Answer

How do I detect shadow SaaS?

Short answer

Combine three signals: OAuth grants from Google/Microsoft, expense-report keyword matching, and browser sign-in telemetry from your MDM or CASB.

Details

OAuth grants are the highest-signal source — any app a user connected to Google or Microsoft leaves a permanent record you can pull via API. Expense reports catch the credit-card side. Browser telemetry catches direct signups.

Rank findings by data sensitivity (PII, source code, financials) not just count. A rogue Notion is different from a rogue analytics tool piped to customer data.

Automate this with SeatMap.AI

The audit path above works. It also takes hours per month per tool. SeatMap.AI runs it on a schedule, stages the reclaim actions for review, and shows you the annualized savings in real dollars.

Related answers