Shadow IT SaaS analytics

Shadow IT SaaS analytics provides visibility into the SaaS applications your users are visiting. This information allows you to create identity and device-driven Zero Trust policies to secure your users and data.

To access Shadow IT SaaS analytics, in Zero Trust ↗, go to Analytics > Dashboards, then select Shadow IT: SaaS analytics.

Prerequisites

To allow Cloudflare to discover shadow IT in your traffic, you must set up HTTP filtering.

Use Shadow IT SaaS analytics

1. Review applications

The first step in using the Shadow IT SaaS analytics dashboard is to review applications in the Application Library. The App Library synchronizes application review statuses with approval statuses from the Shadow IT Discovery SaaS analytics dashboard.

To organize applications into their approval status for your organization, you can mark them as Unreviewed (default), In review, Approved, and Unapproved.

Status	API value	Description
Approved	`approved`	Applications that have been marked as sanctioned by your organization.
Unapproved	`unapproved`	Applications that have been marked as unsanctioned by your organization.
In review	`in review`	Applications in the process of being reviewed by your organization.
Unreviewed	`unreviewed`	Unknown applications that are neither sanctioned nor being reviewed by your organization at this time.

To set the status of an application:

In Zero Trust ↗, go to My team > App Library.
Locate the card for the application.
In the three-dot menu, select the option to mark your desired status.

Once you mark the status of an application, its badge will change. You can filter applications by their status to review each application in the list for your organization. The review status for an application in the App Library and Shadow IT Discovery will update within one hour.

2. Monitor usage

Review the Shadow IT SaaS analytics dashboard for application usage. Filter the view based on:

Field	Description
Application	SaaS application's name and logo.
Application type	Application type assigned by Cloudflare Zero Trust.
Status	Application's approval status.
Secured	Whether the application is currently secured behind Cloudflare Access.
Users	Number of users who connected to the application over the period of time specified on the Shadow IT Discovery overview page.

To manage application statuses in bulk, select Set Application Statuses to review applications your users commonly visit and update their approval statuses.

3. Create policies

After marking applications, you can create HTTP policies based on application review status. For example, you can create policies that:

Launch all Unreviewed and In review applications in an isolated browser.
Block access to all Unapproved applications.
Limit file upload capabilities for specific application statuses.

To create an HTTP status policy directly from Shadow IT Discovery:

In Zero Trust ↗, go to Analytics > Dashboards, then select Shadow IT: SaaS analytics.
Select Set application statuses.
Select Manage HTTP status policies, then choose an application status and select Create policy.

Available insights

The Shadow IT SaaS analytics dashboard includes several insights to help you monitor and manage SaaS application usage.

Number of applications by status: A breakdown of how many applications have been categorized into each approval status. The list of applications is available in the App Library.
Data transferred per application status: A time-series graph showing the amount of data (in gigabytes) transferred to an application in the given status.
User count per application status: A time-series graph showing the number of users who have interacted with at least one application in a given status. For example, a user can use an Approved application shortly followed by an In review application, contributing to counts for both of those statuses.
Top-N metrics: A collection of metrics providing insights into top applications, users, devices, and countries.

Was this helpful?

Community
X
Discord
YouTube
GitHub