Skip to content
English
Customer portal
Go to culture.ai
  • There are no suggestions because the search field is empty.

Detecting New and Unapproved SaaS Tools

Detecting New and Unapproved SaaS Tools

CultureAI helps you detect when employees use new, unrecognised, or unapproved SaaS tools — giving you the visibility and control you need to manage shadow IT, reduce exposure, and prevent risks like poisoned tenant attacks.

These detections are powered by browser telemetry and identity-based login analysis, helping you stay ahead of SaaS-related threats before they escalate.

What We Detect

New SaaS App Detection

We detect when a user logs into a SaaS app that has never been accessed before by anyone else in your organisation.

This helps you:

  • Catch early signs of shadow IT

  • Identify risky trial usage of unknown tools

  • Prevent poisoned tenant or fake service logins

Example: A user logs into ai-generator-x.com — a domain not seen before in your organisation. A "New SaaS Tool" risk is raised and flagged for review.

Unapproved SaaS Tool Detection

Even if a SaaS app is already in use, CultureAI can raise a risk when a user logs into an app that has been explicitly marked as unapproved in your SaaS app settings.

This helps you:

  • Enforce security policies consistently

  • Reduce use of tools that don’t meet compliance or risk requirements

  • Catch usage that’s been previously reviewed and disallowed

Example: You’ve marked dropbox.com as unapproved in the platform. A user logs in — CultureAI flags this as an “Unapproved SaaS Tool” risk.

How Detection Works

  • CultureAI’s browser extension monitors credential-based logins to SaaS platforms

  • It checks the domain or app name against your organisation’s known SaaS tool list

  • If the app is new or marked as unapproved, a risk is raised

  • Each risk is tied to the user, app, domain, and login context

Managing SaaS App Approvals

You can manage SaaS tool approvals directly within the Behaviours → SaaS → Logged into unapproved software section of the platform:

  1. View a list of all SaaS apps detected across your organisation

  2. Mark apps as Approved, Unapproved, or leave as Neutral

  3. CultureAI will automatically:

    • Raise risks for unapproved apps when used

    • Suppress risks for approved apps (if relevant)

    • Raise “New SaaS Tool” risks when first-seen tools are used

Responding to SaaS Tool Risks

You can configure Playbooks to respond automatically when SaaS-related risks are detected. Example interventions:

  • Notify users via Slack or Teams if they log into an unapproved app

  • Route new tool usage to IT or procurement for review via Jira or ServiceNow

  • Display browser banners to nudge toward approved alternatives

Example Scenarios

Scenario Detection Raised
A user logs into a domain never seen before New SaaS Tool
A user logs into an app marked “Unapproved” Unapproved SaaS Tool
A previously new app is marked “Approved” No further risk raised
A user logs into an app with no status No risk until reviewed or approved/unapproved manually
 

Best Practices

  • Regularly review newly detected apps in the Behaviours section

  • Approve or unapprove tools based on security/compliance policy

  • Use interventions to guide user behaviour toward sanctioned tools

  • Consider pairing this with identity provider data to validate user access rights

Need help managing your SaaS app list or configuring responses?

Reach our to our customer success team.