SSPM Administration
  • SSPM Administration
  • SaaS Security Documentation
  • All Documentation
>
View Third-Party Plugin Users
Focus
Download PDF
Focus
  1. Home
  2. SaaS Security
  3. Assess Posture Security
  4. View Third-Party Plugins
  5. View Third-Party Plugin Users
Download PDF
SaaS Security

View Third-Party Plugin Users

Table of Contents

View Third-Party Plugin Users

Examine the access scopes that users granted to a third-party plugin to assess the risks to your environment.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Strata Cloud Manager)
  • SaaS Security Posture Management license
Or any of the following licenses that include the Data Security license:
  • CASB-X
  • CASB-PA
From the 3rd Party Plugins page's Users tab, you can view all the users who have installed third-party plugins in marketplace apps. For each user you can view how many plugins they have installed, and the marketplace applications in which they have installed plugins. Use this information to identify usage risks posed by individual users.
If supported by the SaaS marketplace app, you can examine the users who installed third-party plugins. This information will help you to identify usage risks posed by individual users. In Slack, plugins are installed to a workspace and are then accessible to all members of the workspace. For this reason, when viewing a Slack app, you can examine workspaces instead of users. User information is not available for Atlassian or Zoom.
User information is not available for Atlassian and Zoom. The 3rd Party Plugins page does not include user information for these marketplace apps.

View Third-Party Plugin Users Across All Marketplace Apps

Review the information on the 3rd Party Plugins page's Users tab to identify the usage risks posed by individual users.
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationSaaS SecurityPosture Security3rd Party Plugins.
  3. Navigate to the Users tab to view plugin use across marketplaces by individual users.
    The Email column identifies the email address of the user who installed the third-party plugin. The Name column identifies the user name, except for Slack. In Slack, plugins are installed to a workspace and are then accessible to all members of the workspace. For this reason, the Name column for a Slack application identifies the slack workspace.
    The Marketplaces column shows all the marketplace types to which the user has installed plugins. User information isn’t available for Atlassian and Zoom. If the user has installed plugins in one of these marketplace types, the Marketplace column does not show that information.
  4. Review the Users table for potential risky users. For example, you might want to review the users who have installed the most plugins, as shown in the Plugins column. To view all of the plugins that the user has installed, click on the user's email address in the Email column.
  5. Take action on the third-party plugin.
    From the Actions column, you can specify that you Reviewed the plugin and will allow its continued use. From the Actions column you can also, in some cases, Revoke Access to the plugin for all active users of the plugin. To revoke access for individual users, click on Plugin Name in the table and, in the Plugin Details panel, navigate to view the plugin's Users. Whether the Revoke Access action is available depends on the level of permission that SSPM has to the marketplace app, and on the capabilities that the marketplace app's API provides. If the Revoke Access action isn’t available, you can instead log in to the SaaS app's administration console, and follow its documentation to remove the plugin.

View Third-Party Plugin Users for One Marketplace App

The Users tab shows the users who installed third-party plugins. Use this information to identify usage risks posed by individual users
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationSaaS Security.
  3. Navigate to the third-party plugins for a marketplace app. Do one of the following:
    • Navigate to the third-party plugins from the dashboard:
      1. Select Posture SecurityDashboard, and locate the Applications by 3rd Party Plugins area. This area shows the marketplace apps that have the most unreviewed plugins. The area shows the number of unreviewed plugins for each app.
        Investigate each unreviewed plugin to judge whether it threatens your organization's security.
      2. For the marketplace app whose third-party plugins you want to review, click the Unreviewed Plugins link.
    • Navigate to the third-party plugins for a marketplace app from the Applications page.
      1. Select Posture SecurityApplications.
      2. Locate the SaaS app, then View Details.
      3. Select the Connected Applications tab.
  4. Select the Users tab. For Slack, select the Workspaces tab.
    The table on this page lists the users or workspaces that have connected plugin apps. The table displays information for each plugin, such as the email address of the user or workspace owner, the number of connected apps for the user or workspace, and the number of connected apps by app severity.
    Click the table's download icon to export the table information to a CSV file.
  5. Select the name of the user or workspace whose third-party plugin usage you want to review.
  6. Take action on the third-party plugin.
    For example, from the Actions column you can Revoke Access for the user. Whether the Revoke Access action is available depends on the level of permission that SSPM has to the marketplace app, and on the capabilities that the marketplace app's API provides. If the Revoke Access action isn’t available, you can instead log in to the SaaS app's administration console, and follow its documentation to remove the plugin.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.