Your software inventory is missing apps. Here’s how Reftab finds them automatically.

Most IT managers discover the gaps in their software inventory at the worst possible time.

A departing employee’s offboarding checklist surfaces three apps nobody recognized. An auditor asks which tools have access to personal data and your inventory is already six months out of date. A security review turns up logins to tools that were never in any procurement record.

The problem is the methods most IT teams use to build a software inventory, like ticket-based procurement, annual audits, and self-reported app lists, don’t reflect what employees are actually doing right now.

This post covers what incomplete software visibility actually costs IT teams, and how Reftab’s browser extension monitors SaaS logins across your organization automatically, surfaces them in Reftab in real time, and gives IT a continuous, accurate picture of what’s in use without asking anyone to submit a form.

The five gaps that make your software inventory unreliable

1. Shadow IT you don’t know exists

Employees don’t wait for IT approval to sign up for SaaS tools. They find a product that solves their problem, use their work email, and it’s live within minutes.

By the time IT discovers it, usually during a security review or an offboarding audit, the tool has been running for months. It may have access to company data. It may be processing information that falls under GDPR or SOC 2 scope. You had no visibility into it until something triggered a manual check.

Simply put, if you can’t see it, you can’t manage it.

2. Latent licenses you’re still paying for

Not every tool that was approved is still being used. Teams change, projects end, priorities shift,  but software subscriptions don’t automatically cancel. They renew.

The result is a category of tools that exist in your records but show zero or near-zero actual usage. You’re paying for seats nobody logs into. Without login-level usage data, you won’t know which tools these are until someone reviews the credit card statement and asks the question nobody wants to answer.

3. Application overlap you haven’t mapped

Organizations running at any real scale accumulate redundant tools. Two teams using different project management platforms. Three video conferencing subscriptions active simultaneously. Four file-sharing tools that are owned by different departments.

Overlap doesn’t always happen because someone made a bad decision. It happens because IT didn’t have visibility into what was already in use when a new request came in. Without that visibility, you can’t evaluate consolidation. You keep paying for the added redundancy.

4. Software reviews with no data

Annual software reviews are supposed to help IT make informed decisions about what to renew, consolidate, or cut. In practice, they often happen with incomplete records and no usage data.

“Is anyone still using this?” becomes a Slack poll or email instead of a data-backed answer. The tool gets renewed by default because nobody can confirm it’s actually unused. The conversation that should take 10 minutes stretches into weeks of back-and-forth, and the decision still isn’t clean.

5. Governance gaps that show up at audit time

GDPR requires organizations to maintain an accurate record of all SaaS applications processing personal data. SOC 2 auditors expect documented evidence of your software inventory and access controls. Incomplete records create findings.

The question auditors ask isn’t “do you have a list?” It’s “how do you know this list is accurate?” If the answer is we asked department heads to submit their tools that answer doesn’t hold up.

What complete software visibility actually requires

A reliable software inventory needs to reflect reality. This means all of the following: 

• Discovery at the login level. You need to know when employees authenticate into web applications using their work credentials, not just which tools were purchased through IT.
• Usage frequency data. Active vs. latent isn’t binary. You need login history to see which tools are used daily, which are used once a quarter, and which haven’t been touched in months.
• User-level attribution. Knowing which applications exist isn’t enough. You need to know who is using each one, so offboarding is complete and license right-sizing is accurate.
• Continuous discovery, not sporadic manual audits. Shadow IT doesn’t announce itself. App discovery has to be ongoing.

This is where browser-level monitoring changes the picture.

How browser extension discovery works (and what it doesn’t do)

The Reftab Browser Extension monitors login events to web applications using work email addresses. 

When an employee logs into a web application using their work email address, the extension captures three things. 

• The date and time of the login
• The URL of the application (e.g., zoom.com, notion.so)
• The work email address used

That data flows into Reftab automatically, which populates discovered application records and user activity logs. Over time, you get a live view of which applications are in use across the organization, who is using each one and how often, applications that exist in your records but show no recent login activity, and new applications that were never in your records at all.

However, here are a few things the extension does not do: 

• It does not track browsing history.
• It does not capture passwords, keystrokes, or page content.
• It does not monitor personal email accounts or non-work logins.
• It only activates when a work-domain email address is used to log in.

The extension can be deployed centrally via Google Workspace, Microsoft Intune, or Group Policy. 

Why AI tools are the clearest example of this shadow IT problem right now

The shadow IT conversation used to be about project management tools and file sharing apps. Right now, it’s AI tools.

That’s because it is easy for new AI apps  to slip by IT and procurement, which can introduce risks to customer data and company’s compliance posture, under GDPR or SOC 2 scope.For instance, employees are signing up for ChatGPT, Claude, Gemini, Perplexity, and vibe coding platforms with their work email addresses. They’re uploading documents, pasting customer data, and running analyses. 

The Reftab Browser Extension catches these the same way it catches any other SaaS login. When an employee authenticates into an AI tool with their work email, that login appears in Reftab. IT now knows the tool exists, who is using it, and how often.

That’s the starting point for a compliance review, an access decision, or a procurement conversation. Without the discovery layer, that conversation never happens.

Reftab authentication modes: Which one to deploy

Reftab’s Browser Extension operates in two modes. The choice affects data confidence, not coverage.

Authenticated mode (recommended)

The user signs into the extension with their Reftab credentials or through SSO. This provides:

• Verified identity – IT can confirm the extension user matches the email address detected
• Higher data confidence –  login data is reliably attributed to the correct employee
• Compliance readiness – verified attribution is more suitable for audit documentation and SOC 2 reporting

This works best when organizations need clean user attribution for compliance purposes, or that have SSO already in place.

Unauthenticated mode

The extension operates without requiring the user to sign in. 

• No user action required beyond installation
• Faster rollout for large-scale deployments
• Data is marked as “unauthenticated” in Reftab and is useful for discovery, but lower confidence for compliance

This works best for quick initial deployments, large-scale rollouts where frictionless installation is the priority, or as a first phase before migrating to authenticated mode.

Both modes surface discovered applications and user activity in Reftab. The difference is in how reliably the login data is attributed to a verified individual.

What discovery data actually looks like in practice

Once the extension is running, Reftab populates discovered application records automatically. Over time, you get a live view of:

• Which applications are in use across the organization? 
• Who is using each one and how frequently? 
• Applications that exist in your records but show no recent login activity
• Applications that were never in your records at all

This changes what software reviews look like. Instead of a Slack poll or a spreadsheet that’s already out of date asking whether anyone still uses a tool, you pull 90-day login data.

How to handle three common objections at rollout

• Procurement controls what gets approved. It doesn’t surface what gets used without approval. Shadow IT bypasses procurement by definition. Self-reporting has the same problem. People forget.
• Tools accumulate. Nobody flags the app that’s been running since a senior IC left 18 months ago.
• The bandwidth objection is the one with the clearest answer. Centralized deployment via MDM pushes the extension to all managed devices without any user action since it’s a one-time configuration.  

FAQs

Does the extension cover all software usage?

No. It captures web application logins via work email. It won’t surface applications employees access through personal accounts. It works best as one layer alongside hardware asset data and existing IT records.

What about employee privacy concerns?

The extension is scoped to work domain logins only. We recommend communicating clearly to employees before rollout. A sample employee communication template is included here. 

Is the data usable for GDPR and SOC 2 purposes?

Authenticated mode provides verified user attribution, which is more suitable for audit and compliance documentation. Unauthenticated mode is appropriate for initial discovery but carries lower data confidence for formal compliance reporting. Reftab is also SOC 2 Type 2 certified.

Can an employee disable the extension?

If deployed via centralized policy (Google Workspace, Intune, Group Policy), the extension is managed by IT and cannot be removed by end users. If manually installed, employees can disable it from their browser extension settings.

The app visibility problem doesn’t fix itself

Shadow IT grows with headcount. Latent licenses accumulate. Application overlap compounds. None of it becomes visible through manual processes or annual check-ins.

Browser extension discovery won’t close every gap in your software inventory, but it surfaces the parts that are hardest to see. Those are the tools employees are using that IT never approved, and the tools IT approved that employees stopped using.