaS application for which user permissions were granted by an Application.
• Extension name - A string for the application for which permissions were granted.
• Extension type - There are three types of extensions:
  • App-Specific Password - A password that allows users to sign into an SaaS application account when using a third party application. For example, using the iOS mail app to access a Gmail account.
  • Chrome extension - An extension on a Chrome browser that customizes the browsing experience by allowing access to a third party application. For example, a Salesforce Chrome extension.
  • Token - A token provides authentication and permissions for accessing your applications.
• Tags - The tags are:
  • Active extensions & inactive user
  • Inactive user
  • Inactive extension
  • Non-identity
• Created - The date the extension was created.
• Last used date and time - The last date and time the extension was used
• Last user login - The last time the user logged in Used by application.
• Permissions - A list of specific permissions associated with an extension. An example of a permission might be access to calendar events To access permissions, click the icon to open the permissions drawer. You will see a complete list of permissions for the selected extension.
• Open in activity log - This is a log of all the instances detected by Axonius over the last 90 days of a Used By application using its access permissions to access an application. To access the log, scroll the Extensions table horizontally, and hover over the column to the right of Permissions to reveal the Open in activity log link.

Activity log

The activity log shows all the instances detected by Axonious over the last 90 days of when a Used by application uses its credentials to access an application.