Skip to main content

Browser extension

The browser extension for Snow SaaS Management discovers SaaS application usage in web browsers across your IT estate. The data is presented in the SaaS pages.

The information below applies to the Snow Atlas browser extension for SaaS. Snow also offers agent-based browser extensions. For more information, see Agent-based browser extensions.

The browser extension is a powerful tool to discover unknown SaaS application usage. The collected user activity also enriches subscription and user data from the SaaS connectors.

Overview

The browser extension discovers SaaS applications, users, and user activity in web browsers across your IT estate. The collected data is consolidated and presented as discovered applications and users, and user activity, in SaaS. The browser extension has the discovery type Browser. For more information, see SaaS discovery and Data consolidation.

Browser-extension-SaaS.jpg

Availability

The browser extension supports the Chromium-based browsers Google Chrome and Microsoft Edge. The details are listed in the table below.

BrowserPlatformExtension nameLocation
Google ChromeWindows, macOSSnow SaaS app discovery and usageThe extension is available in Chrome Web Store . Snow Software is the official publisher of the extension.
Microsoft EdgeWindows, macOSSnow SaaS app discovery and usageThe extension is available in Chrome Web Store . Snow Software is the official publisher of the extension.

Technical description

The browser extension tracks user activity on SaaS application domains. The extension does not track the duration of the activity.

The process for communication, data collection, filtering, and sending the data to Snow Atlas is outlined below:

  1. The browser extension communicates with the token broker proxy using an mTLS protocol and the client certificate installed on the user's machine. It obtains a JWT token, which is then used for secure communication with Snow Atlas.

    For more information, see Token broker proxy.

  2. The browser extension requests a cloud recognition allowlist from Snow Atlas, that includes pre-defined, business-relevant SaaS application domains.

  3. The browser extension then monitors user activity in the browser. It tracks every time the user visits a SaaS application domain, clicks on the page, navigates on the page, and refreshes the page. All these events get a UTC time stamp.

  4. The browser extension filters the collected data based on the cloud recognition allowlist and only keeps the usage captured on applications from listed domains.

  5. The collected usage and UTC time stamp is mapped to the email address that is tied to the mTLS client certificate installed on the user's machine.

    For information on collected data, see Data retrieved by the browser extension.

  6. The browser extension sends the collected data to Snow Atlas where a recognition process sorts it based on:

    • full recognition: signed-in activity on the application domain

    • basic recognition: visits on the application domain, but it cannot identify if it is signed-in activity

  7. The collected data is consolidated and displayed in SaaS.

    For more information, see Data consolidation.

Configuration

To configure the browser extension for SaaS, do the following tasks in this order:

  1. Prepare certificates to use with the browser extension and the token broker proxy.

    For more information, see Certificates required.

  2. Create a token broker registration.

    For more information, see Create token broker registrations.

  3. Install a token broker proxy service.

    For more information, see Install token broker proxy.

  4. Configure and install the browser extension.

    For more information, see Configure browser extensions.

note

Snow supports the browser extension itself and the correct processing and presentation of the collected data in SaaS on Snow Atlas. Snow also provide support for the token broker registration in Snow Atlas.

Snow does not provide support to create and install certificates, install the token broker proxy service, or configure and install the browser extension. Refer to your IT organization for support of these tasks.

Security considerations

The browser extension only collects information on the user-visited URLs, it does not change or read the content of the visited web pages. The extension neither collects, examines, nor utilizes security headers, request body, or any other parameters. For information on retrieved data, see Data retrieved by the browser extension.

The collected data is sent to Snow Atlas in a secure connection ensured by a HTTPS protocol and using a JWT token issued by the token broker proxy. For more information, see Token broker proxy.

For more information on security on Snow Atlas, see Security.