Skip to main content

Q. The active user count shown after clicking a SaaS in the Shadow IT tab does not match the user list.

A. The active user count is based on event logs from the past three months. Users whose last activity occurred before that window do not appear in the list. Screenshot describing the active user count

Q. Shadow IT is not detected after integrating Google Workspace.

A. The Google Workspace user account used for the integration may lack the required permissions. Check that the items below are visible and enabled. If the permissions are missing, add them to a custom admin role or re-integrate using a super admin account.
  • View audit reports for the Gsuite domain
  • View usage reports for the Gsuite domain
Screenshot of the Google Workspace admin role permission settings

Q. What data does the extension collect?

A. The extension inspects the URLs and domains of pages accessed in Chrome or Edge. This includes browser history from the time of installation. The event log records the following information. For details on event logs, see Event Log: Check SaaS Usage.

Q. Can I view application usage history?

A. Application usage history is outside the scope of data collection. Only browser-based access is recorded.

Q. What does “Occurrence Date/Time” in the event log refer to? Why might it differ from the actual access time?

A. “Occurrence Date/Time” in the event log refers to the time the user ended a session. The extension batches data and sends it to the server once every 30 minutes. As a result, the recorded time may be 20–30 minutes after the actual start of access. The latest timestamp within each batch (the session end time) is what gets recorded on the server.

Q. Does the last-used date for SaaS retrieved via API get updated?

A. The last-used date for SaaS fetched directly via API is not updated.

Q. How long are event logs retained?

A. Event logs are retained and viewable for one year. The default date range for filtering is one month.

Q. Can custom apps (such as internal systems) be detected?

A. Detection is possible after you create a custom app and register URLs for that custom app.

Q. Does the browser extension require proxy settings at the OS level?

A. If your environment routes internet traffic through a proxy, the extension automatically uses that proxy. This works as long as proxy settings are configured in the browser or OS. No additional configuration is needed. You cannot specify a proxy that is separate from the OS or browser proxy settings.

Q. After distributing the extension, events are not detected in the event log. What should I check?

A. If events do not appear, follow the Diag data collection steps to obtain Diag data. Then review it using the How to review Diag data steps. If steps ① through ⑤ do not resolve the issue, include the collected Diag data and contact the support desk.

Q. Auto-installation via the extension fails. What could cause this?

A. On Mac, local installation is not supported. On Windows, try the Windows browser extension distribution guide.

Q. Can configuration profiles be used without MDM?

A. This is not currently supported. Due to Chrome extension security restrictions, manually created plist files are loaded by the browser. However, the extension cannot read them.

Q. Do I need to set a unique EMAIL for each user?

A. We recommend setting a unique email per user. The extension sends the email address to the server as the “operator” identifier. Any value in email format is technically acceptable. For example, you can use the PC hostname as the local part (e.g., HOSTNAME@example.com). The value you send appears on the web interface as the email address. However, if it does not match a real user, this can make the data difficult to use for meaningful analysis. This includes data such as the last-used date. (It remains sufficient for Shadow IT detection purposes.)

Q. Some entries arrive at the server as a UUID (random string). Why?

A. The EMAIL setting may be missing. This can happen when no EMAIL is configured and the user is not signed into the browser (or has Chrome sync disabled). In that case, the extension cannot identify an email address and sends a UUID instead.

Q. Can a UUID be traced back to a specific person?

A. This is challenging. All employees would need to check their extension settings page individually. Consider distributing the EMAIL configuration to avoid this situation.

Q. A message appears saying “Shadow IT detection has stopped in some workspaces.”

A. This message may appear when Shadow IT detection has stopped in some workspaces. This can happen for workspaces integrated with Microsoft 365 or Microsoft Entra ID.
"Shadow IT detection has stopped in some workspaces. To resume Shadow IT detection, please re-integrate the following workspaces."

Q. For a specific SaaS, some users are detected in the event log and others are not. Is there anything I can do?

A. Re-logging in to the SaaS may resolve the issue. Ask the affected users to sign out and sign back in to the SaaS, then check whether detection resumes.
Last modified on July 13, 2026