The App Panel provides a deep dive into an app for a comprehensive picture of its security and posture. The App Panel consists of the following:

• App Panel Header

  On the App Panel header, you can do the following:

  1. View the app's name, description, publisher, status (e.g., Enabled), origin (e.g., 3rd Party), category (e.g., Productivity), and other basic information. You can also see if the app is verified by the Zscaler 3rd-Party App Governance Threat Intelligence team. A Zscaler-verified app can still be malicious or pose a risk due to a compromised publisher, vulnerabilities, and overprivileged permissions. The app status can be:
     • Enabled: The app is enabled on your Software as a Service (SaaS) platform and has enabled users assigned to it.
     • Deleted: This status differs for each platform.
       • Microsoft Azure: The app is deleted from the admin console.
       • Google Workspace: The app no longer exists on your SaaS platform and the user tokens are revoked.
       • Slack: The app is deleted if the last uninstallation date is later than the last consent date, or if there are no users using the app.
       • Okta: The app is deleted if no entity is received from the API after a certain threshold.
       • GitHub: The app is deleted if no entity is received from the API after a certain threshold.
       • Salesforce: The app is deleted if no entity is received from the API after a certain threshold.
       • Atlassian: Not applicable.
     • Disabled: This status differs for each platform.
       • Microsoft Azure: The app is disabled if the service principal is disabled.
       • Google Workspace: The app is disabled if the users who are granted access are no longer active users.
       • Slack: Not applicable.
       • Okta: The core apps are disabled if they are inactive.
       • GitHub: The app is disabled if the user account is suspended.
       • Salesforce: Not applicable.
       • Atlassian: Not applicable.
     • Not Installed: The app was added to your inventory, but does not exist on your SaaS platform admin console.
  2. View or change the app's Risk Score. To learn more about the risk score and how to update it, see Updating the App Risk Score.
  3. View or change the app's Classification. To learn more, see Classifying Apps.
  4. View or change the app's Automated Workflow (e.g., End User Review or Revoked/Banned) if supported by the platform.
  5. Add the app to your inventory. The App Panel header appears in blue if the app is not currently in your inventory. To learn more, see Add an App to Your Inventory.
  6. Add a note to the app detailing the reason for an action taken on the app. You can also add a custom notation or a score on the app. The person who recently added the note and the date and time the note was last updated are displayed. You can also modify the note by clicking the Edit icon next to the note.

  Close
• App Panel Overview Tab

  On the Overview tab, you can do the following:

  1. View a blast radius, showing the users who have access to the app, the services (e.g., Gmail) accessible by the app, and the access type (e.g., Broad Data Access).
  2. View Usage details, including who first authorized the app and who performed the last activity in the app.
  3. View Findings associated with the app. You can also change the status of a finding. To learn more, see Updating the App Finding Status.

  

  Close
• App Panel Access Tab

  On the Access tab, you can do the following:

  1. View the permission and access types (e.g., Sign in) granted to the app. Hover over each type for more information.
  2. View the scope of the permissions granted to the app. Click each permission for more information.
  3. View the users who have access to the app.
  4. View a breakdown of the API calls generated by the app.
  5. View information about the IP addresses associated with the app. Click the VirusTotal link for further security analysis.

  

  Close
• App Panel Activities Tab

  On the Activities tab, you can do the following:

  1. Search for a specific activity or user performing an activity associated with the app.
  2. Filter your search by the following activity types: User Activity, Security Event, Findings, and Threat Insights.
  3. Export your search results to a CSV file.

  

  Close
• App Panel Details Tab

  On the Details tab, you can do the following:

  1. View general information about the app, including the client ID, categories (e.g., Mail Client), and consent type (e.g., Individual). You can also see if the app comes from a marketplace and if it is platform verified. The following are the different consent types:
     • Domain wide: Application permissions are granted tenant-wide by the admin, allowing all users to access the application unless otherwise restricted. This is supported on Google.
     • Individual: Application permissions are granted per user (by the user). This is supported on Google.
     • Delegated: Application permissions are an intersection between what the user is allowed to do and what the application is allowed to do. The app acts on behalf of the user. This is supported on Microsoft. To learn more, refer to the Microsoft documentation.
     • Application: Application permissions are not limited by what a particular user can do. The app acts on its own behalf. This is supported on Microsoft. To learn more, refer to the Microsoft documentation.
  2. View data protection and privacy information, including the app's terms of service, privacy policy, and vendor certifications (e.g., GDPR).
  3. View threat intelligence information associated with the app.
  4. View forensics information, including seen IP addresses, redirect and login URLs, and an image of the app's consent screen.

  

  Close

The contents of the App Panel vary depending on your 3rd-Party App Governance license. For questions about your license, contact your Zscaler Account team.