Trelica Browser Extension

Use the Trelica browser extension to discover and monitor business app usage.


You can use the Trelica browser extension to discover apps that your employees are using and enrich app usage data. The browser extension is designed to be used alongside other discovery sources, such as identity integrations and spend integrations.

When added to an employee's browser, the extension monitors the sites that a user is visiting and sends details of any business app usage to Trelica. This is useful for discovering instances of "shadow IT"; by identifying business apps that your employees are accessing and monitoring how frequently they log in to them, you can determine how widely an app is used and make informed decisions about licensing and management.

The browser extension does not record visits to non-business apps or websites

The Trelica browser extension is available for:

The extension works in three ways:

  1. It detects activity which indicates a user is logging in to a business-related application with a user name and password. If a password manager or multi-factor authentication is used then this is also reported back to Trelica.
  2. If a user clicks on a link to use OAuth to sign in to Google or Microsoft this is reported. This information is more accurate than standard OAuth activity logs which only indicate when a token was first issued.
  3. It checks URLs the user visits against a database of business-related application patterns that would indicate activity in the application.

You can specify how frequently data is sent and allow users to prevent data for specific apps from being sent to Trelica. For more information, see Configure the browser extension below.

Deploy the browser extension

To collect business app data using the browser extension you will need to:

  1. Configure the extension settings in Trelica.
  2. Add the extension to users' browsers, either by asking users to add it themselves or by deploying it to devices that you manage.

Configure the browser extension

Before deploying the browser extension, you will need to enable it and potentially change the default data collection options from the Browser extension settings page:

Opt out

By default, users can tell the extension to ignore particular sites. This is useful if the extension records a site that the user does not consider to be a business app.

Ignoring a site only affects the data collected by that user's browser extension; if other users from your organization visit the same site and do not ignore it, that usage data will be sent to Trelica.

To prevent users from being able to ignore sites in this way, click Opt out to expand the section, and set the switch to Disabled.

Sync frequency

By default, usage data is forwarded to Trelica after 24 hours. This gives users an opportunity to review the sites that have been tracked and tell the extension to ignore any sites that are not business-related. If a user ignores a site after data has been sent to Trelica, no further data will be sent.

To control how frequently data is sent to Trelica, click Sync frequency to expand the section, select an option or set a custom frequency, and then click Save.

User identification

Trelica can use different approaches to identifying users. The most robust way to identify users is to have them log in to Trelica.  

🧙‍♂️ If you have configured single sign-on, your users will be able to log in to Trelica and the browser extension via your IdP.

This typically isn't very practical at scale, so Trelica offers other ways to identify users and collect data

Whichever method you use, you need to have your organization's employees in Trelica. If you have configured an IdP integration, your organization's employees will be listed in the People directory.

Add the extension to users' browsers

You can ask users to add the extension to their own browser from the browser's web store or add-on directory. You can copy the relevant link above or from the Browser extension settings page.

You can use workflows to automate this process, by sending the users links via email to install the extension and identify themselves.

Alternatively, you can use end-point management tools like Intune or JAMF to deploy the extension to all managed devices or browsers in your organization.

For more information about using Google Workspace to deploy the extension to managed Chrome browsers, see Deploying with Google Workspace.

Information for employees

To give users more information about how the extension works, the data that is collected by the extension, and how to ignore particular websites, you can refer them to Browser extension - information for users. A more detailed explanation of the logic used for app detection, more suitable for Trelica Admins, is given below.

How does the browser extension detect application usage?

There are two parts to application detection.

The first is a set of high-level checks carried out by the extension itself.

If these are positive, then the application is shown in the extension UI, and after a period of time data is submitted to Trelica’s servers for a second round of more detailed checks.

An event is sent to Trelica:

  • If a work email address is detected during a login process.
  • If “Sign-in with Google” or “Sign-in with Microsoft” was detected and the URL matches a list of business related apps.
  • If a URL matches a list of known business apps and patterns that might indicate actual app access (versus just browsing a general web page).

If an event is sent to Trelica, the following additional checks are carried out:

  • If the application is “home-use only”, regardless of whether a work email address was used, the URL is discarded.
  • If Trelica doesn’t recognise the application, it is queued for manual checking by our team. No user data is stored. If the app is business related, then future visits to the application will be processed.
  • If the application is already in your inventory, then Trelica checks whether there is evidence from another source that the user accesses the application (e.g. from an IdP, or if a license is assigned). If you logged in with a provider (e.g. Google or Microsoft) and there is no evidence of an existing user then the URL is discarded.
  • If the application isn’t in your inventory, and if the user used a work email address or username to access the app, then it gets added as a ‘New’ app in your inventory and the activity is stored against it.

False positives could be generated by logging in using “Sign-in with Provider” (e.g. Google) with a personal account or where an app is identified via URL-based detection, where Trelica has evidence from another source that the user is accessing the same app with a work email address.

Work email addresses are determined by checking the list of verified domains in Trelica. You can view your list of verified domains by logging in to your Trelica organization and navigating to: Admin >> Settings >> Browser Extension, and reviewing the list under the “Enabled for” header.

View data collected by the browser extension

Business app usage data collected by the browser extension is sent to Trelica where it is combined with data from other sources to give you an accurate picture of SaaS usage within your organization.

To see which apps have been tracked by the extension, open the Applications view and filter the list to show apps with a Source of Browser extension.

Filtering the apps list to show only apps with browser extension as a source.

Click an app to open the details view. Select the Users tab to see who is using the app; if usage was recorded by the browser extension, this is indicated by the extension icon in the Sources column. If multi-factor authentication or a password manager was detected these are also shown.

To view more details click on the specific user:

🧙🏿‍♂️ If you discover apps in use that you were previously unaware of, consider adding a direct integration to Trelica so that you can build a more accurate picture of how the app is being used.

You can see whether a user has added and logged in to the browser extension from their profile. From the People view, select an individual to view their details. If they are using the browser extension, it is listed under Sources and on their Applications tab.

Person details page with browser extension listed as a data source.

The extension is only listed as a source once Trelica has received usage data from it. By default, the first usage data is sent 24 hours after a user has visited a business app.

View other browser extensions in use

The Trelica browser extension returns information about other browser extensions that users have installed.

You can view this under Reports > Browser extensions.

  1. You can filter the list to specific types of browser, users, or access risk.
  2. Clicking on the number of users will list the specific users with that extension installed.
  3. Learn more about the specific risks of the extension by clicking on the color-coded access risks

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.