Suspicious Activities Tab

Important:SaaS applications without usage data will not display a Suspicious Activities tab.

The Suspicious Activities tab shows all user accounts within a SaaS application that could be suspicious or require further action. For details, see Tracking Suspicious Activities for a Specific Managed SaaS Application.

To access the Suspicious Activities tab:

Go to the Managed SaaS Applications page (SaaS > Managed SaaS Applications).

Select the appropriate SaaS application’s instance link. The instance’s Overview tab opens by default.

Go to the Suspicious Activities tab.

The following tables describe the buttons and table columns on the Suspicious Activities tab.

•

Suspicious Activities Tab Buttons

•

Suspicious Activities Tab Table Columns

Suspicious Activities Tab Buttons

The following table describes the buttons on the Suspicious Activities tab.

Button

Description

Export CSV

Exports a listing of your SaaS application’s Suspicious Activities based on your chosen filtering options.

Provides a full-text search for the following Suspicious Activities columns:

•

User

•

First Name

•

Last Name

Suspicious Activities Tab Table Columns

The following table describes the SaaS application’s Suspicious Activities table columns.

Column

Description

User

This column displays either the:

•

User’s email address.

•

User’s unique ID when an email address is not returned from the SaaS application’s API integrated with SaaS Management.

First Name

This column displays either:

•

The user’s first name.

•

A blank field or information other than the user’s first name. This event occurs when the user’s first name was not returned from the SaaS application’s API integrated with SaaS Management.

Last Name

This column displays either:

•

The user’s last name.

•

A blank field or information other than the user’s last name. This event occurs when the user’s last name was not returned from the SaaS application’s API integrated with SaaS Management.

Activity Type

This column displays either:

•

Unauthorized for unauthorized users who are inactive in the HR Roster and are using an application.

•

Unrecognized for unrecognized users who are not listed in the HR Roster and are using an application.

•

Unknown for activity that cannot map to a member on the Application Roster. This is a unique scenario that typically occurs on first-time integration runs. The first-time Application Access task typically pulls in the last 30 days events while the Application Roster typically pulls in the current list of users. Therefore, it could be that SaaS Management recorded activities within the last 30 days associated to users that are no longer on the current roster. The unknown activity should eventually go away as this report only identifies the last 30 days’ activities.