Welcome to SaaS Alerts!
What Would You Like To Accomplish?

Adding your own MSP users is always free!

 

Watch a 90 Second Video Overview
Schedule an Onboarding Call
Get Started
Open Knowledgebase
Contact Us

Explore other SaaS Alerts Modules

 

Learn in 90 Seconds - Watch Our Video Overview

 

 

 

 

Schedule an Onboarding Call

 

 

Getting Started is Easy

• Add your MSP to SaaS Alerts
• Add your Organizations to SaaS Alerts
• Connect SaaS Alerts to your PSA
• I Have Alert Data, Now What?  -  Review alert data and take corrective action
• Use SaaS Alerts for Prospecting

 

 

Adding your MSP to SaaS Alerts

• Select Organizations
  
  

 

 

 

Add New Organization

• Select New Organization
  
  

 

• Enter an Organization Name, this is required
• Select the countries you expect this customer's users to connect from (also required).
• Users logging into SaaS accounts outside this list of countries will generate OAL (Outside Approved Location) - Critical Alerts.
• If needed, enter the IP(s) you would like to Whitelist
• Select "Create Organzation"

* If you intend to use Groups, a New Group will need to be created first

 

 

 

 

Choose onboarding method

• Do you have admin access to the SaaS Apps you wish to connect?

• If your answer is yes then please click here to follow "MSP Onboarding".

• If your answer is no then please click here to allow your Customer to "Self Onboard".
  
  
  
  

MSP Onboarding

• Select "New Application"

• Select "I have customer's global admin credentials", this should be selected by default.

• Click on "Connect" adjacent to the application you would like to connect

 

 

• Using a Unique Local Global Admin Account, enter the credentials to establish the connection
• The account is required to be an "interactive" account and NOT a non-interactive account.

 

 

• Review and accept permissions

 

 

• "Loading" - It may take 30 - 60 seconds for Microsoft to respond and establish the connection

 

           

Enter Additional Alert Recipients - Optional

• Select "Organizations" from the menu
• Select the "Pencil" icon to edit the organization

 

• Select "Additional Recipients"
• Select "Yes" to Add additional alert recipients
• Enter the email address(s) you would like to be a recipient
• Choose which Events (Medium, Critical) will be sent
• Select "Update Organization" to apply settings

 

 

• Click Here for Google Workspace
• Click Here for Microsoft Office 365

 

Connect to Google Workspace

• A Google Workspace license that supports third-party integration is required.  Third-party integrations are supported by Google Workspace Enterprise, Business (Starter, Standard, and Plus), Education (Fundamentals, Standard, Plus), and Cloud Identity Premium.
  
  
• Google Workspace Essentials Starter and "Enterprise Essentials" licenses do not support third-party integration and won't connect to SaaS Alerts.
  
  
  
• Before adding the Google Workspace connection to SaaS Alerts some permissions are required on the Google Workspace Admin Portal. These permissions can be set manually per organization or as a Bulk update list. If you are interested on the Bulk update list method please contact support@saasalerts.com and we'll provide the required files.
  
  
  

  Setting the permissions manually:

• Log into the Google Workspace Admin Portal Here.
• On the left side of the window select Security, Access and data control, then select API controls.

 

• Select Manage Third-Party App Access in the top right section of the window.
  
  

 

• Select Add app

• Choose the OAuth App Name or Client ID option

 

• Enter "SaaS Alerts" click SEARCH, select SaaS Alerts as shown below.

 

• Select all 3 Web apps on the OAuth client ID's.

Note: If you are planning on using our Mobile App please add the OAuth client ID's for iOS or/and  Android as well.

• Select the organization(s) to be managed by SaaS Alerts. 

 

 

• Select "Trusted" and click "Continue". 

 

 

• Should you get the below additional checkbox option please check the box and click continue:

 

• Review and click on "Finish"

Creating the API Connection in SaaS Alerts:

• Select the organization, then click on the edit pencil
  

 

 

• Select "New Application"

 

 

• Click on the Google Workspace "Connect"

• A "Super Administrator" account with a Google Workspace Business or Enterprise license is required for a successful connection.
  
  

 

• If checkboxes are visible, make sure all boxes are checked before selecting "Allow".
  
  

 

 

Google Workspace Added Successfully

 

 

 

 

I Don't Have Admin Access

If you don't have admin access, your customer can "Self Onboard" by selecting "I want my customer to create the connection".

There are two options:

• Have SaaS Alerts Email the Domain Admin for me
• Copy the link and send an Email myself
  
  

 

 

 

Have SaaS Alerts Email Domain Admin for me

SaaS Alerts will email the domain admin on your behalf and you'll be notified when the Customer has registered. Simply enter the email address and click on "Send Email".

 

 

 

Copy the Link and Send Email Myself

Select the "Copy" button, and paste the link into your email

 

 

 

 

 

Show Me The Data!

• Depending on the SaaS application you just added, it could take anywhere from 15 minutes to 2 hours for the data to appear in SaaS Alerts.
• Data may take up to 2 hours to appear in SaaS Alerts.
• Speed varies on the SaaS Application Provider, some SaaS Providers are faster at sending data than others.

Check On Your Data

• The first place to look for data is in "Event Monitoring".
• Alerts are categorized as Suppressed, Low, Medium, and Critical
• If you just added your first customer application, you may not yet have data. This is normal.
• Grab a cup of coffee and check back in 20 minutes.
  
  

 

 

What To Do With Data

• Review the user login map
• Show me the critical alerts
• Show me normal priority alerts
• Show me all data - Analysis
• Alert Types

 

 

Review The User Login Map

The user login map shows you users logged in your approved and non-approved countries

• Logins from Approved countries appear in Green.
• Logins from Unapproved countries appear in Red.

 

 

 

Click On A Map Point For Additional Details

• This image shows a login attempt OUTSIDE the customer's approved countries
  
  

 

Unauthorized Login

In the event of a login outside of an approved location we recommend you:

• Contact the Customer or User and make them aware of this event.
• Force logout from all devices and temporarily disable login for the user account.
• Change the User password and make sure MFA is enabled for the User.
• Evaluate firewall rules for geolocation where applicable.

 

Show Me Realtime Critical Alerts

• Critical Alerts require immediate attention and communication with the customer.
• Filter your alerts by keyword, Customer, Product, IP/Location, and Description.
  
• Realtime Alerts (Critical, Medium, Low, and Suppressed) are listed as the Last 100 Alerts.  For a specific time range please see the "Analysis" Section here.
  
  

 

 

 

Show Me Realtime Medium Alerts

• An Alert requires evaluation on the part of the MSP and a decision on what step to take next with the customer.
• Filter your alerts by keyword, Customer, Product, IP/Location, and Description.
• Realtime Alerts (Critical, Medium, Low, and Suppressed) are listed as the Last 100 Alerts.  For a specific time range please see the "Analysis" Section here.

 

 

 

Show Me All The Data - Analysis

"Analysis" allows you to filter your data using the following criteria:

• Start Date and End Date - Both of which are required to run a report
• Product(s) - Google Workspace, Microsoft, IT Glue, Dropbox, Slack, Salesforce, NinjaOne
• Alert Status(es) - Low, Medium, Critical
• Customer(s)/Partner
• Account(s) - specific email address(es)
• Event Type(s) - Select a specific type of event

 

 

 

 

Alert Types -  Critical, Standard, Logged Event

Critical Alerts require immediate attention and communication with the customer.

• IAM Event - User Location - Outside approved location 
• Policy Event - Admin Access Granted 
• IAM Event - Multiple Password Reset 
• Policy Event -  Security Policy Change 
• IAM Event - Multiple Account Locks 
• Unable to Refresh SaaS App Token 
• Policy Event - Admin Access Granted 

 

A Standard Alert requires evaluation on the part of the MSP and a decision on what step to take next with the customer.

• IAM Event - Account Locked
• IAM Event - Multiple Authentication Failures
• Device Event - New Device
• Policy Event - Security Group Change  

 

The following are examples of a "Logged Event"

• IAM Event - Authentication Failure
• IAM Event - Authentication Success
• Application Integration Detail - SaaS Application File Share
• IAM Event - Oauth Access Used for Foreign Application
• File Share Event - Internal
• File Share Event - External
• File Share Event - Local Download
• File Share Event - External Orphaned Link
• Application Integration Detail - SaaS Application Link Share
• IAM Event - Password Reset
• IAM Event - Multiple Login Connections From Different IP Addresses
• IAM Event - Multiple SaaS Connections From Different IP Addresses
• IAM Event - New User Added
• IAM Event - An Unknown Actor is Attempting to Access the Domain

 

 

Connect to Office 365

It is important to ensure that each organization connection is created with a "Unique Global Admin" and not with a master CSP account.

• Select the "Edit Pencil" for the organization

 

• Select "New Application"

• Click on Microsoft Manage "Connect"

 

 

• Click on the desired account you wish to connect to this customer's account

 

 

• Please verify the complete list, your list may be much longer, click on "Accept".
• Review and Accept Permissions
• It may take 30 - 60 seconds for Microsoft to accept the connection request.

 

 

 

Microsoft Popup Blocked

• Connecting with Microsoft requires two API connections. The Graph API and the Azure AD API.
• Your browser may block the second popup.
• Click in the top right of the URL address bar on the blocked popup notification

 

 

 

Google Chrome - Allow Popups

• Select the option to allow popups
  
  

 

 

 

 

 

Microsoft Connected

Congratulations Office 365 is now connected!

 

 

 

Connect to PSA

• Click on Settings from the main menu
• Click on PSA & Email

Connecting SaaS Alerts to your PSA will automatically create tickets out of alerts generated from SaaS Alerts

 

 

 

Add Professional Service Automation or Email

• Select the "Add Email" button
  
  

 

• Enter an email address and select "Add"

 

• Congratulations, you're done!
• Now all alerts generated from SaaS Alerts will be sent to your PSA email address.

 

 

Use SaaS Alerts for Prospecting

Many of our partners are successfully using SaaS Alerts as a prospecting tool by connecting to prospects' Microsoft 365/Google Workspace instances and showing them security vulnerabilities immediately delivering value!

 

 

How to start Prospecting with SaaS Alerts

• To start prospecting with SaaS Alerts, you should explain to your prospect that as part of your service offering you're going to monitor their SaaS applications and get alerted when high-risk events take place.
  
  
• To demonstrate this capability and to give the prospect a free (or paid) security assessment, you need to connect to their SaaS applications.

 

 

Connecting to Prospect SaaS Apps

• In order to connect the prospect application(s) to SaaS Alerts, you don't need admin access.
  
  
• You can copy and paste a link to the prospect or choose to have SaaS Alerts send an email on your behalf.

Add a Customer

What to Review

 

Add a Customer to SaaS Alerts

• Adding a customer to SaaS Alerts follows the same process as adding your own MSP except that you're going to be to adding your customers' SaaS apps instead of your own.
• Click Here for this procedure

 

Contact Us

Click here to contact us and/or get help anytime.

 

 

Explore other SaaS Alerts Modules

 

SaaS Alerts - Respond

SaaS Alerts - Unify

SaaS Alerts - Fortify