Tutorial
0. Getting Started
1. Account Creation and Initialization
2. Employee Master Setup
3. Cost Management Setup
4. Integrating SaaS
5. Setup Billing
SaaS Integration Guide
1Password
AKASHI
Active! gate SS
Adobe CC (Enterprise plan)
Airtable
Akerun
Amazon Business
Amazon Web Services (AWS)
Amplitude
App Store Connect
AppFigures
AppsFlyer
Asana
Ashita_cloud
Atlassian
Autodesk
Awesome Screenshot
Azure AD
Backlog
BambooHR
Basecamp
Bitbucket
Bitdefender
Bitrise
Bitwarden
Board
Box
Brabio!
Cacoo
Calendly
Canny
Canva
Channel
Chatwork
ClickUp
Cloud sign
Cloudflare
Codecov
Collaboflow
Confluence
Contentful
ContractS CLM
Coopel
Cybozu
Datadog
DatoCMS
DeepL
DeployGate
Dialpad
DirectCloud
Discord
DocSend
Docbase
Docker
DocuSign
Domo
Dropbox Business
Esa
Exment
Expensify
Fastly
Figma
Flyle
Formrun
Freshchat
Freshdesk
Freshservice
GMO Sign
Garoon
GitHub
GitKraken
GitLab
Google Analytics
Google Cloud Platform
Google Drive
Google Tag Manager
Google Workspace
HRBrain Talent Management
HRMOS Talent Management
HRMOS adopts
HRMOS diligence and indolence
HackMD
HaloPSA
Heap
HelloSign
Heroku
Honeybadger
HotProfile
HubSpot
Hubble
Huntress
InVision
Intercom
JAMF
Jetbrains
Job Can Recruitment Management
Job Kan Attendance Management
Job Kan Labor HR
KARTE
KING OF TIME
Kamon
Kaonavi
Kibela
Kincone
Kintone (Japanese version)
LINE WORKS (OAuth linkage)
Lastpass
List of supported SaaS
Looker
Loom
Lucidchart
Lumin
Lychee Redmine
Mail Dealer
Mailtrap
Marketo Engage
Mekari Journal
Metabase
MicroCMS
Microsoft 365
Microsoft Teams
Miro
Money Forward Cloud Accounting
Money Forward Cloud Accounting Plus
Money Forward Cloud Agreement
Money Forward Cloud Attendance
Money Forward Cloud Expense
Money Forward Cloud Invoice
Money Forward Cloud Payroll
Money Forward Cloud payable
Mural
My Redmine
NEXT ENGINE
Netlify
Netsuite
New Relic
NinjaMock
Notion
Okta
Onelogin
Openlogi
Overflow
PagerDuty
Percy
Pipedrive
Postman
Productboard
Quay
Questetra
Quickbooks
Receptionist
Recruitment batch Kanrikun
Redash
Rollbar
Salesforce
Sansan
Seculio
SendGrid
Sentry
ServiceNow
Signavio
Site24x7
Sketch
Slack
Smaregi Time Card
SmartHR
Smartsheet
Snowflake
Snyk
Square
Studio
Sumareji
TOYOKUMO Safety Confirmation Service 2
Tableau
Tareru Dokodemo Cabinet
TeamSpirit
Teamwork
Terraform Cloud
Todoist
Toggl track
TrackJS
Transifex
Trello
Trust Login by GMO
Twilio
Typeform
Typetalk
Unipos
Unity
Vercel
Vimeo
Wantedly
Webex by CISCO
Webflow
Whimsical
Wistia
Wix
Wordpress
Wordpress self-host (API)
Workable
Workplace from Meta
WorkstyleOS (Acall)
Wrike
Xero
YarakuZen
YouCanBook.me
Zaico
Zapier
Zendesk
Zenhub
Zeplin
Zoho CRM
Zoho People
Zoom
fondesk
freee HR
freee accounting
freee sign (formerly NINJA SIGN)
hotjar
invox
job can payroll
job can workflow
kickflow
kintone (global version)
monday.com
oVice
raku raku sales
SaaS Management
Billing
Check SaaS license status
How can I learn more about how to work with cloud services?
How to link cloud services managed by other business divisions and departments?
Integration Log Function
Inviting other users
Need to stop the integrated service
Request an unsupported SaaS or feature to be added
Troubleshooting failed integrations
Shadow IT
Retired Account
(Beta) Delete/deactivate an account in the IT Management Cloud
Account Provisioning (register a new SaaS account)
Alert Mute function
Do you have a retired account left?
Export account data
Manage former employee accounts (Employee offboarding)
Retired account export
Slack Notification Settings
What is Last Activity
Cost Management
Analyze the cost situation (Insight)
Check the payment status of SaaS
Cost Management with CSV Data
How to setup Chrome Extension
Manage SaaS invoices and receipts
Use cost management β
FAQ
How to get an account with Jira, Confluence, Trello, etc.
Integration procedures when 2FA (two-factor authentication) is enabled
What happens if the person who linked the cloud service retires?
What if IP address restrictions are applied on the SaaS side?
What is the difference between roles?
[Integration Error] Authentication error occurs when login using Google Authentication or SSO.
Others
About the event that multiple Salesforce email addresses are displayed
About the event that the user deleted by Atlassian remains as retired
Cancellation
Error with Google OAuth integration.
Error: Google hasn't verified this app
How to Setup SAML
How to calculate prices
How to setup SCIM
How to setup SCIM (Okta Integration Network)
Promotion Code
Services for which cooperation has stopped
- All Categories
- Shadow IT
- Shadow IT detection function
Shadow IT detection function
Updated
by Katsutoshi Murakami
MoneyForward IT Management Cloud has a mechanism to detect when an employee is using SaaS (i.e., shadow IT).
The following is an explanation of the shadow IT detection mechanism.
What is Shadow IT?
In a broad sense, Shadow IT includes the use of LINE and Messenger among clients, but Shadow IT in our service description refers to IT management cloud services that are formally used as company tools.
How Shadow IT detection works using Google

Shadow IT detection using Google login history is available if Google is used as the employee master.
Cloud services are detected based on the history of which cloud services employees have logged into.
Specification
- IT Management Cloud periodically calls Google's Audit Log API to retrieve login history data.
- The data is cross-checked against the SaaS catalog database to discover and aggregate cloud services.
- SaaS that are not linked to the IT Management Cloud are displayed as "Recommendations from Discovery".
- CSV provides all aggregate results as ROW data, including cloud services that cannot be displayed in the IT Management Cloud.
Since audit logs hold a very large amount of data, the initial linkage will gradually collect the data with the following behavior. ( The logs can be several hundred million records, especially if you have many employees and use many cloud services.)
- Immediately after the linkage is established, data acquisition is started, and at first, one week's worth of data is acquired & totaled and displayed.
- The data acquisition and aggregation will proceed gradually over a longer period of time. (It may take several hours to three days to complete the acquisition and tabulation of all data for three months after the initial linkage.)
- Finally, 3 months of data will be acquired & totaled.
- Thereafter, detection results will be updated with periodic differential updates.
Finally, as for the data storage period, we will check 3 months of data at the first integration. Thereafter, only the last access record per Service x User will be stored, retrieving data as needed.
When the integration is terminated and the IT Management Cloud is cancelled, the data will be destroyed.