Usage tracking for software as a service (SaaS) applications
First Claim
1. A method for tracking software as a service (SaaS) application usage, the method comprising:
- initiating a client generated by a processor and presented on a display of a network-accessible device;
establishing a communication link between a SaaS usage proxy and the client;
logging into the SaaS usage proxy by entering a first set of credentials using the client,wherein the first set of credentials is known by, and uniquely associated with, a user, andwherein the first set of credentials is authenticated by a first authentication system associated with an enterprise;
selecting a SaaS application from a plurality of SaaS applications accessible through the SaaS usage proxy;
causing the SaaS usage proxy to associate a second set of credentials exclusive to the SaaS application with the first set of credentials,wherein the second set of credentials is for one of a plurality of SaaS application accounts allocated to the enterprise rather than individual users;
causing the SaaS usage proxy to enter the second set of credentials on behalf of the user such that the second set of credentials remains unknown to the user,wherein the second set of credentials is authenticated by a second authentication system associated with the SaaS application, andwherein entry of the second set of credentials logs the user into the SaaS application and enables the user to utilize the SaaS application;
causing the SaaS usage proxy to identify one or more steps required to log into each SaaS application of the plurality of SaaS applications in response to being trained by an administrator;
using the SaaS application on the client,wherein the SaaS usage proxy tracks usage of the SaaS application by the user; and
upon completion of said using the SaaS application on the client, causing the SaaS usage proxy to dissociate the second set of credentials from the first set of credentials, thereby making the second set of credentials available to other users of the SaaS usage proxy.
5 Assignments
0 Petitions
Accused Products
Abstract
Various of the disclosed embodiments concern computer systems, methods, and programs for brokering logins to software as a service (SaaS) applications and tracking usage of the SaaS applications. First, a user, e.g. employee of an enterprise, logs into a SaaS usage proxy using a first set of credentials. The first set of credentials is known by the user, e.g. preexisting credentials for an enterprise-wide authentication system. Once a SaaS application is selected by the user, the SaaS usage proxy logs into the SaaS application using a second set of credentials. However, the second set of login credentials is encrypted and not known by the user, which causes the SaaS application to be accessible only through the SaaS usage proxy. This allows the SaaS usage proxy to monitor all usage of the SaaS application, even if multiple network-accessible devices are used to log into the SaaS usage proxy.
12 Citations
21 Claims
-
1. A method for tracking software as a service (SaaS) application usage, the method comprising:
-
initiating a client generated by a processor and presented on a display of a network-accessible device; establishing a communication link between a SaaS usage proxy and the client; logging into the SaaS usage proxy by entering a first set of credentials using the client, wherein the first set of credentials is known by, and uniquely associated with, a user, and wherein the first set of credentials is authenticated by a first authentication system associated with an enterprise; selecting a SaaS application from a plurality of SaaS applications accessible through the SaaS usage proxy; causing the SaaS usage proxy to associate a second set of credentials exclusive to the SaaS application with the first set of credentials, wherein the second set of credentials is for one of a plurality of SaaS application accounts allocated to the enterprise rather than individual users; causing the SaaS usage proxy to enter the second set of credentials on behalf of the user such that the second set of credentials remains unknown to the user, wherein the second set of credentials is authenticated by a second authentication system associated with the SaaS application, and wherein entry of the second set of credentials logs the user into the SaaS application and enables the user to utilize the SaaS application; causing the SaaS usage proxy to identify one or more steps required to log into each SaaS application of the plurality of SaaS applications in response to being trained by an administrator; using the SaaS application on the client, wherein the SaaS usage proxy tracks usage of the SaaS application by the user; and upon completion of said using the SaaS application on the client, causing the SaaS usage proxy to dissociate the second set of credentials from the first set of credentials, thereby making the second set of credentials available to other users of the SaaS usage proxy. - View Dependent Claims (2, 3, 4, 5, 6, 21)
-
-
7. A method for tracking SaaS usage, the method comprising:
-
providing a server that hosts a SaaS usage proxy; generating, by the SaaS usage proxy, a client that an employee of an enterprise is able to access; receiving, by the SaaS usage proxy, known login credentials from the client that are input by the employee; validating, by the SaaS usage proxy, the known login credentials using a first authentication system associated with the enterprise; receiving, by the SaaS usage proxy, a selection of a SaaS application from one or more SaaS applications accessible through the SaaS usage proxy; generating, by the SaaS usage proxy, encrypted login credentials exclusive to the SaaS application selected by the employee, wherein the encrypted login credentials are for one of a plurality of SaaS application accounts allocated to the enterprise; supplying, by the SaaS usage proxy, the encrypted login credentials to a mapping table, which causes the encrypted login credentials to be temporarily associated with the known login credentials belonging to the employee; providing the employee access to the SaaS application and allowing the employee to initiate the SaaS application through the SaaS usage proxy; inputting, by the SaaS usage proxy upon the SaaS application being initiated, the encrypted login credentials on behalf of the employee such that the encrypted login credentials remain unknown to the employee, wherein the encrypted login credentials are authenticated by a second authentication system associated with the SaaS application, and wherein inputting the encrypted login credentials logs the employee into the SaaS application and grants the employee access to the SaaS application; identifying, by the SaaS usage proxy, one or more steps required to log into each SaaS application of the one or more SaaS applications in response to being trained by an administrator; monitoring, by the SaaS usage proxy, usage of the SaaS application by the employee; and upon completion of the usage of the SaaS application by the employee, removing the encrypted login credentials from the mapping table, thereby dissociating the encrypted login credentials from the known login credentials and making the encrypted login credentials available to other employees of the enterprise. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. An authentication system comprising:
-
a communication module communicatively coupled to a client that is presented on a network-accessible device and a SaaS application that is hosted by a server; an enterprise authentication module configured to validate a first set of credentials received from the client, wherein entry of the first set of credentials enables a user to select the SaaS application from one or more SaaS applications accessible through a SaaS usage proxy, wherein the first set of credentials is known by, and uniquely associated with, the user, and wherein the first set of credentials is valid for an established enterprise-wide authentication system; and the SaaS usage proxy; provides the client to the user; generates a second set of credentials exclusive to the SaaS application, wherein the second set of credentials is for one of a plurality of SaaS application accounts allocated to an enterprise; encrypts the second set of credentials such that the second set of credentials remains unknown to the user; temporarily associates the second set of credentials with the first set of credentials; stores the first set of credentials and the second set of credentials in a mapping table; allows the user to initiate the SaaS application using the client; logs into the SaaS application by entering the second set of credentials on behalf of the user when the user elects to initiate the SaaS application, and wherein the second set of credentials is valid for a cloud service authentication system; identifies one or more steps required to log into each SaaS application of the one or more SaaS applications in response to being trained by an administrator; tracks usage of the SaaS application by the user; and upon completion of the usage of the SaaS application by the user, dissociates the second set of credentials from the first set of credentials, thereby making the second set of credentials available to other users of the SaaS usage proxy. - View Dependent Claims (17, 18, 19, 20)
-
Specification