This section supplements the main setup guide: Prevent sign-up for Shadow IT domains using Swif’s Browser Extension. It explains what the extension does after it lands on a device that already runs the Swif Agent.
1. Extension interface & the side icon
State | What the user sees | Purpose |
Not logged-in | Extension button only in the browser’s toolbar (top-right). No floating side-icon. | Allows any user to open the extension and sign-in if they need admin features. |
Admin logged-in | Toolbar button + floating green Swif side-icon on the current page. | Gives admins quick controls to: manage app access, open Shadow IT dashboard, etc. |
Side-icon closed | Admin can click × to hide the floating icon without logging out. | Keeps pages clean while still recording activity. |
2. How tracking works—no manual login required
Token hand-off
The Swif Agent running on the Mac/Windows/Linux host silently hands a short-lived device token to the extension.
Auto-identify the employee
Whenever the extension detects a login, sign-up, or AI tool/SaaS session, it sends the token + the user’s e-mail to Swif’s cloud.
Swif checks whether that e-mail belongs to an existing employee on your team:
Match found → activity is logged under that employee.
No match → Swif automatically creates a new “discovered” employee record.
Result — Every managed device is continuously monitored for new AI tool or SaaS usage without asking the employee to log in to the extension or exposing separate credentials.
(The token can only be generated by a valid Swif Agent, so unmanaged devices cannot spoof activity.)
3. Optional employee login & self-service features
Employees may open the toolbar button and sign-in with Google/Microsoft/Okta (depending on your identity settings).
After authenticating, they can:
Feature | When it’s useful |
“My Apps” list | Lets users see every SaaS/AI tool Swif detected for their own account. Good for audits or personal cleanup. |
Change device password | Some orgs forbid local OS password changes. The extension shows the Change Password flow governed by your Swif Password Policy, so users can rotate credentials without IT tickets. |
Key take-aways
Side-icon ≠ tracking: even if it’s hidden, usage is still recorded.
Zero-touch identification: On Swif-managed machines, the extension piggybacks on the Agent token, so users don’t need to sign in.
Self-service is there when they do sign-in—handy for password changes and visibility into their own Shadow IT footprint.
To use Browser extensions to prevent sign-up, visit: Prevent sign-up for Shadow IT domains using Swif’s Browser Extension.
Follow this guide to deploy the extension organization-wide:
How to Deploy the Swif Browser Extension Organization-Wide