Security information
We build our products with security in mind from design to deployment ensuring that we have the infrastructure, automation and monitoring necessary to protect your data.
Last updated
We build our products with security in mind from design to deployment ensuring that we have the infrastructure, automation and monitoring necessary to protect your data.
Last updated
All of our data and application is hosted in France on AWS Servers (eu-west-3).
Our main sub-providers are : AWS (cloud), Google (IdP), Microsoft (IdP), Okta (IdP), Github (Version Control)
Our solution offers three distinct levels of functionality plus an extra
A one-time in-depth automatic diagnostic to uncover Shadow IT, prevent security risks, cut down on unused tool costs and pinpoint critical concerns.
This level provides anonymous data collection, tracking usage events such as timestamps and accessed domains across 110,000+ whitelisted domains. It is ideal for environments needing high security with minimal data exposure.
In addition to basic monitoring, this level includes identified data collection. It captures user-specific information like email addresses and domain cookies to ensure accurate tracking of user activity. This level also supports integration with major IdPs (Microsoft, Okta, Google) for directory and SSO event synchronization. Examples of outcomes include identifying unauthorized SaaS usage or detecting policy violations based on user activity.
Manage Shadow IT effortlessly with the Business Package, offering real-time monitoring and proactive protection for all online tools used by your teams.
Streamline SaaS management with the Enterprise package, offering smarter cost control and spend management systems alongside with advanced security features.
This specific use case focuses on timely audits and reviews, providing a comprehensive overview of a SaaS real usage—ideal for contract renewals, for example. Deliverables are provided as Excel sheets, offering significantly more data than what is available in Sonar’s web app.
List of Users (email, name, Id, team, admin status)
Users relationship (manager)
Groups and Organization units
Historical log events
Token of authentifications for external apps
Timestamp of tokens
Scopes granted to external apps
URLs
Email used to connect
Timestamp
Users nudge responses
Users
Authentification method
Date of creation and desactivation
Permissions and licences levels
Historical events
UserId
VendorId
Timestamp
All applications that are part of our database can be recognised by both the SSO, the browser agent and the emails addons. This whitelist currently contains more than 110,000 apps. This whitelist is also :
Customizable.
Weekly updated, especially with new AI tool.
Can contain custom client URLS for on premise applications accessed via the browser.
All solutions are GDPR compliant, addressing the stringent data protection requirements of the insurance industry.
The anonymous option is particularly beneficial in security-sensitive environments, as it only collects usage events without personal information. Furthermore, all data traffic is encrypted to prevent leakage in case of interception. Upon receipt, traffic is secured using AWS Cognito resource access control, ensuring no unauthorized access.
