Search

US-20260127270-A1 - SYSTEMS AND METHODS FOR DETECTING NON-PROVISIONED USAGE OF APPLICATIONS IN AN ORGANIZATION

US20260127270A1US 20260127270 A1US20260127270 A1US 20260127270A1US-20260127270-A1

Abstract

A method for identifying non-provisioned access to software applications, the method comprising collecting from resources used by an organization a data record of software applications used by entities of the organization and a list of accounts registered in the software applications, performing an entity consolidation process to identify a main AD account associated with a specific account, where the main AD account is the account used for provisioned access to the software applications, extracting a list of application definitions that the main AD account of the specific account is assigned to access in a provisioned manner, performing an application consolidation process to identify a generic application identifier associated with a specific application of the software applications, and determining whether the specific account accesses the specific application in a provisioned manner or a non-provisioned manner according to the application definitions of the main AD account associated with the specific account.

Inventors

  • Tal Shapira
  • Eyal ASULIN
  • Or Elias
  • Dana Hohenstein
  • Liron Ben Haim

Assignees

  • RECOLABS LTD

Dates

Publication Date
20260507
Application Date
20250506

Claims (8)

  1. 1 . A method for identifying non-provisioned access to software applications, the method comprising: collecting from resources used by an organization a data record of software applications used by entities of the organization and a list of accounts registered in the software applications; performing an entity consolidation process to identify a main active directory (AD) account associated with a specific account; wherein the main AD account is the account used for provisioned access to the software applications; extracting a list of application definitions that the main AD account of the specific account is assigned to access in a provisioned manner; performing an application consolidation process to identify a generic application identifier associated with a specific application of the software applications; and determining whether the specific account accesses the specific application in a provisioned manner or a non-provisioned manner according to the application definitions of the main AD account associated with the specific account.
  2. 2 . The method of claim 1 , further comprising preventing access to the specific account in case the specific account is deleted from the organizational database or was not active in a predetermined time duration.
  3. 3 . The method of claim 1 , wherein the entity consolidation process comprises comparing metadata related to the specific account with the metadata related to existing entities in the organizational database.
  4. 4 . The method of claim 1 , wherein the application definitions define the tool or technique assigned to the main AD account.
  5. 5 . The method of claim 1 , wherein the application consolidation process comprises identifying whether an instance of the specific application is related to a known application or a new application.
  6. 6 . The method of claim 1 , wherein an output of the application consolidation process is an application definition associated with each generic app ID, wherein the application definition comprises at least a URL required to access the application in a provisioned manner.
  7. 7 . The method of claim 1 , further comprising preventing access to the specific account in case the specific account is deleted from the organizational database.
  8. 8 . The method of claim 1 , further comprising preventing access to the specific account in case the specific account was not active in a predetermined time duration before the authorization process.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 18/938,365 filed Nov. 6, 2024, which is hereby incorporated by reference in its entirety. FIELD The invention, in some embodiments thereof, relates to usage of applications operating in organizations and, more specifically, but not exclusively, to systems and methods for identifying non-provisioned usage of applications in organizations. Enterprises use internet-based services, such as Office365, Box, Salesforce, Slack and others, to improve the organization's productivity, collaboration and business application workloads. Employees may access the applications in a provisioned manner, using a main identity identifier (for example phone number or email address), or in a non-provisioned manner. Using the applications in a provisioned manner may be achieved by accessing Identity Providers (IDPs) used by the organization's employees. Identity Providers are centralized services that manage user identities and authentication for accessing various applications and resources within an organization's IT infrastructure or across different systems, such as Okta, Google Workspace, and the like. Organizations wish all the employees to use the applications/services in a provisioned manner for regulatory matters and in order to improve security and monitoring. However, organizations face difficulties in monitoring all the entities'activity to check that all the usage of the applications in the organization is done in a provisioned manner, via the IDPs. SUMMARY The invention, in embodiments thereof, provides a method for identifying non-provisioned access to software applications, the method comprises: collecting from resources used by an organization a data record of software applications used by identities of the organization and a list of accounts registered in the software applications; performing an entity consolidation process to identify a main active directory (AD) account associated with a specific account; wherein the main AD account is the account used for provisioned access to the software applications; extracting a list of application definitions that the main AD account of the specific account is assigned to access in a provisioned manner; performing an application consolidation process to identify a generic application identifier associated with a specific application of the software applications; determining whether the specific account accesses the specific application in a provisioned manner or a non-provisioned manner according to the application definitions of the main AD account associated with the specific account. In some cases, the method further comprises preventing access to the specific account in case the specific account is deleted from the organizational database or was not active in a predetermined time duration. In some cases, the entity consolidation process comprises comparing metadata related to the specific account with the metadata related to existing entities in the organizational database. In some cases, application definitions define the tool or technique assigned to the main AD account. In some cases, the application consolidation process comprises identifying whether an instance of the specific application is related to a known application or a new application. In some cases, an output of the application consolidation process is an application definition associated with each generic app ID, wherein the application definition comprises at least a URL required to access the application in a provisioned manner. In some cases, the method further comprises preventing access to the specific account in case the specific account is deleted from the organizational database. In some cases, the method further comprises preventing access to the specific account in case the specific account was not active in a predetermined time duration before the authorization process. BRIEF DESCRIPTION OF THE DRAWINGS In the Drawings: Some embodiments of the invention are herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of embodiments of the invention. In this regard, the description taken with the drawings makes apparent to those skilled in the art how embodiments of the invention may be practiced. FIG. 1 shows user devices, applications, and a server configured to identify non-provisioned usage of applications in an organization, in accordance with some embodiments of the invention; FIG. 2 shows a computing system configured to identify non-provisioned usage of applications in an organization, in accordance with some embodiments of the invention; FIG. 3 shows a method for identifying non-provisioned usage of applications in an organization, in accordance with some embodiments of the invention; and FI