.png){kind=icon}
🔬 Findings
The goal of the 3rd-party apps tool is to minimize your attack surface by ensuring only the essential Auth0 tokens are active in your SaaS stack. Upon initiating a scan (see here), elba will detect the following items:
- Apps connected with OAuth tokens to users accounts
Dropbox
- Apps connected with OAuth tokens to users accounts
M365
- Apps connected with OAuth tokens to users accounts
Github
- Apps connected with OAuth tokens to users accounts
🧮 Apps inventory
After the scans are completed, you will gain increased visibility into SaaS usage within your organization, including a comprehensive list of all detected apps and the associated user accounts.
By clicking on each app, you'll gain access to a comprehensive view, including:
- App description and usage: What the app is about and who uses it within your organization
- App security assessment: Evaluation of AI exposure, data hosting, and compliance certifications
📁 Browsing issues
For each app detected, elba will create issues and associate them with the account owner. It is important to note that, at this stage, users will not be notified.
In the 'Issues' tab, you can browse all app detected by the scan and use advanced filters to refine your search. For example, you can filter issues to display only those related to apps that leverage AI technology or those that comply with a specific compliance framework, such as ISO27001.
🏌️ Activating checks
Now that elba has scanned your source and you have reviewed the issues, it’s time to activate the check. Activating a check will engage your team in reviewing and addressing security issues for the specified source.
How does it work? When a check is activated, synchronized users will receive notifications about their issues. They will also be guided on resolving these issues through their personal dashboard.
👌 Allow list
Before activating the check, you may want to configure the Allow-list. The aim of the Allow-list is to prevent alert fatigue among your teams by ensuring they are notified only about relevant issues.
Not all applications require review by your team; some may already be internally sanctioned and validated, while others may be deemed highly trustworthy due to their robust security measures. Before finalizing the check activation process, all applications used within the organization will be listed. You'll have the option to add trusted apps to the Allow-list, which will exclude them from the issues list, avoiding unnecessary notifications to your team.
🌟 Confirming check activation
Once all settings are configured, you can proceed with the activation of the check. Upon activation, issues will be distributed to your teams, and they will receive notifications from elba.
Users receive notifications about their security issues every Friday morning through a weekly digest, which compiles all their pending actions on Elba. For more information, please refer to Members notifications.
📁 User remediation
Users can review the issue and take action directly from their personal dashboard under the 'Checklist' tab. They will receive detailed context about the issue and guidance on how to address it.
There are two options available for remediating 3rd Party Apps issues:
- Continue with this app: Choose this option if the app is crucial for work and the user needs to continue using it.
- Revoke the permissions: Select this if the app is not essential or is no longer in active use, and the user wishes to revoke its access.
By clicking on ‘Revoke access’, the Auth0 scopes for the relevant app will be revoked at the source. This action occurs directly within elba, eliminating the need for the user to exit the application.
