Suspicious Activities Tab
info
SaaS applications without usage data will not display a Suspicious Activities tab.
The Suspicious Activities tab shows all user accounts within a SaaS application that could be suspicious or require further action. For details, see Tracking Suspicious Activities for a Specific Managed SaaS Application.
Accessing the Suspicious Activities Tab
The following instructions describe how to access the Suspicious Activities tab for SaaS applications that provide usage data.
To access the Suspicious Activities tab:
- Go to the Managed SaaS Applications page ( SaaS > Managed SaaS Applications ).
- Select the appropriate SaaS application’s instance link. The instance’s Overview tab opens by default.
- Go to the Suspicious Activities tab.
Suspicious Activities Tab UI Overview
The following tables describe the buttons and table columns on the Suspicious Activities tab.
Suspicious Activities Tab Buttons
The following table describes the buttons on the Suspicious Activities tab.
| Button | Description |
|---|---|
| Export CSV | Exports a listing of your SaaS application’s Suspicious Activities based on your chosen filtering options. |
| Search | Provides a full-text search for the following Suspicious Activities columns: User First Name Last Name |
Suspicious Activities Tab Table Columns
The following table describes the SaaS application’s Suspicious Activities table columns.
| Column | Description |
|---|---|
| User | This column displays either the: User’s email address. User’s unique ID when an email address is not returned from the SaaS application’s API integrated with SaaS Management. |
| First Name | This column displays either: The user’s first name. A blank field or information other than the user’s first name. This event occurs when the user’s first name was not returned from the SaaS application’s API integrated with SaaS Management. |
| Last Name | This column displays either: The user’s last name. A blank field or information other than the user’s last name. This event occurs when the user’s last name was not returned from the SaaS application’s API integrated with SaaS Management. |
| Activity Type | This column displays either: Unauthorized for unauthorized users who are inactive in the HR Roster and are using an application. Unrecognized for unrecognized users who are not listed in the HR Roster and are using an application. Unknown for activity that cannot map to a member on the Application Roster. This is a unique scenario that typically occurs on first-time integration runs. The first-time Application Access task typically pulls in the last 30 days events while the Application Roster typically pulls in the current list of users. Therefore, it could be that SaaS Management recorded activities within the last 30 days associated to users that are no longer on the current roster. The unknown activity should eventually go away as this report only identifies the last 30 days’ activities. |