IN THIS ARTICLE


What is Sastrify Browser Extension?


The Sastrify Browser Extension is a lightweight browser add-on designed to enhance visibility into SaaS usage across your organization. It seamlessly supports the discovery of shadow IT and provides actionable insights—such as SaaS utilization trends and usage patterns—directly within your Sastrify platform. The extension operates only when users interact with SaaS applications using their company email, ensuring relevance and data accuracy while respecting user privacy.



All collected data is securely transmitted to your Sastrify platform, where your Sastrify Admin can access detailed usage insights in the Usage tab of each tool and discover and manage new applications through the Shadow IT Radar feature.


What does the Sastrify browser extension do?


The Sastrify browser extension tracks business SaaS tool usage to help assess overall engagement levels with tools within an organization. It focuses solely on SaaS URLs and does not monitor general web browsing activity.


By monitoring SaaS usage, the extension is also a very useful tool to identify shadow IT—any unapproved or unmonitored software tools that employees might use without the organization’s knowledge. Detecting these unauthorized tools helps maintain compliance, reduce security risks, and ensure a consistent software environment.


It focuses exclusively on SaaS-related URLs and does not monitor general web browsing activity.


What does Sastrify browser extension track?


The extension strictly tracks access to and activity within approved SaaS applications accessed via the organization’s work email. It collects the following data points:

  • Website hostnames of approved SaaS tools
  • User interaction metrics (e.g., click counts, keystroke counts, file upload events)
  • Session duration and timestamps (access and exit times)
  • Configuration data, such as approved product URLs
  • Work email address from the Chrome or Edge work profile, which serves as an Employee/User ID


In doing so, we maintain a strict privacy-first approach to data handling:

  • User identifiers are cryptographically hashed to ensure anonymization.
  • Only whitelisted business SaaS applications are monitored—personal websites and content are never tracked.
  • Automatic exclusion of certain domains, including career sites, job boards, and non-business application URLs.
  • Data is transmitted securely via HTTPS, using OAuth for authentication.
  • Minimal data collection principle: Only essential usage metrics are gathered to support organizational analytics.

How often does the extension send collected data to the server?


The extension collects data and sends it to the server every 15 minutes.


Which parts of the collected data are stored in the database?


Only the following information is stored in the database:

  • Access dates and times

  • Website hostnames and URLs—used to identify SaaS tool usage and detect potential shadow IT


What happens to the rest of the data, like clicks or file uploads?


Other data—such as click counts, file upload events, session durations by hostname, and employee email addresses—is logged temporarily for syncing and short-term referencing. This information is not stored in the database and is cleared immediately after the sync is complete.


Does the extension track non-SaaS URLs or other browsing activity?


No. The extension is specifically designed to exclude non-SaaS URLs and does not track or transmit any general browsing activity. It uses built-in detection logic equipped with a matching algorithm that compares visited URLs against our extensive and continually updated SaaS catalog, which includes thousands of verified hostnames and whitelisted SaaS applications. Additionally, the extension automatically excludes certain categories of domains—such as career sites, job boards, and non-business application URLs.


How does the extension help identify shadow IT?


The extension detects SaaS URLs accessed by employees within your organization, along with key usage interactions. This helps uncover tools that are actively being used but have not yet been approved, monitored, or managed. All detections are securely transmitted and centralized in the Shadow IT Radar, which is accessible within your Sastrify platform for easy review and action.


Where is the logged data stored?


All logged data is stored on servers located in Ireland (EU), in compliance with EU data protection regulations.


How can we, as Sastrify clients, benefit from the browser extension and the data it collects?


The browser extension provides valuable insights into SaaS usage across your organization, helping you:

  • Measure engagement—Understand how frequently tools are used to assess adoption and usage trends.

  • Optimize spending—Align subscriptions with actual usage, reduce unnecessary costs, and ensure employees have access to the right tools.

  • Identify shadow IT—detect unapproved or unmanaged tools in use, supporting stronger security, compliance, and IT governance.


How is the browser extension installed?


The browser extension can be installed using one of the following methods:

  • Admin Installation (Recommended): This centralized method allows an administrator to remotely deploy the extension across the entire organization in a single action. It ensures a seamless, company-wide rollout without requiring any action from individual users.

  • Manual Installation: This decentralized approach requires your Sastrify admin to send installation notifications to selected users. Each notified employee must then manually install the browser extension on their own work browser.


When initiating a fresh installation, why am I prompted to connect an HR integration or add employee emails manually? Is this step required?



Yes, this step is required. The browser extension relies on a verified user list—a list of employees within your organization who are authorized for tracking. Whether you're using admin installation or manual installation, this list ensures that data is collected only from approved users.


For admin installation, the extension will automatically begin tracking once deployed, but only for users included in the verified list. No action is needed from end users.


For manual installation, the verified list determines who can receive installation links, be notified via email, and have their usage data tracked. This process ensures secure, accurate tracking and compliance with privacy standards.


Once the user list is created, it can be found under the "Employee" tab on the browser extension connection page. 




No. The manual installation process must be initiated through your Sastrify platform by your Sastrify Admin. The admin uses the verified user list within the platform to control who is authorized to install the extension.  


From this list, the admin can choose to roll out the installation to all listed employees or select specific individuals. The system then triggers an email notification containing a installation link, ensuring that only authorized users can install and have their usage tracked. Simply sharing the public extension store links outside this process will prevent the extension from installing correctly.



Once installed, are end-user logins required for the browser extension to work?



No, end-user logins are not required. Once the extension is installed—either through admin deployment or manual installation—it functions as intended without any further action from users.


While the extension can technically be installed on any Chromium-based browser, it is officially supported only on Google Chrome and Microsoft Edge. On these supported browsers, the extension can identify users via the browser profile API, eliminating the need for login.


For other Chromium-based browsers that lack this profile identification capability, a login prompt may appear to associate activity with the correct user. However, as long as the extension is used in Chrome or Edge, no login is necessary.


When does data start showing up in the Sastrify Radar?


After successful activation, it may take some time for tools to appear in the Shadown IT RadarUsers must actively browse using the browser profile where the extension is installed so that the system can detect and log SaaS activity.


For a tool to appear in the usage data, it must meet minimum activity thresholds. A tool is considered "actively used" if a user performs at least one of the following actions:

  • At least 20 clicks

  • At least 15 keystrokes

  • Any file upload activity

  • A session duration of more than 3 minutes


Tools that do not meet these thresholds will not be listed in the usage data, ensuring the radar reflects meaningful engagement.


Why isn’t my tool usage showing up in the Sastrify Radar?


There are a few possible reasons:

  1. Timing: It can take some time after activation for the system to collect and process enough usage data.

  2. Detection Logic: Our detection system is continuously evolving to better identify tools based on browser tab activity. Some tools may not be recognized immediately as we work to reduce false positives and missed entries.

  3. User Activity Threshold Not Met: If the minimum activity thresholds for a specific tool or IT product are not met, the tool will not appear in the usage data. A tool is considered actively used if a user performs at least one of the following actions:

    • At least 20 clicks

    • At least 15 keystrokes

    • Any file upload activity

    • A session duration of more than 3 minutes


Do users need to be logged into Sastrify for this information to be collected?


No. Users do not need to be logged into the Sastrify platform for data collection to occur. As long as the browser extension is properly installed and the user is logged into their company-managed browser profile, the extension will automatically collect relevant SaaS usage data and securely transmit it to your Sastrify platform—without requiring any further user action or login to Sastrify.


I use my work Chrome browser with my personal profile because I have all my personal bookmarks there. Will the browser extension also track my usage of the apps I access using my personal Gmail or email address?


No. The Sastrify browser extension is very strict about what it collects and what it does not collect. It only collects usage data of the SaaS applications that are accessed using your company email address, which is the email address you use to log in to the extension. It does nothing beyond that.