Skip to main content
All CollectionsShadow IT
Tracking Shadow IT via Azure AD Integration

Tracking Shadow IT via Azure AD Integration

Updated this week

Swif can detect and report on Shadow IT usage by collecting authentication data from your Azure AD tenant. When users log in to third-party apps using their Azure AD credentials, Swif captures those sign-in events and displays them in the Shadow IT dashboard. This visibility helps you identify and manage any unsanctioned or risky SaaS applications in your environment.

1. Prerequisites

  1. Azure AD Environment: You must have an Azure Active Directory tenant with global admin or appropriate read/monitoring permissions.

  2. Swif Administrator Role: Ensure you have the correct role to add or edit integrations in Swif.

2. Enabling Azure AD Integration

  1. Go to Swif Admin Console

    • In the left menu, select Integrations (or SettingsIntegrations, depending on your version).

  2. Select Azure AD

    • Find Azure AD in the list of available integrations.

  3. Provide Azure AD Credentials

    • Follow any on-screen steps to grant Swif the necessary read permissions in Azure.

  4. Save

    • Once configured, Swif begins collecting login events from your Azure AD tenant.

3. Viewing Shadow IT Apps

  1. Open the Shadow IT Dashboard

    • In the Swif console, select Shadow IT (or App Discovery).

  2. Filter by Authentication

    • Click the Authentication dropdown (top-right of the table).

    • Choose Azure AD (or select View All to see both Google OAuth and Azure AD sign-ins).

  3. Review Discovered Applications

    • Each row shows the Application name/domain, a brief Description, and the User Accounts who have used Azure AD to sign in.

    • Verified badges (e.g., “# Verified”) appear if those accounts are confirmed Azure AD users.

4. Generating a Shadow IT Report

  1. Click “Generate Report” (top-left).

  2. Customize Filters

    • You can limit the date range or filter by application type, authentication method, or risk level.

  3. Export / Save

    • Export to PDF, CSV, or other supported formats for management or compliance reviews.

5. Identifying and Managing Risks

  • Mark “Allowed” or “Blocked” (Coming Soon): If certain apps are unauthorized in your org, you can note them as blocked and notify users.

  • Investigate Unknown Apps: If you see suspicious or unfamiliar domains, consider further security checks or revoking user access.

  • Combine with Google OAuth: If you also integrate Google Workspace, you can easily toggle between Google OAuth and Azure AD filters in the same Shadow IT dashboard.

6. Troubleshooting & Tips

  • Ensure Azure Permissions: If user logins fail to appear, verify Swif has the correct permissions and your Tenant/Client IDs are accurate.

  • Sync Frequency: Swif periodically fetches new sign-in data from Azure AD. Changes may take a few minutes to reflect.

  • Contact Support: For persistent issues, reach out to Swif Support.

That’s it! By integrating Azure AD with Swif, you’ll gain comprehensive insight into which third-party SaaS apps your users access—helping you manage Shadow IT more effectively and keep your organization secure.

Related Articles
Microsoft Autopilot automated enrollment (ADE)
How to Integrate Azure AD with Swif.ai to Sync Your Employee Directory
Track Shadow IT via Google Workspace Integration
Shadow IT Features: Complete Visibility and Control
Enabling Azure SSO for Swif's Login
Did this answer your question?