Are you receiving SNAP/EBT benefits? The Expensify.org/SNAP-VAX campaign is live and accepting new members. Learn more about receiving $50 for submitting a SNAP receipt and $50 for getting your COVID-19 vaccine here and join today!

Cloud App Security alert after adding Expensify in Azure with SAML SSO

DavidAtFaber
DavidAtFaber Expensify Customer Posts: 1

I followed the steps at How-to: Enable SAML SSO — Expensify Community and Tutorial: Azure Active Directory integration with Expensify | Microsoft Docs. A little while later, I got an alert from Microsoft 365 Defender / Cloud App Security. The description was:

The user [my name and email] performed an unusual addition of credentials to the application Expensify. This usage pattern may indicate that an attacker has compromised the app, and is using it to spread phishing, exfiltrate data, or to gain access to other accounts and devices. The user added credentials of the types: AsymmetricX509Cert, X509CertAndPassword. A credential of type AsymmetricX509Cert is added when an application is using an application certificate without a key to validate certificate ownership. A credential of type X509CertAndPassword is added when an application is using an application certificate with an encryption key to validate certificate ownership.

I haven't seen this warning before when adding other apps to the list of Enterprise Applications in Azure. Is this to be expected for Expensify?

Answers