Discover shadow AI agents using the SAM plugin
After you configure the Okta Secure Access Monitor (SAM) plugin across your managed browsers, Identity Security Posture Management (ISPM) can automatically analyze the OAuth grants data captured by the plugin. You can view the grant details, including the grant scopes, client and resource apps, and browser user accounts on the Browser OAuth grants page of the ISPM console. ISPM also detects which grants are potentially being used to enable AI agents and tags them with an AI label.
Before you begin
-
Ensure that the Okta Secure Access Monitor (SAM) browser plugin is configured and deployed to your managed browsers.
-
Check that the SAM plugin is configured for the Okta org that you connected as a source in ISPM.
-
When you first configure the plugin, it may take up to two days for the data to appear in ISPM. After that, the data is synced daily.
Start this task
-
In the ISPM console, go to the page. This page displays an aggregated summary of OAuth grants captured by the SAM plugin.
-
From the Category filter, select AI.
-
Review the table to see connections between client apps and resource apps. You can review the information in the following columns to identify unknown or suspicious grants.
-
Client app: The app that requested access.
-
Resource app: The target app that holds the data being accessed.
-
First / Last seen: These time stamps indicate when the connection was first observed and when it was seen most recently.
-
-
To investigate specific connections, select any row in the inventory table and review the details, such as the individual users who authorized the connection and the specific scopes that are granted.
-
If a grant seems suspicious, reach out to the user and confirm:
-
If the grant is authorized and related to AI agents, click Register. See Register AI agents.
-
If the grant is unauthorized, take the appropriate remediation actions.
-