Welcome to SaaS Alerts!
What Would You Like To Accomplish?

Adding your own MSP users is always free!

 

Watch a 90 Second Video Overview
Schedule an Onboarding Call
Get Started
Open Knowledgebase
Contact Us

 

Learn in 90 Seconds - Watch Our Video Overview

 

 

 

 

Schedule an Onboarding Call

 

 

Getting Started is Easy

• Add your MSP to SaaS Alerts
• Add your Organizations to SaaS Alerts
• Connect SaaS Alerts to your PSA
• I Have Alert Data, Now What?  -  Review alert data and take corrective action
• Use SaaS Alerts for Prospecting

 

 

Adding your MSP to SaaS Alerts

• Click on the Customers link in the menu
  
  

 

 

 

Add New Organization

• Click the "+" icon
  
  

 

 

Choose onboarding method

• Do you have admin access to the SaaS Apps you wish to connect?

• If your answer is yes then please click here to follow "MSP Onboarding".

• If your answer is no then please click here to allow your Customer to "Self Onboard".
  
  
  
  

MSP Onboarding

• Enter your MSP or Customer Name.

• "By MSP Admin" should be selected by default.

• Click on "Continue"
  
  

 

 

Add users' countries

• Select the countries you expect this customer's users to connect from.
• Users logging into SaaS accounts outside this list of countries will generate OAL (Outside Approved Location) - Critical Alerts.

           

Enter Additional Alert Recipients - Optional

 

Link service providers

• Click on the SaaS app you wish to connect to.
• SaaS Alerts uses the SaaS provider's respective Oauth 2 connection and only gathers security event data.
• Click Here for Google Workspace
• Click Here for Microsoft Office 365

 

Connect to Google Workspace

• A Google Workspace license that supports third-party integration is required.  Third-party integrations are supported by Google Workspace Enterprise, Business (Starter, Standard, and Plus), Education (Fundamentals, Standard, Plus), and Cloud Identity Premium.
• Google Workspace Essentials Starter and "Enterprise Essentials" licenses do not support third-party integration and won't connect to SaaS Alerts.
  
• Click on the Google Workspace Logo
  
  

 

• A "Super Administrator" account with a Google Workspace Business or Enterprise license is required for a successful connection.
  
  

 

• If checkboxes are visible, make sure all boxes are checked before selecting "Allow".
  
  

 

Google Workspace Added Successfully

 

 

 

 

I Don't Have Admin Access

If you don't have admin access, your customer can "Self Onboard" by selecting "By Customer admin".

There are two options:

• Have SaaS Alerts Email the Domain Admin for me
• Copy the link and send an Email myself
  
  

 

 

 

Have SaaS Alerts Email Domain Admin for me

SaaS Alerts will email the domain admin on your behalf and you'll be notified when the Customer has registered.

 

 

 

Copy the Link and Send Email Myself

 

 

 

 

Email Domain Admin

• Copy and paste the link provided and send the email.
• After clicking the link your customer/prospect will be able to connect their supported applications.

 

 

 

Show Me The Data!

 

 

 

• Depending on the SaaS application you just added, it could take anywhere from 15 minutes to 2 hours for the data to appear in SaaS Alerts.
• Data may take up to 2 hours to appear in SaaS Alerts.
• Speed varies on the SaaS Application Provider, some SaaS Providers are faster at sending data than others.

Check On Your Data

• The first place to look for data is in "Realtime Alerts".
• Alerts are categorized as Suppressed, Low, Medium, and Critical
• If you just added your first customer application, you may not yet have data. This is normal.
• Grab a cup of coffee and check back in 20 minutes.
  
  

 

 

What To Do With Data

• Review the user login map
• Show me the critical alerts
• Show me normal priority alerts
• Show me all data - Analysis
• Alert Types

 

 

Review The User Login Map

The user login map shows you users logged in your approved and non-approved countries

• Logins from Approved countries appear in Green.
• Logins from Unapproved countries appear in Red.

 

 

 

Click On A Map Point For Additional Details

• This image shows a login attempt OUTSIDE the customer's approved countries
  
  

 

Unauthorized Login

In the event of a login outside of an approved location we recommend you:

• Contact the Customer or User and make them aware of this event.
• Force logout from all devices and temporarily disable login for the user account.
• Change the User password and make sure MFA is enabled for the User.
• Evaluate firewall rules for geolocation where applicable.

 

Show Me Realtime Critical Alerts

• Critical Alerts require immediate attention and communication with the customer.
• Filter your alerts by keyword, Customer, Product, IP/Location, and Description.
  
• Realtime Alerts (Critical, Medium, Low, and Suppressed) are listed as the Last 100 Alerts.  For a specific time range please see the "Analysis" Section here.
  
  

 

 

 

Show Me Realtime Medium Alerts

• An Alert requires evaluation on the part of the MSP and a decision on what step to take next with the customer.
• Filter your alerts by keyword, Customer, Product, IP/Location, and Description.
• Realtime Alerts (Critical, Medium, Low, and Suppressed) are listed as the Last 100 Alerts.  For a specific time range please see the "Analysis" Section here.

 

 

 

Show Me All The Data - Analysis

"Analysis" allows you to filter your data using the following criteria:

• Start Date and End Date - Both of which are required to run a report
• Product(s) - Google Workspace, Microsoft, IT Glue, Dropbox, Slack, Salesforce, NinjaOne
• Alert Status(es) - Low, Medium, Critical
• Customer(s)/Partner
• Account(s) - specific email address(es)
• Event Type(s) - Select a specific type of event

 

 

 

 

Alert Types -  Critical, Standard, Logged Event

Critical Alerts require immediate attention and communication with the customer.

• IAM Event - User Location - Outside approved location 
• Policy Event - Admin Access Granted 
• IAM Event - Multiple Password Reset 
• Policy Event -  Security Policy Change 
• IAM Event - Multiple Account Locks 
• Unable to Refresh SaaS App Token 
• Policy Event - Admin Access Granted 

 

A Standard Alert requires evaluation on the part of the MSP and a decision on what step to take next with the customer.

• IAM Event - Account Locked
• IAM Event - Multiple Authentication Failures
• Device Event - New Device
• Policy Event - Security Group Change  

 

The following are examples of a "Logged Event"

• IAM Event - Authentication Failure
• IAM Event - Authentication Success
• Application Integration Detail - SaaS Application File Share
• IAM Event - Oauth Access Used for Foreign Application
• File Share Event - Internal
• File Share Event - External
• File Share Event - Local Download
• File Share Event - External Orphaned Link
• Application Integration Detail - SaaS Application Link Share
• IAM Event - Password Reset
• IAM Event - Multiple Login Connections From Different IP Addresses
• IAM Event - Multiple SaaS Connections From Different IP Addresses
• IAM Event - New User Added
• IAM Event - An Unknown Actor is Attempting to Access the Domain

 

 

Connect to Office 365

• Click on the Microsoft button
• Click on the desired account you wish to connect to this customer's account

 

 

 

Review and Accept Permissions

 

 

Microsoft Popup Blocked

• Connecting with Microsoft requires two API connections. The Graph API and the Azure AD API.
• Your browser may block the second popup.
• Click in the top right of the URL address bar on the blocked popup notification

 

 

 

Google Chrome - Allow Popups

• Select the option to allow popups
  
  

 

 

 

Accept Second Microsoft Permissions

• Review the second set of Microsoft API permissions
  
  

 

Microsoft Connected

Congratulations Office 365 is now connected!

 

 

 

Connect to PSA

• Click on Settings from the main menu

Connecting SaaS Alerts to your PSA will automatically create tickets
out of alerts generated from SaaS Alerts

 

 

 

Click on PSA & Email

 

 

 

Add Professional Service Automation or Email

• Enter your PSA email address then click Add

• Congratulations, you're done!
• Now all alerts generated from SaaS Alerts will be sent to your PSA email address.

 

 

Use SaaS Alerts for Prospecting

Many of our partners are successfully using SaaS Alerts as a prospecting tool by connecting to prospects' Microsoft 365/Google Workspace instances and showing them security vulnerabilities immediately delivering value!

 

 

How to start Prospecting with SaaS Alerts

• To start prospecting with SaaS Alerts, you should explain to your prospect that as part of your service offering you're going to monitor their SaaS applications and get alerted when high-risk events take place.
  
  
• To demonstrate this capability and to give the prospect a free (or paid) security assessment, you need to connect to their SaaS applications.

 

 

Connecting to Prospect SaaS Apps

• In order to connect the prospect application(s) to SaaS Alerts, you don't need admin access.
  
  
• You can copy and paste a link to the prospect or choose to have SaaS Alerts send an email on your behalf.

Add a Customer

What to Review

 

Add a Customer to SaaS Alerts

• Adding a customer to SaaS Alerts follows the same process as adding your own MSP except that you're going to be to adding your customers' SaaS apps instead of your own.
• Click Here for this procedure

 

Contact Us

Click here to contact us and/or get help anytime.