Answer
How do I detect shadow SaaS?
Short answer
Combine three signals: OAuth grants from Google/Microsoft, expense-report keyword matching, and browser sign-in telemetry from your MDM or CASB.
Details
OAuth grants are the highest-signal source — any app a user connected to Google or Microsoft leaves a permanent record you can pull via API. Expense reports catch the credit-card side. Browser telemetry catches direct signups.
Rank findings by data sensitivity (PII, source code, financials) not just count. A rogue Notion is different from a rogue analytics tool piped to customer data.
Automate this with SeatMap.AI
The audit path above works. It also takes hours per month per tool. SeatMap.AI runs it on a schedule, stages the reclaim actions for review, and shows you the annualized savings in real dollars.