SaaS Security Administrator's Guide
    : Identify Risky Unsanctioned SaaS Applications and Users
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Inline
    5. Assess Risks of Unsanctioned SaaS Apps
    6. Identify Risky Unsanctioned SaaS Applications and Users
    Download PDF

    SaaS Security Administrator's Guide

    Identify Risky Unsanctioned SaaS Applications and Users

    Table of Contents

    Identify Risky Unsanctioned SaaS Applications and Users

    Learn how to identify and remediate risky apps on SaaS Security Inline.
    SaaS Security Inline provides tools to help you identify risky SaaS applications and users, including analytics, risk scores, and reports. After you identify your organization’s risks, you have the following solutions to increase your security posture:
    • Author and submit SaaS security policy rule recommendations to address the risks. However, before you do so, consider some guidelines.
    • Identify a competing product that’s more secure. Search the Application Dictionary by Category to find a suitable replacement.
    • Notify users of the unsanctioned app to use the alternative, sanctioned app. Don’t forget to tag the sanctioned SaaS application.
    • Change the risk score.
    • Identify opportunities to develop training for employees and internal policies.

    Identify Risky SaaS Users

    Although Discovered Users, displays your list of users that are using discovered SaaS apps, not all of those uses are risky. You’ll need to observe the users in the context of the risky SaaS apps and overall application usage (MB). For example, if you find 100 users using WeTransfer but only a few people are uploading large amounts of data, those users are likely risky users and require more scrutiny.
    1. Navigate to SaaS Security Inline.
    2. To navigate to the Discovered Applications view, select Applications.
    3. Filter on SaaS apps with a risk score of 4 or 5.
    4. Do one of the following:
      • Click on the individual SaaS apps.
      • Click on the number of users for the SaaS apps.
    5. Sort the column by Usage.

    Identify Risky SaaS Applications

    A risk score in SaaS Security Inline enables you to make decisions about security posture of a given app. The risk score is between 1 (low risk) and 5 (high risk) and is based on compliance attributes. Key attributes have a higher impact on the score: the score is assigned by applying different weights to each compliance attribute and calculating the score based on whether the application meets those compliance standards.
    1. Navigate to SaaS Security Inline.
    2. To navigate to the Discovered Applications view, select Applications.
    3. Sort the table by Risk in descending order.
    4. Observe the Risk score for each SaaS application in the High risk category.
      Risk Score
      Description
      4-5
      High Risk — Very likely to be a risk.
      3
      Medium Risk — Moderate risk.
      1-2
      Low Risk — Unlikely to be a risk.
    5. Open the Application Detail for the SaaS application to assess the risk characteristics (compliance attributes) that contribute to this risk score.

    © 2025 Palo Alto Networks, Inc. All rights reserved.