Skip to content
Galink Help Center home
Galink Help Center home

Shadow IT/Discovery

The Shadow IT detection feature (Discovery tab) helps security and risk teams detect, validate, and manage unknown IT vendors based on application data from identity providers.

Overview

The Discovery feature enables CISOs, risk managers, and IT admins to identify untracked tools used within the company and decide whether to formally manage them within the vendor risk process.

The Discovery tab becomes visible when at least one integration (e.g., Entra ID Applications or Google Workspace) is enabled.

How it works

1. Integration with identity providers

Connect your identity provider to automatically fetch detected applications:

  • Entra ID -- Import enterprise applications from your Entra ID tenant.

  • Google Workspace -- Import applications from Google Workspace.

2. Discovery tab

The Discovery tab displays all detected applications in a table with the following fields:

Field

Description

Application Name

Name of the detected application/tool.

Domain Name

Primary domain associated with the app.

# of Accounts

Number of users/computers accessing the app in the last 30 days

Discovered Date

Date when the app was first detected.

Source

Data source (Entra ID or Google Workspace).

Validation Status

One of: To Review, Added, or Ignored.

Actions

Quick actions: Add or Ignore.

Last Status Update

Date when the validation status was last updated.

By default, the list is filtered to show only applications "To Review". This tab is separate from the Vendors tab to avoid polluting validated vendor data.

3. Validation workflow

For each discovered application, you can:

Add to vendors

When clicking Add:

  • A new vendor entry is created in the Vendors tab.

  • Default properties are set:

    • Status: Live

    • Security Officer: the user performing the action

  • An activity log event is recorded when the app is first discovered.

  • The Validation Status is updated to Added.

Ignore

When clicking Ignore:

  • The app is marked as not relevant.

  • The Validation Status is updated to Ignored.

  • The record is kept for traceability but removed from the "To Review" list.

Account details

Rows in the Discovery tab are clickable. Clicking a row opens a side panel showing account details for the application, including user information and sign-in activity

Powered by Plain