Discover Applications



The Applications section of BetterCloud allows you to gain insight into all the SaaS applications in use within your organization, including unknown applications along with previously known and sanctioned applications. With this visibility, you’ll be able to make informed decisions on which applications should or should not be in use within your organization, which applications pose a security risk, and whether you have redundant applications in use and need to consolidate your app spend.



Here you can see all the applications that have been discovered across your connected integrations. Under a header that breaks down vital statistics across your discovered applications, application information is divided into the following columns:

Application (Name)


New, In Review, Sanctioned, or Unsanctioned

Discovered By
BC, SSO, or OAuth (see Discovery Methods below)

Discovered Date


Integration (hidden by default)

Permissions (hidden by default)
For some OAuth-discovered applications only. BetterCloud does not display permissions for applications discovered by BC or SSO.

Application Details

You can click on a discovered application to see more details about that particular application. The application details view has a few tabs with granular information to explore:

Application Details


1. View information about that application (if available), including the description, vendor, category and more.

2. Add notes. Please do not put any sensitive information in the "Notes" field.

3. Change the application's status to "Sanctioned," "Unsanctioned," or "In Review." See Reviewing and Sanctioning.

4. Here, you can designate a specific user as the "Owner" of the application (or view/change the current owner).

5. Evaluate redundant applications in use. Redundant applications are other applications discovered within the same category.

Connected Apps (If Applicable)


The connected apps tab will only show when the application being viewed is an integration. For BetterCloud integrations with OAuth discovery support, here you can view all the applications that are granted OAuth access to that integration.


The permissions column will display the number of permissions granted to that particular application (if that information is available). Clicking on that number will expand to show you the details of the permissions granted. This column can be filtered by specific permissions for more granular security reporting use cases.

The "Connected Apps" tab is divided into the following columns:

Application (Name)



New, In Review, Sanctioned, or Unsanctioned

Discovered By
BC, SSO, or OAuth (see Discovery below)

Discovered Date


Locally Installed (hidden by default)
This column displays whether or not the application is installed on a user's machine (if that information is available).

Admin Authenticated (hidden by default)
This column displays whether or not the application is installed by an administrator

Last Activity Date (hidden by default)



View the users that BetterCloud has discovered using this particular application. Users can be discovered via the same methods as applications (BC, SSO, OAuth), and the relevant discovery method will appear here. Clicking on a user will link directly to the associated User 360 profile.

The "Users" tab is divided into the following columns:




Discovered By
BC, SSO, or OAuth (see Discovery below)

Discovered Date

Last Active Date

Org Unit (hidden by default)


BetterCloud discovers applications connected to the following integrations:

  • Google Workspace (Formerly G Suite)
  • Microsoft 365
  • Okta
  • OneLogin
  • Dropbox
  • Salesforce

BetterCloud uses three methods to discover SaaS applications. Applications that are granted OAuth access to one of your integrations, logged into using SSO from one of your integrations, or added directly to BetterCloud as an integration are all potentially discoverable by BetterCloud. Discovery scans run once every 24 hours.


Applications granted direct API access to one of your integrations. BetterCloud supports OAuth discovery for the Google Workspace, Microsoft 365, Dropbox, and Salesforce integrations.


Applications logged into using SSO credentials from any connected identity provider (IdP) integration. BetterCloud supports SSO discovery for the Google Workspace, Microsoft 365, Okta, and OneLogin integrations.

Please note, discovering Google SAML applications requires Cloud Identity Premium. It can take several days to discover a Google SAML application.


Applications directly connected to BetterCloud as integrations.

Reviewing and Sanctioning

Applications that have been discovered but not yet been given a status are automatically designated as "new" applications.


Applications can be marked as "In Review," "Sanctioned," "Unsanctioned" or "New" from the Application Details view. BetterCloud does not yet support changing application statuses in bulk or from the Actions menu. Please note that changing an application's status will not prevent users from accessing, logging into, or using that application.


  • By default, only BetterCloud super admins will have access to the Applications interface. Any users not in the super admin role will not be able to access Discover until their privileges are updated. See Role-Based Privileges for more information.
  • Access to the Applications interface requires a "Discover" subscription. Contact your Customer Success Manager or email for more information on your subscription.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request