Suspicious SaaS Activities
The Suspicious SaaS Activities page lists users who have access to one of your various applications, but these users are not currently active on your Human Resources (HR) roster. This page displays all suspicious activities across all applications managed in SaaS Management. The suspicious activities data is updated once a day and only contains usage within the last 30 days.
Accessing Suspicious SaaS Activities
To access the Suspicious SaaS Activities page, go to the SaaS menu and select Suspicious SaaS Activities .
Suspicious SaaS Activities Tasks
The following links describe the Securing SaaS User Accounts tasks you can perform on this page:
Suspicious SaaS Activities UI Overview
The following tables describe the Suspicious SaaS Activities types, buttons, and table columns.
Suspicious Activity Types
The following table describes the two suspicious activity types and the option for SaaS Management Administrators to identify unrecognized suspicious activities as recognized.
| Suspicious Activity Type | Description |
|---|---|
| Unauthorized | A user is inactive in the HR Roster and is using an application. |
| Unrecognized | A user is not listed in the HR Roster and is using an application. |
| Recognized | This option is only used by a SaaS Management Administrator to identify unrecognized suspicious activities as recognized. Examples: A Salesforce user is not listed in an organization’s HR Roster. However, the SaaS Management Administrator recognizes the user as a customer who has submitted a support ticket. A contractor with valid credentials is not listed in your HR Roster. A user has an email alias that does not match the user’s email address listed in your HR Roster. |
Suspicious Activity Buttons
The following table describes the Suspicious Activity buttons.
| Button | Description |
|---|---|
| Select | Displays the suspicious activity types and filters the Activity Type column information based on the chosen activity type. |
| Show Filters | Reveals columns that have search or filters. |
| Clear All | Clears search terms in grid column searches. |
| Export CSV | Exports a listing of your Suspicious Activities based on your chosen column and filtering options. |
Suspicious Activities Table Columns
The following table explains the Suspicious Activities table columns.
| Column | Description |
|---|---|
| User | Either: The user’s email address displays. The user’s unique ID displays when an email address is not returned from the application’s API integrated with SaaS Management. |
| First Name | Either: The user’s first name displays. This column is blank or information other than the user’s first name displays. This event occurs when the user’s first name was not returned from the application’s API integrated with SaaS Management. |
| Last Name | Either: The user’s last name displays. This column is blank or information other than the user’s last name displays. This event occurs when the user’s last name was not returned from the application’s API integrated with SaaS Management. |
| App | Links to the application’s Overview Tab . |
| Activity Type | Information is filtered based on the activity type chosen from the Select button. |