How can we help?

Shadow IT discovery workflow

Marina Rogachov
Marina Rogachov
  • Updated

This workflow automates the discovery and management of unknown applications within your organization.

It will allow you to stay on top of every new app that your employees start using.

The high level process is:

1. Receive Slack notifications for each new app.

2. Notify relevant stakeholders, such as SecOps.

3. Gather additional information from employees who started using the app by sending them a short questionnaire.

4. Update the app state to make it easy to track it.

 

Workflow Overview

How to Configure the Workflow

1. Click "New workflow" button and select "From scratch" in the dropdown menu.

2. Select New app discovered trigger and click "Next". The new workflow will be created.

2. Add "Send Slack notification" action. Make sure you have the Slack integration connected.

3. In "Send to users" field, add users whom you want to notify when Torii discovers a new app. You can edit the text of the message you want to send.

6. Add "Send application form" action.

This action will send email with a form to the user who started using a new app. This is helpful to collect information from the user in order to decide if any further steps from the IT side should be taken.

This is how the email with the form will look like.

 

7. Select to send the form to the "User who started using the app".

8. Click "Next" on the right panel. You can now setup the form that will be sent to the user.

Add fields that you previously added to the Application Details section in Settings.

We suggest adding fields:

  1. 1. What's the purpose of this app?
  2. 2. Who should be assigned as an app owner?
  3. 3. Do you plan to pay for this app?

This is how the form will look like when user opens it from the email.

Once the user answers the form, their answers will be automatically populated on the new discovered app info page.

Additionally, you can specify recipients in the "Send Form Submission to" field, choosing individuals to whom the submitted answers will be forwarded, facilitating smooth workflow tracking.

 

8. Add "Change application state" action.

Once the user submitted the form, you can start reviewing the app.

5. Configure the app state to be switched to "In review".

 

9. Send yourself another Slack notification, once the form is submitted, reminding to review the app details. 

 

Summary - What to Expect

Once you activate the workflow, whenever a new app is discovered:

1. You will get a Slack notification.

2. User who started using the app will be asked to answer questions about the app.

3. Upon submission of their responses, the app's status in Torii will automatically change to "In review".

4. You will receive another Slack notification, informing you that the form has been submitted and the app information is ready for your evaluation.

At this point, you can review the app information and determine the appropriate course of action. This may involve deciding whether to sanction the app, asking the employee to cease usage and recommending an alternative app, involving finance for paid apps, and more.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request