IT Support, Can I Help You? Supporting the Shadow IT

I was talking with a customer the other day and we were discussing the growing problem of “Shadow IT,” where departments sign up for their own cloud services and operate their own IT services.

He said at his company, they were actually getting employee support calls for cloud services that IT didn’t know about. I can imagine the support call went like this:

IT Support: “IT support, can I help you?”

Ben: “Hi this is Ben in sales, I’m having trouble logging on to the MonkeyBrains Collaborative web site with my username and password. Can you fix it for me?”

IT Support: “I’m sorry Ben, what website is this? We don’t use MonkeyBrains Collaborative here at the company.”

Ben: “Well, we use it in our department, everyone has an account. Now can you reset my password or not?”

Then I imagine the call from Rom, head of IT, to Ben’s boss Dave.

Rom: “Hi Dave buddy, how long have you guys been using MonkeyBrains Collaborative and who set it up for you?”

Dave: “Hi Rom buddy, we’ve been using it for a few months now. It’s working great, except some people have trouble logging in.  We had our summer intern set it up for us, it only took him a day. When people have trouble with the app, then the intern helps them, except he went back to school last week.”

Rom: “Do you have any other cloud apps IT doesn’t know about, and who administers these?”

Dave: “Sure, we also use SuperContacts Cloud Edition, and SalesForecasterPro. The summer intern has the administrator accounts for all of them.”

So the head of IT now has a problem. Should he use his superior powers of authority to stomp out these unofficial cloud applications and crush these IT wannabes? (Rom is a big Game of Thrones fan.)

This is a common story we hear from our customers, and it’s at the core of why we built Centrify Identity Service.

Rom researches each of these cloud applications and learns that they support SAML authentication. His company is already using Centrify Identity Services and has a Single Sign-on portal for each employee.

With a little work (from his IT intern) he is able to integrate these applications into the Centrify portal and eliminate the need for separate logins to the cloud applications. These applications also support integrated provisioning, which means accounts are set up automatically when the user is granted access to the application.

He’s also able to consolidate the administration accounts for these cloud services and store them in his Centrify Privilege Manager.  This means that only authorized users can access these administrator accounts, instead of the interns.

By consolidating these applications into Centrify, he’s able to better manage who has access  and automatically enable/disable user access as part of his standard provisioning process.

Adding the SAML application into Centrify Identity Services involves straightforward configuration of a SAML template.

Screen Shot 2015-08-10 at 11.19.34 AM

The administrator then configures the URLs required for authentication, error handling and sign-out. 

Screen Shot 2015-08-10 at 11.20.11 AM


With the right tools, IT doesn’t have to be the bad guy.  Rom doesn’t have to shut down apps.  He knows that doing that just leads to more rogue IT.  Instead, Rom can enable the apps in use by his customers, while providing a secure environment for everybody.


Read more about Shadow IT in our whitepaper “The Top 7 Ways to Protect Your Data in the New World of Shadow IT and Shadow Data.”