ShiftControl Release Notes

Picture this: it’s Monday morning, you’ve got 47 SaaS tools to keep tabs on, a new hire starting Wednesday, and a CFO who wants to know why the AWS bill jumped. Instead of opening six tabs, you open Claude and type “What apps cost us more than $20 per active user last quarter, and who actually still uses them?” Forty seconds later you’ve got your answer, your spreadsheet, and your morning back.

That’s not a future demo. That’s today. ShiftControl now ships as a remote MCP server — a connection point that lets any MCP-aware AI (Claude, Cursor, ChatGPT, Windsurf, you name it) read your org’s data through natural conversation. One sign-in. Same permissions your account already has. Every answer scoped to your org, no admin god-mode hiding in the background.

What you can actually ask it

A few prompts that work on day one:

• “List every app where my Engineering team has access but Sales doesn’t — and tell me which ones are paid per-seat.”
• “Which SaaS subscriptions renew in the next 60 days? Sort by spend.”
• “Find every group with our new hire missing and add them.” (read-only today, but it’ll flag the gap)
• “The Notion contract just renewed at $14/seat through 2027 — update it.” (this one actually writes)
• “Show me apps sitting idle for more than 30 days that we’re still paying for.”

The trick isn’t that AI got smarter. The trick is that your AI finally has the same view of your org you do.

How It Works

• One sign-in. Zero API keys. Click Login with ShiftControl in your MCP client, approve the consent screen once, and your AI is connected — no tokens to rotate, no .env files, no secrets to lose.
• Nine read tools, one write tool. Query apps, groups, teams, departments, locations, and subscriptions. Update a subscription’s cost, billing frequency, contract term, or notes when you’re ready to write — with a confirm: true gate so an LLM can’t silently change a plan it shouldn’t.
• Works everywhere MCP works. Claude Desktop, Claude Code, claude.ai, Cursor, Windsurf, Continue.dev — if it speaks MCP, it speaks ShiftControl.
• Your permissions follow you. Every call runs as you. If you can’t see an app in the UI, neither can your AI. If you’re scoped to one org, you stay scoped to one org. Same Role Based Access Control (RBAC), no shortcuts.
• Sessions live for 30 days. Background token refresh keeps the connection warm, so your AI picks up tomorrow exactly where it left off today.

Getting Started

1. In your MCP client, add a new remote server: https://mcp.shiftcontrol.io/mcp
2. Click through the Login with ShiftControl prompt and approve the consent screen.
3. Try a prompt that’s been bugging you all week. “Which apps are due for renewal in the next 90 days?” is a good warm-up.

Detailed per-client setup is in INSTALL.md — Claude, Cursor, Windsurf, ChatGPT, and friends all covered.

Next up: more write tools (user provisioning, group membership, app assignment), saved-prompt workflows, and the rest of the read surface you’ve been quietly hoping for. If there’s something you want to ask your data that we don’t support yet, tell us — we’re prioritising the next batch from real customer prompts.

Connecting your AI to ShiftControl is step one. The fun part is step two: Skills.

A Skill is a pre-built workflow your AI already knows how to run. Instead of figuring out which tools to call in what order, you install the Skill, type what you want in plain language, and your AI handles the choreography — showing you exactly what it plans to change before anything writes. Think of it as a senior IT admin’s playbook, packaged so any AI client can run it.

Skills live at github.com/ShiftControl-io/skills, open source under Apache 2.0, and install with a URL paste. No terminal. No npm install. No “wait, which directory am I in.”

Meet the first one: refresh-subscription-info 📬

The most tedious part of keeping a SaaS register accurate is the part nobody volunteers for: hunting renewal emails out of your inbox and updating ShiftControl one app at a time. refresh-subscription-info does it for you.

Tell your AI: “Refresh my ShiftControl subscriptions from my recent invoices.”

It will:

1. Search your email for invoices and renewal notices.
2. Pull out the price, seat count, billing frequency, and contract term.
3. Match each one to the right app in ShiftControl.
4. Show you a diff — here’s what’s there now, here’s what the invoice says, want to update?
5. Write only the ones you approve, with a note recording where each number came from.

You stay in control. The Skill never updates anything silently. Every change is reviewable, every update is annotated, every decision is yours.

Why install vs. paste-and-pray?

Anyone can paste a prompt. The difference with a Skill:

• The prompt is the contract. Skills are versioned files on GitHub. When we ship an improvement, you get it the next time your AI loads the Skill. When you customise it, your fork is yours.
• Human-in-the-loop by design. Every Skill in this catalogue is built to show its work and pause before writing. No silent mutations, ever.
• Portable across AI clients. Claude Desktop / Code / claude.ai install the URL natively. Cursor and Windsurf accept the Skill as a project rule. ChatGPT users paste it as a system prompt. Same workflow, every tool. INSTALL.md walks every variant.
• You can build your own. Skills are just markdown. If you’ve got an IT workflow you run every month, you can codify it once and let any AI in your team run it forever. PRs welcome.

Getting Started

1. Make sure the MCP server is connected in your AI client.
2. Install the first Skill:
   • Claude Desktop / Code / claude.ai: paste https://github.com/ShiftControl-io/skills/tree/main/skills/refresh-subscription-info
   • Cursor / Windsurf: copy the SKILL.md content into a project rule
   • ChatGPT: paste the SKILL.md content as a system prompt
3. Ask: “Refresh my ShiftControl subscriptions from my recent invoices.”
4. Approve the changes that look right.

Next up: more Skills are already in the pipeline — invoice-matching for unknown apps, app-spend anomaly reports, monthly cleanup of dormant accounts, and a new-hire onboarding Skill that drafts the whole access list for review. If there’s a recurring IT chore you’d love to delegate, open an issue — we read every one.

When external directories like JumpCloud or Google Workspace get out of sync with what ShiftControl expects — usually because of a missed event, an outage, or someone editing membership directly in the directory — your groups can quietly drift out of alignment. Until now, the only way to fix it was to notice the downstream effect and manually re-save the parent group.

Two changes fix that.

The hourly sync now self-heals. If our periodic sync notices that a nested group member is missing from JumpCloud, it pushes the correction automatically. No more permanent drift from a missed event.

The Group Info sidebar now warns you when something’s off. Members who exist in ShiftControl but are missing from the live JumpCloud or Google group get an amber warning icon next to their name, and a banner at the top of the Users tab tells you how many members need a re-sync. Hover any warning icon for a tooltip explaining exactly which directory they’re missing from.

• Hourly sync auto-fixes nested-group drift in JumpCloud
• Per-member warning icons in Group Info sidebar and Quick View
• Tooltip explains which directory is out of sync
• Group-level banner counts unsynced members at a glance
• Save the group from the UI to push corrections immediately

All info sidebars used to show a fixed 10 members per page regardless of how much room your screen had. Tall monitors had wasted space below the list, shorter screens had overflow, and the prev/next arrows didn’t tell you where you were in the list.

The page size now adjusts to the available height — bigger screens fit more, the new drift-warning banner makes room when it appears, and resizing the window recalculates on the fly. We’ve also upgraded the pagination controls: First page, Previous, “Page X of Y”, Next, and Last. So you always know where you are and can jump to either end in one click.

• Page size adapts to sidebar height in real time
• Recalculates on window resize
• First / Previous / Page X of Y / Next / Last controls
• Plays nicely with the new drift-warning banner

If you’re running Google Workspace without an identity provider, you’ve likely felt the pain of manual group membership management. While Google is great for many things, it lacks a native “set it and forget it” way to automate group memberships. Until now, that meant managing department or location-based groups by hand, a tedious process prone to human error.

That changes today. We’ve officially brought the power of ShiftControl’s dynamic rules to every Google Group. Whether your identity is managed through JumpCloud or you are strictly a Google Workspace shop, you can finally automate your memberships end-to-end. No workarounds, no manual list-keeping, and no more “babysitting” your groups.

How It Works

• The Dynamic Rules tab is now visible whenever you create or edit a Google group, right alongside your manual membership controls.
• Rules evaluate every time we sync with Google Workspace, so people land in the right groups based on who they are, not who remembered to add them.
• Department-based and location-based rules in Settings now display correctly and trigger the same automatic add and remove behavior you’d expect from a JumpCloud-connected setup.
• When someone changes departments, transfers offices, or leaves the company, their group memberships update on the next sync without anyone touching a thing.

Getting Started

1. Open any Google group in ShiftControl, or create a new one.
2. Click the Dynamic Rules tab and add a rule based on department, location, or any supported attribute.
3. Save, then watch the next sync place the right people into the group automatically.

Give it a spin on a group you’ve been babysitting manually, and let us know how much time it earns back. Next up: we’re expanding dynamic rules with richer attribute matching and preview-before-sync, so you can see exactly who’s about to land in (or leave) a group before it happens.

Your team members can now see and manage their own OAuth app permissions directly from the Employee Portal, without any admin involvement.

Google does offer this buried in accounts.google.com, but most employees don’t know it exists or where to find it. And even if they do, there’s no context about which apps your organization considers risky.

We’ve added an App Permissions tab to the Employee Portal where every team member can:

• See all third-party apps they’ve authorized, with the scopes each app can access
• Understand the risk level of each app’s permissions at a glance (sensitivity indicators show whether an app has basic read access or full account control)
• Revoke access to any app they no longer use or trust, right from the portal with a simple confirmation step

How It Works

When a team member opens the Employee Portal and navigates to App Permissions, they see a list of every OAuth token they’ve granted. Each entry shows the app name, what it can access, and when it was authorized. If something looks off, or they just finished using a tool for a one-time project, they can revoke it immediately.

Getting Started

1. Open the Employee Portal and click App Permissions in the sidebar
2. Review the list of apps that have access to your account
3. Click the revoke button on any app you’d like to disconnect
4. Confirm by typing “revoke” and it’s done

Admins still have full visibility from the Permissions Dashboard. This just gives your team the power to clean up their own house.

If your organization runs on Google Workspace without JumpCloud, your HRIS sync just got a major upgrade. ShiftControl now syncs employee data directly into Google Workspace.

Previously, the HRIS sync integrations could only write to JumpCloud. If Google Workspace was your primary directory, the sync would detect new employees but had nowhere to put them. That changes today.

How It Works

• New hires from your HRIS are automatically created as Google Workspace users with the correct name, department, job title, location, and team
• Profile updates (title changes, department transfers, new managers) sync into Google Workspace fields and custom schemas
• Offboarding suspends users in Google Workspace when your HRIS marks them as terminated
• Manager relationships are maintained through Google’s native manager field
• Teams are written to a ShiftControl custom schema on each user’s Google profile, keeping your org structure visible across tools

The sync engine automatically detects whether your primary directory is JumpCloud or Google Workspace and routes actions accordingly. If you’re running both directories, it writes to whichever one is primary.

Getting Started

If you already have an HRIS integration connected, there’s nothing to do. The next sync will automatically use Google Workspace if it’s your primary directory.

You can now see at a glance whether a Google Workspace user has a pending password reset, has never logged in, or needs to accept the Terms of Service. These show up right in the user list and user detail views.

Previously, Google users just showed “Active” or “Suspended” with no additional context. JumpCloud users already had rich status badges (password pending, activation email sent, locked out), but Google users were a blank slate. You’d have to check the Google Admin console separately to know if someone had actually logged in.

Now, ShiftControl reads Google’s user profile fields and surfaces them as status badges:

• Password Reset Pending: the user needs to change their password on next login
• Never Logged In: the account was created but the user hasn’t signed in yet
• Pending Acceptance: the user hasn’t accepted the Terms of Service

These badges appear in both the Manage Users table and the user detail header, so you can spot onboarding gaps without leaving ShiftControl.

ShiftControl can now write custom fields directly to your Google Workspace user profiles. The first field we’re syncing: Teams.

Google Workspace doesn’t have a native “team” field. Departments and locations exist out of the box, but if you want to track which product team, squad, or working group someone belongs to, you’re on your own. Most companies end up maintaining a spreadsheet or just not tracking it at all.

ShiftControl now creates a custom schema called ShiftControl on your Google Workspace directory and writes each user’s team assignment to it. This means:

• Assign teams from ShiftControl: when you set a user’s team in the admin portal or via HRIS sync, it’s written to their Google profile automatically
• Visible in Google Admin: the team field shows up under the user’s custom attributes in the Google Admin console, so your Google admins can see it too
• Kept in sync across directories: if you run both JumpCloud and Google Workspace, team changes in ShiftControl propagate to both. Rename a team, and every user’s profile updates in Google.
• HRIS sync included: if your HRIS provider sends team data, it flows through to Google Workspace automatically (see our HRIS sync update above)

Why Teams Matter

Departments tell you where someone sits on the org chart. Teams tell you what they’re actually working on. A developer in the “Engineering” department might be on the Platform team, the Billing team, or the Onboarding team. That distinction matters when you’re assigning apps, managing group memberships, or figuring out who to loop in on a project.

Getting Started

1. Go to Settings > Teams and create your teams (or let HRIS sync bring them in)
2. Assign users to teams from the user edit screen or bulk actions
3. ShiftControl handles the rest: the custom schema is created automatically the first time a team is assigned

The Employee Portal directory and org chart now work for every directory setup (Google Workspace only, JumpCloud only, or both) and everyone can see profile photos.

Previously, the org chart pulled avatars from a separate API that required admin permissions, so regular team members only saw initials.

We rebuilt the employee directory backend to be directory-agnostic:

• Avatars everywhere: profile photos from Google (or JumpCloud) now load for all employees, no special permissions needed
• Org chart works in every mode: Whether you only use Google Workspace, JumpCloud or both. You’ll get a working org chart with manager relationships
• Team’s now available: We previously showed you the person’s department and location. You can now also find their Team if the org has teams configured.

If you’ve ever made a change in the Google Admin console and then stared at your user list wondering why it hasn’t updated yet, you’re not alone. Google’s APIs have a well-known eventual consistency delay. When you create a user, suspend someone, reset a password, or edit a profile, the change can take anywhere from 15 seconds to a few minutes to actually show up in API responses. Even Google’s own Admin console has this problem: create a user and they won’t appear in your user list until you manually refresh the page.

This meant that after making changes in ShiftControl, you’d often need to hit the refresh button and wait. Not a great experience.

We now automatically re-fetch data from Google at multiple intervals after any change you make. When you suspend a user, reset a password, update a profile, or modify a group, ShiftControl polls Google’s API in the background until the change appears. You’ll see the updated data show up in your dashboard without touching anything.

This applies to all Google Workspace changes: user creates, suspensions, activations, password resets, profile edits, and group updates. The data refreshes as soon as Google’s API reflects the change, typically within 5 to 15 seconds.

We’ve added a delegated authorization flow for Google Workspace — so you no longer need to be a Google Admin yourself to get things connected.

Here’s the situation we’ve all been in: you’re setting up ShiftControl, you get to the “Connect Google Workspace” step, and you realize… you don’t have Google Workspace super admin access. That person is your CFO, or your CTO, or someone who has never logged into ShiftControl and probably never will. Until now, you’d need to walk them through logging in and navigating to the right screen. Not anymore.

Check out the quick walkthrough, and read below for details!

How It Works

From the Directories area, click Request authorization from another admin on any Google Workspace connector. A modal opens where you can:

• Send an email — enter the admin’s email address, preview the message, and send it directly from ShiftControl
• Copy a link — grab the authorization URL and share it however you prefer (Slack, text, carrier pigeon)

The person you send it to doesn’t need a ShiftControl account. They click the link, approve Google’s standard OAuth consent screen, and they’re done. The whole thing takes about 30 seconds on their end.

Once they authorize, ShiftControl saves the connection to your organization automatically. You’ll get an email confirming it’s complete, and the connector status updates to show it’s connected.

What Happens Behind the Scenes

• Authorization links are valid for 48 hours, so your admin doesn’t need to drop everything immediately
• You can send the link to multiple people — if you’re not sure who has Google Admin access, send it to a few candidates and whoever gets to it first can authorize
• If the link expires, the error page doesn’t reveal any organization or email details — we keep it privacy-safe
• If the delegate cancels partway through, the link still works — they can try again

Getting Started

1. Navigate to Directories and find your Google Workspace connector
2. Click Request authorization from another admin
3. Enter the Google Admin’s email and hit Send (or copy the link)
4. Wait for the confirmation email — then you’re all set!

Sometimes you make a change on JumpCloud or took a bunch of admin actions across various parts of the app that you need to make sure fully updated inside ShiftControl. You can now be sure you’re updated by pressing a “Refresh” button directly in the console in any manage or view/edit area.

The ‘Quick view’ button available for groups in the manage groups area has been refreshed with more information! You can now see the directory of the user, richer profile information, and how they were assigned to the group.

For Google Workspace customers on Enterprise tiers, we were grabbing information about app access that included activity logs, which are not available on the Business tiers. We’ve excluded those logs from the view to avoid polluting the critical information for authorizations and revocations.

Managing group membership used to mean a lot of clicking. Nested groups and individual users were displayed as separate rows with dropdowns, making it hard to sort, search, or make bulk changes. We’ve completely reworked the group editing experience to fix that.

All nested groups and individual users now live in clean, sortable tables with search and filtering built in. You can select multiple members and remove them in one action instead of deleting them one at a time. A new Add modal lets you search for and select multiple users or groups at once, so building up a group is fast even when you’re adding a dozen members.

Finding the right logo for your apps just got a whole lot easier. Instead of hunting down image files and uploading them manually, you can now search for any company or brand name directly in the logo picker and apply it instantly.

While our catalog already includes logos for thousands of apps, this feature shines when you’re adding custom apps or tools that aren’t in our system yet. Just type the company name, pick the logo you want, and you’re done.

We’ve rolled out an update to our color themes to make ShiftControl easier and more comfortable to use across the board.

You’ll notice improved contrast and clearer visual hierarchy, making important elements stand out more at a glance 👀. We’ve introduced a subtle three-tone background across the left, middle, and right panes to better visually separate sections and reduce cognitive load while navigating.

Both light mode and dark mode have been refined 🌗. We’ve updated form fields, popovers, cards, and modals to ensure they’re easier to see and sit cleanly against their backgrounds. Border colors have also been improved so boundaries are more visible without feeling heavy or distracting.

Overall, this update is about clarity, accessibility, and reducing friction as you move through the app. As always, more refinements are on the way 💚

We’ve completely redesigned the user management experience with a unified, consistent interface that provides significantly more visibility into user data. What was once a simple details screen and basic security view has evolved into a comprehensive user management hub that gives you deeper insights and better control.

What’s New

• 🎯 Unified Design Language: Consistent styling and layout across all user management screens
• 📊 Enhanced User Details: Much more comprehensive user information in an organized, scannable format
• 🔒 Improved Security Overview: Better visualization of security settings and permissions
• 💰 Brand New SaaS Cost Tracking: Complete visibility into user costs including:
  • Total cost per user
  • Cost breakdown by individual applications
  • Clear financial insights for better resource management

Key Improvements

• Better Data Organization: Information is now logically grouped and easier to navigate
• Consistent Visual Hierarchy: Uniform spacing, typography, and component styling
• Enhanced Readability: Improved contrast and layout for better user experience
• Actionable Insights: Cost data helps you make informed decisions about user access and app usage

Getting Started

Navigate to any user’s profile to experience the new interface. The cost tracking data will automatically populate based on the user’s current app usage and subscription tiers.

Overview

Teams are now available in ShiftControl, giving you a flexible way to organize people based on how your company already works. Different organizations use Teams differently — some treat them like sub-departments, some use them for functional groupings, and others use them for regional or segment-based structuring.

No matter how you define them, Teams give you a consistent, single-membership attribute that can sync cleanly from your HRIS and power Groups, assignments, and automation.

How organizations use Teams

Different companies use Teams in different ways, so we’ve kept the concept flexible:

• As sub-departments inside a larger department (for example Engineering → Backend, Frontend, DevOps)
• As segment based groups (for example Sales → Enterprise, SMB, EU, APAC)
• As function specific groups (for example HR → Talent Acquisition, HR Business Partners)

To keep things simple and aligned with most HR tools, each person can only belong to one Team at a time. This matches how HRIS systems like BambooHR and HiBob usually model Teams or sub-departments.

Sync from HRIS or create your own

You can either:

• Sync Teams from your HRIS such as BambooHR or HiBob, or
• Create Teams directly in ShiftControl for orgs that don’t yet have them defined in HR

When Teams are synced, we keep the structure in sync so your people data stays consistent across systems.

Automatic Team groups for access management

Every time you create a Team, ShiftControl automatically creates a matching Group (for example a DevOps Team will also create a DevOps Group).

You can then:

• Use the Team Group to assign apps
• Sync the Group to Google and use it for email lists and calendar sharing
• Share docs and resources with the whole Team in one go

This works just like Groups for locations and departments, so it fits neatly into your existing setup.

Always in sync with name changes

If you rename a Team (for example from Customer Success to Client Success):

• The Team name is updated for all users on that Team
• The matching Group name is updated as well
• Everything stays in sync across ShiftControl and any connected directories

No more hunting for mismatched names between Teams, Groups, and user profiles.

Dynamic group rules powered by Teams

Teams are also available as a condition in dynamic Groups:

• Use the new Team attribute in your Group rules
• Choose operators like equals or not equals
• Select the Team you want to target

This makes it easy to build rules such as “add everyone in the DevOps Team to the DevOps Apps group” without manual management.

Check out the video below to see how it works:

You can now connect Dream Team to ShiftControl and let HR data become the single source of truth for your user management.

Why it matters

• HR data becomes your single source of truth for identity — fewer mismatches between people records and access.
• Keeps user records clean during org changes and helps avoid paying for unused JumpCloud licenses.

What we fixed vs JumpCloud’s built-in connector

• ✅ Simpler credentials — only a Dream Team access and refresh token is required (no JumpCloud super-admin API key risk).
• ✅ Full field sync — manager, department, location, and other key attributes flow through reliably without having to talk to Dream Team support.
• ✅ Save money — JumpCloud’s native Dream Team/HRIS integration creates users as soon as they’re added in the HRIS, even if they don’t start for months. We only create users 7 days before their start date, cutting unnecessary license spend.

How it works

• ShiftControl polls Dream Team hourly and compares records.
• Adds, updates, disables, and re-enables are detected automatically.
• Pre-start provisioning — 7 days before a new hire’s start date we enable the account in silent mode so Gmail, Calendar and Docs are ready without sending a welcome email.
• Automatic offboarding — accounts are disabled on the employee’s termination date to ensure smooth, secure offboarding.

Get started

1. Add the Dream Team app to ShiftControl.
2. Go to Settings → Directories → Dream Team → Enable and then Add Authorization.
3. Paste your access token and refresh token.
4. Hit Authorize — we’ll take it from there.

Enjoy cleaner user data, smoother onboarding, and tighter security with our new Dream Team HRIS integration!

We’ve added a quick way to match your screen to your mood (or your existential crisis).

Press Cmd/Win + Ctrl + T to cycle through Light, Dark, and System modes, because sometimes you want that crisp daylight productivity vibe, and other times you just want to brood in the dark.

✨ Go ahead, toggle away. We won’t judge your aesthetic choices.

You can now tag every group in your organization to instantly understand its purpose and category.

Whether it’s a department, a shared account, or a distribution list, Group Tags help make sense of even the most complex group structures.

✨ Highlights:

• Easily view and filter groups by tag (e.g., Department, Shared Account, Distribution).
• Quickly switch views in the sidebar to see all groups of a particular type.
• Perform bulk actions — change tags or delete multiple groups at once.
• Better visibility into group purpose, helping large organizations with hundreds of groups stay organized.

This feature is especially useful for organizations managing shared or system accounts across multiple services. You’ll always know which groups are tied to automation, access, or communication lists — without guesswork.

Check out the video below to see how it works!

We’ve made the Permissions dashboard easier to explore!

🔍 You’ll now see hover details showing how many permissions each app has — and when you click the icons, you’ll see all permissions for that app across services in one clean view.

✨ We also made it more obvious that the three-lined icon at the end is clickable (yes, that one!), so you can quickly access the full authorization list.

Little improvements, big difference in clarity.

Admins can now create, edit, and customize Group Tags directly from Settings → Group Tags.

🪄 What you can do:

• Create custom tags with a name, color, and description.
• Edit existing tags — rename, recolor, or adjust descriptions anytime.
• Reset system tags to their defaults if you make changes.
• Maintain a consistent tagging structure across your org.

Every organization starts with a default set of tags (like Department, Location, Role Access, Shared Account), but you can expand them to match your company’s specific needs — for example, Inbound Marketing or Shops.

We’ve moved Integrations into the Settings area and renamed them to Connectors to better reflect their purpose — securely connecting ShiftControl to the apps and systems that power your business.

Connectors are now organized into two categories for clarity:

🧩 Directories

Directories include your Identity Providers and HRIS systems — the sources of truth for your user and employee data.

From here, you can manage authentication to services like Google Workspace, JumpCloud, or BambooHR.

We’ve also laid the groundwork for upcoming capabilities, including a unified view of users and groups across Google and JumpCloud, and the ability to designate a primary directory.

🔗 Apps

Apps include everything else — the SaaS tools you integrate with to sync user information in and out of ShiftControl. Use this section to manage authentication and connection status for your app connectors.

You can now clean up and organize faster than ever! Bulk management isn’t just for users anymore — you can now manage multiple Groups and Apps at once.

🧩 For Groups, you can change tags or delete multiple at a time.

⚡ For Apps, you can bulk delete to tidy up your catalog in seconds.

Perfect for those satisfying clean-up sessions where you get everything just right — and save a bunch of clicks while you’re at it.

You can now jump between the Employee Portal and Admin Portal in a flash! Use ⌘/Windows + J to toggle instantly, or open the ShiftControl menu to switch portals — either in the same tab or a new one.

Sometimes it’s the little things that make a big difference ✨

We’ve redesigned the actions menu to make it sleeker and easier to use. All actions now live in a single, compact dropdown — saving space and keeping things tidy.

Dangerous actions like Delete are clearly marked in red, while the Edit option has been neatly folded into the same menu for a cleaner look.

Simple, intuitive, and just a little more polished.

We’ve made it much easier to understand how users are assigned to groups — whether through dynamic rules, nested groups, or individual assignments.

You told us it was hard to tell when someone was already added through another method, especially when cleaning up manual assignments or switching to automated rules. Now you’ll see exactly how each user is assigned, wherever you manage groups:

👥In the group side panel

Quickly see whether a user is part of the group via dynamic, nested, or individual assignment.

⚙️In the Individual Assignment tab

See the same indicators while managing manual assignments, so you don’t add duplicates.

🔍In the user search dropdown

Indicators now appear directly in search results — making it easier to pick the right person and avoid confusion.

We’ve added a powerful new Permissions Dashboard that gives administrators complete visibility into how data is shared with third-party apps and services inside Google Workspace.

Many business apps connect through Google using secure authorization flows (known as OAuth). These connections can expand over time, and without proper oversight, they create risk. The new Permissions Dashboard helps teams keep that risk in check by surfacing all connections, scopes, and user actions in one easy-to-use view.

🔍 What’s new

• Centralized permissions view – See all apps that have access to your organization’s data, who granted it, and what scopes were approved.
• Detailed scope inspection – View exactly what each app can do, like reading, sending, or deleting emails.
• User-level visibility – Identify which users have granted access to specific apps and when.
• Action history – Track authorization and revocation events over time for better auditing.
• Risk insights – Highlight apps with sensitive or restricted permissions that may need review.

⚙️ Available now

The new dashboard is live for all administrators under Reports → Permissions.

No configuration required, your connected app data is already being analyzed.

Check out the explainer below for more information.

You can now link Deel to ShiftControl and let your HR data drive identity and access automatically.

Why it matters

• HR data becomes your single source of truth for user lifecycle management
• Keeps records aligned during team changes and avoids wasted licenses
• Reduces risk by eliminating manual data entry

What’s different from JumpCloud’s native connector

• Easier setup – just a Deel API key, no risky super-admin API access
• Richer sync – manager, department, and other attributes flow into ShiftControl reliably
• Smarter provisioning – instead of creating users the moment they appear in Deel, we only activate accounts 7 days before the official start date, saving you on unused licenses

How it works

• ShiftControl checks Deel periodically and compares employee records
• Detects new hires, changes, terminations, and re-hires automatically
• Pre-start provisioning ensures Gmail, Calendar, and Docs are ready to go without sending early notifications
• Offboarding is automatic on the employee’s end date, ensuring security stays tight

Enjoy cleaner records, smoother onboarding, and worry-free offboarding with our new Deel integration!

We’ve made it easier (and nicer!) to manage your settings. Instead of being spread across different menus, everything now lives in one dedicated Settings area, accessible from the ShiftControl icon at the top left.

🎉 What’s new:

• One place for everything – All personal, org, and integration settings are now unified in a single, purpose-built view.
• Easier to navigate – The new Settings experience is cleaner, faster, and ready for even more configuration options rolling out soon.
• Better portal switching – Jump between the Admin Portal and the Employee Portal right from the ShiftControl menu. The Employee Portal now opens in a new tab by default, so admins can keep both views open without losing their place.

Check out a quick demo below!

This update makes your workspace feel more connected, more intuitive, and ready for what’s next.

We’ve refreshed the look of status icons in the User Directory to make them easier to read and more consistent across the platform. The new design helps you quickly distinguish between user states and any related actions, making the directory more scannable at a glance.

You can now connect HiBob to ShiftControl and let HR data become the single source of truth for user management.

Why it matters

• HR data becomes your single source of truth for identity
• Keeps user records clean during org changes and saves JumpCloud licenses

What we fixed vs. JumpCloud’s built-in connector

• Simpler credentials – only a HiBob service user ID and token are needed (no JumpCloud super-admin API key risk)
• Full field sync – manager and other key attributes flow through reliably
• Save money – JumpCloud’s native HiBob integration creates users as soon as they’re added in HiBob, even if they don’t start for months. We only create users 7 days before their start date, saving you unnecessary license costs.

How it works

• ShiftControl polls HiBob hourly and compares records
• Detects adds, updates, disables, and re-enables automatically
• Pre-start provisioning – 7 days before a new hire’s start date, we enable the account in silent mode so Gmail, Calendar, and Docs are ready without emailing the user
• Automatic offboarding – accounts are disabled on the employee’s termination date to ensure smooth and secure offboarding

Get started

• Add the HiBob app to ShiftControl and head to Integrations → HiBob → Add Authorization
• Paste your service user ID and service user token
• Hit Authorize – we take it from there

Enjoy cleaner user data, smoother onboarding, and tighter security with our new HiBob integration!

You can now work with tables more comfortably. Tables automatically expand to take up the full screen, giving you more room to see your data.

When you select more rows than can fit on the screen, a scroll area is dynamically added, keeping the table header fixed at the top so you can always see column names while sorting and reviewing data.

You can now create group emails with fewer errors and more flexibility. If your JumpCloud Cloud Directory connector is set up with a default domain or multiple domains, we’ll automatically detect them and display them in a handy dropdown, making it easier to select the right domain without typos.

We also now support syncing to multiple Google Workspace directories. If you’ve configured more than one, you can choose which directory to sync with, and the available domains shown will adjust to match that selection.

This makes managing group emails across locations and workspaces smoother and less error-prone.

We’ve upgraded how you search and select groups to match the robust experience in people fields. You can now:

• Search any group by name – Quickly find the group you need without scrolling through long lists.
• Enjoy consistent sorting – Both group and people lists are now sorted properly for easier scanning.
• Streamlined experience – Group selection works just like people selection, so it’s familiar and intuitive.

Finding and assigning groups or people is now faster, easier, and more consistent.

We’ve refreshed the Subscription screen to make terms clearer and more consistent across the app. The changes include:

• Title update – Now reads: Track important aspects of your subscription costs, plans, and renewals
• Contract length → Plan duration – Better reflects the subscription terminology
• Contract time period → Duration type – Clearer description of time units (e.g., Months, Years)
• Billing frequency → Billing cycle – More intuitive naming
• Contract end date → Plan end/renewal date – Aligns with subscription plan language
• End date description update – The last day of your subscription/contract → The last/renewal day of your subscription

These changes make it easier to understand your subscription details at a glance, with more consistent wording across all fields.

What it does

You can now zero in on exactly the users you need, instantly.

Filter options

• Active – see everyone currently able to log in
• Disabled – hunt down disabled accounts for cleanup or review
• Staged – spot pending accounts that haven’t been enabled yet
• Scheduled Action – view users queued for future activation or deactivation

Why you’ll love it

• Faster audits and bulk actions
• Fewer clicks when handling onboarding, off-boarding, or access reviews
• A cleaner, more focused Manage Users view every time you open the page

Jump into Users in the menu, pick a state from the dropdown, and work with just the slice of your roster that matters right now.

The header checkbox now selects only the rows that match your current filters instead of every row in the table.

• No more accidental bulk actions on hidden data.
• Cleaner, safer workflows when you’re drilling into subsets of users, assets, or records.

Try it out

Filter any table, hit the header checkbox, and enjoy precise multi-row actions that match exactly what you see.

Need to bring a batch of previously disabled accounts back online after a temporary freeze or cleanup? You can now re-enable multiple users in one swift move! Simply select the disabled accounts and hit Enable in the Bulk Actions menu. It’s a speedy quality-of-life upgrade that gets everyone back to work without the click marathon.

Need to tidy up an org—or quickly handle big changes like layoffs or seasonal off-boarding? You can now select multiple users and hit Delete from the Bulk Actions menu to remove them all at once. It’s a small quality-of-life boost that makes large-scale clean-ups faster, simpler, and a lot less click-heavy.

You can now connect OmniHR to ShiftControl and let HR data become the single source of truth for user management.

Why it matters

• Turns OmniHR into a single source of truth for identities—no more manual spreadsheet uploads
• Fills a major gap: OmniHR ships no native IdP connectors, so ShiftControl delivers the first seamless path from HR to downstream apps for our many Asia-based customers

What’s new

• Full-field sync – manager, department, start date, and every other key attribute flow straight into ShiftControl
• Sync at will - Don’t want to wait for the hourly update, simply go to the actions menu for the integrations and click “Refresh data” to start a new sync

How it works

• ShiftControl polls OmniHR hourly to spot new hires, role changes, and departures
• Pre-start provisioning – five days before a new hire’s start date we silently enable the account so Gmail, Calendar, and Docs are ready without sending the welcome email or burning a staged-user license
• Automatic disable / re-enable keeps your roster accurate and compliant

Get started

1. Add the OmniHR app to ShiftControl and head to Integrations → OmniHR and Add Authorization
2. Enter the following lightweight credentials:

• Username & Password – an OmniHR account with read access
• OmniHR Domain – e.g., acme.omnihr.co
• Custom Report ID – the report that exposes your employee fields

3. Click Authorize - we secure the credentials in our secret store and handle the sync from there

Enjoy hands-off user management, smoother onboarding, and a tighter security posture with the new OmniHR integration!

You can now connect BambooHR to ShiftControl and let HR data become the single source of truth for user management.

Why it matters

• HR data becomes your single source of truth for identity
• Keeps user records clean during org changes and saves JumpCloud licenses

What we fixed vs. JumpCloud’s built-in connector

• Full field sync – manager and other key attributes now flow through
• Scoped credentials – supply ShiftControl with a limited BambooHR API key (no JumpCloud super-admin API key required to be shared with BambooHR)
• Save money - The native JumpCloud integration creates a staged user for new employees before their start date, costing you license fees. We create the users only when actually needed!

How it works

• ShiftControl polls BambooHR hourly and compares records
• Detects adds, updates, disables, and re-enables automatically
• Pre-start provisioning – 5 days before a new hire’s start date, we enable the account (silent-mode) so Gmail, Calendar, and Docs are ready without emailing the user

Get started

1. Add the BambooHR app to ShiftControl and head to Integrations → BambooHR and Add Authorization
2. Paste your scoped BambooHR API key
3. Enter your BambooHR domain
4. Hit Authorize – we take it from there

Enjoy cleaner user data, smoother onboarding, and tighter security with our new BambooHR integration!

Understanding who has access to what is only half the battle, knowing how much you’re spending on your SaaS stack (and where that spend actually lands) is just as critical. Our new App Spend Intelligence Dashboard gives you a clear, actionable view into your SaaS costs. making it easier to spot trends, cut waste, and stay on top of renewals.

Whether you’re responsible for budgets, renewals, or just trying to wrangle sprawling SaaS usage across departments, this dashboard has you covered.

Here’s what you can do with it:

🧮 See your SaaS at a glance

View your total number of apps, active users, annual vs monthly costs, and the average cost per active user, instantly.

📊 Break down spend by ownership and usage

See how SaaS costs are assigned (who owns the budget) vs. how they’re actually consumed across departments. Great for untangling shared usage and internal chargebacks.

📆 Stay ahead of upcoming renewals

Get a forward-looking view of contract renewals so you can take action before you’re auto-renewed into another year of spend.

💡 Catch easy savings

See which of your top monthly spend apps could be converted to annual plans, complete with savings estimates.

📈 Spot your top dollar burners

Quickly identify the apps eating the biggest portion of your budget across your entire stack.

🚩 Fill in missing data

We’ll flag apps that don’t have subscription information so you can plug the gaps and make smarter decisions.

🧍 Find high-cost users

Get a ranked list of users with above-average SaaS cost so you can better manage licenses and entitlements.

💱 Convert everything to a currency that makes sense

Even if your contracts span multiple countries and currencies, you can now unify them under a single reporting currency for easy tracking and comparisons.

Check out the demo below!

Keeping tabs on reporting lines shouldn’t require a spreadsheet. With today’s release you can open a live, interactive org chart that shows your orgs users in real time.

What you can do

• See every relationship - The chart is based on the updated information in ShiftControl you always view the latest structure.
• Zoom through teams - Drag, pan, and zoom to explore from exec level down to interns.
• Go full screen - Org charts need space, easily maximize to present it or take up all your screen real estate

Why you’ll love it

Understanding how people connect drives faster approvals, smoother access reviews, and fewer “who reports to who?” moments. The ShiftControl Org Chart keeps itself up-to-date, so you can focus on work instead of diagrams.

Where to start

Org charts are available to all employees in the employee portal in the navigation sidebar. You can turn org charts off and on for your organization in your organizatio settings by going to the gear menu at the top right as an admin and going to settings.

Check out the video below for a demo!

We’ve polished up the layout across all our management areas to give you more breathing room and better usability:

💻 Full-width tables – Take full advantage of your screen real estate. No more cramped columns.

📌 Sticky headers – Table headers now stay locked to the top while you scroll, so you never lose context.

📐 Tighter title areas – We’ve cleaned up spacing and layout to give you more room to work, with less visual noise.

It’s all part of making ShiftControl feel faster, cleaner, and more delightful to use—every click of the way.

Can you spot the improvements below?

Last week we gave you zippy, in-session caching. This week, we’re going one better.

Your app state—queries, data, filters, and more—now persists across reloads and return visits. Whether you refresh the page or come back tomorrow, everything is right where you left it. No more waiting to re-fetch or reconfigure views.

🕒 The cache sticks around for 24 hours, giving you a snappier, more seamless experience every time you jump back in.

Just one more step toward a smarter, faster, and more reliable workspace.

You can now navigate directly to Users, Groups, and Apps from the side info-panel! Previously, the sidebar gave you useful context—like what groups a user belongs to or which apps are assigned—but you couldn’t click through to manage them.

Now you can. Every item in the sidebar is clickable and takes you straight to the view/edit screen for that object. It’s a small change that makes managing things a lot faster.

We’ve made performance better when you first log in. Previously, we waited until you landed on a specific screen to start running expensive queries—like calculating how many apps users have access to. That meant waiting for a spinner before data appeared.

Now, we load that important information upfront so it’s ready when you need it. No more delays, just instant access to the insights you care about.

We’ve spent the last month or so working behind the scenes on a major update that makes things much faster, not only for our users, but also in terms of us shipping updates!

🏎️ Zip between pages instantly – once a view loads the first time, you can bounce anywhere in the platform with near-zero wait.

🔄 Live, auto-refreshing data – the app silently re-fetches updates in the background and refreshes your screen on the fly, so you always see the latest info without hitting reload.

🛠️ Edit without interruption – create, update, or delete records and watch the changes appear in place.

🗂️ State that sticks – your filters, sorts, and scroll position stay put as you explore, so you can pick up exactly where you left off - and we’ll soon make this perisistent across your visits too!

📉 Fewer network calls, smoother feel – smarter caching cuts traffic and keeps things snappy even on slower connections.

🚀 Built for what’s next – this new data engine unlocks offline-ready capabilities and richer dashboards rolling out soon.

We’ve completely re-engineered how tables work across the platform, and the difference is immediate:

🔍 Instant search & filter – type or click to zero in on the data you need.

↕️ Drag-and-drop columns – reorder, auto-size on double-click, or pin key fields so they stay put. We remember your layout next time.

📑 Hide or show columns – tailor each view with a simple checkbox menu.

🎯 Contextual actions at every header – sort, filter, resize, pin, or export without leaving the grid.

📋 Copy anything – select rows or cells and copy straight to your clipboard.

📊 One-click export – download the current view (filters, order, and all) to CSV or Excel from any table.

⌨️ Keyboard-friendly & accessible – navigate, select, and act without lifting your hands from the keys.

These upgrades are live everywhere in the platform. Watch the quick demo video to see them in action and start exploring your new super-charged grids!

We recently shipped a popular update that you to easily convert a bookmark app to a SSO app without losing any data. We realized that people also needed to move from SSO back to bookmark as well, and you can now do that!

We’ve also moved from the term upgrade to convert. After all, moving between SSO and Bookmark apps isn’t an upgrade or a downgrade, they’re just different!

Check out the quick video!

When taking action on an application like deleting or upgrading it, you’ll now immediately get more context by seeing the app’s logo along with the name and description.

Say goodbye to tedious manual steps! Now you can effortlessly convert any bookmark app to a full Single Sign-On (SSO) app right within ShiftControl. Simply select the new “Upgrade to SSO” option from the app menu, and ShiftControl will handle the rest—creating your new SSO app, transferring metadata and group assignments automatically, and cleaning up the old bookmark.

Watch this quick demo to see it in action!

We gave the gear and tasks menu (top right!) a behind-the-scenes upgrade. Ever area in that menu now loads more dynamically, with clearer visual cues when things are updating or saving. It’s faster, snappier, and way less “did-that-even-work?” vibes.

When you delete a user who manages other people, we’ll ask what you’d like to do with their direct reports. Pick a new manager to take over—or leave the role blank if you’re reorganizing. No more mystery managers or abandoned org charts!

We’re excited to announce a new integration feature for ShiftControl: Box. This addition is designed to enhance your digital workspace by seamlessly connecting with Box, a leading cloud content management and file sharing service.

You can now connect your Box application and keep an accurate view of the your users and fully understand your license usage.

To start using the Box integration, simply navigate to the integrations section in your ShiftControl dashboard and follow the setup instructions.

We’ve rolled out frontend Role-Based Access Control (RBAC) across ShiftControl! This upgrade builds on our earlier RBAC API release and brings smarter access management and a better user experience to the UI. Under the hood, this is a lot of work, as each button, screen, widget, toggle, and more checks to make sure you have the right permissions.

Check out the video and read below to see what’s new!

View Mode for Everything

Every screen where you can make changes — Users, Groups, Apps, Subscriptions — now has a dedicated View Mode. No more jumping into an edit screen just to peek at some data. It’s a smoother, cleaner way to inspect without touching anything.

Click-to-View Navigation

We’ve improved the way you navigate ShiftControl. Now, clicking the name of a user, app, or group takes you straight to its View page. This aligns with what many of you were already trying to do (we saw you clicking!) — and just feels more natural.

Meet the Read-Only Admin

You can now assign a Read-Only Admin role — perfect for finance teams, auditors, or curious co-founders who need visibility into users, apps, and subscriptions but shouldn’t be changing anything. It’s a safer way to share access, without compromising your setup.

Coming Soon: More granular roles like User Admin, App Admin, Group Admin, and beyond — so you can delegate more confidently without going full super-admin.

Check out the preview of the Read Only view for the Users, Groups, and Apps areas below!

We’ve given our app catalog a major refresh! 🎨

• New Modern Logos – All 1000+ apps now have updated, high-quality logos for a cleaner and more recognizable experience.
• Detailed App Descriptions – Get more context at a glance with descriptions for nearly every app in our catalog.
• Consistent Branding – Your employee portal now reflects these updates, and we’ve also updated your existing apps in JumpCloud with the new logos.

A more polished and informative experience, all without lifting a finger.

We’ve made dropdowns even more flexible—now you can effortlessly remove your selections by clicking “Clear selection” or the handy “X” button. Small improvement, big convenience!

We’ve added helpful links directly to confirmation alerts, letting you instantly jump back to the group or item you just edited—saving you clicks and keeping things clear!

Check it out in action below.

No more clicking around to find what matters most! Now, when you edit apps and groups, the tab with active config items is front and center by default. Because let’s be honest—who actually wants to start on a tab that you’re not using? 🎯

Now, there’s no mystery when deleting groups synced with Google Workspace! When you’re about to delete a synced group, you’ll clearly see exactly what will—and won’t—happen. We explain that the group itself won’t be removed from Google Workspace, but syncing will stop. You can then confidently manage your groups without surprises!

We’ve taken the guesswork out of authorizing your integrations! Now, when adding or updating integration authorizations, you’ll see clear, step-by-step instructions guiding you through exactly what’s needed and what screens you’ll encounter next. Whether you’re integrating Slack or another service, simply follow the instructions, approve the permissions, and voilà—you’re seamlessly connected!

Check out this quick video to see it in action!

You can now easily view and manage your users’ MFA factors within ShiftControl. If a user replaces their phone or encounters MFA issues, simply remove the problematic factor, and they’ll be prompted to set up MFA again at their next login. No hassle, and no downtime!

Watch this quick video to see how smoothly it works!

Your employees can now effortlessly view and manage their Multi-Factor Authentication (MFA) devices directly in the employee portal. Whether it’s a YubiKey, an authenticator app, or built-in device authenticators (Windows Hello, Apple fingerprint), your team can rename, organize, or even remove devices seamlessly. Keeping security simple—and fully under your control.

Check out this quick video to see it in action!

You can now easily upload custom logos for your apps! Simply click or drag-and-drop logos directly in ShiftControl, and they’ll appear instantly in your employee portal. Stay tuned—these custom logos will soon be featured in even more places!

Watch this quick demo video to see how simple it is!

We’ve improved user activation in ShiftControl! Previously, activating users always sent an immediate activation email. Now, you can activate user accounts ahead of their start date without notifying them right away. This lets you pre-provision accounts, schedule meetings, and set up access in advance. When you’re ready, easily send activation instructions to their company or personal email—or simply set a password directly during onboarding. Activation now fits your workflow perfectly!

Check it out in action below.

Managing JumpCloud admins just got simpler! Previously, you had to handle JumpCloud admin roles separately in JumpCloud itself. Now, you can seamlessly add, edit, or disable JumpCloud admins right from ShiftControl. Set roles (like Admin, Help Desk, or Read-Only), toggle API access, and even trigger onboarding emails instantly—all in one convenient place.

Watch this quick video to see it live in action!

Our Employee Portal and Login Pages are now fully optimized for mobile devices. Whether you’re signing in or managing your profile on the go, you’ll experience a smoother, more responsive interface—no more zooming, pinching, or frustration.

🔹 Better navigation on smaller screens

🔹 Touch-friendly design for effortless interactions

🔹 Faster load times for a seamless experience

Managing your JumpCloud integration just got easier! If you bring your own JumpCloud, you no longer need to contact support to update your API key. You can now update it yourself directly from the ShiftControl UI—no more back-and-forth with support, just a simple and seamless update process.

You can now connect ShiftControl to your Slack workspace! 🎉

This new integration allows ShiftControl to pull user information from Slack, helping you verify that the number of assigned Slack users matches what’s in ShiftControl. Additionally, we collect user metadata—such as identifying workspace owners and admins—which will soon be surfaced in the platform to give you deeper insights into your Slack environment.

Check out a quick demo below!

🔮 What’s Next?

This is just the beginning! In the near future, our Slack workbot will enable interactive features, such as letting users query their app assignments directly in Slack. Stay tuned as we expand its capabilities to make managing your SaaS tools even easier.

To get started, head to Integrations in ShiftControl and connect Slack today!

We’re taking ShiftControl integrations to the next level! We recently announced our partnership with Workato, leveraging their powerful automation engine to accelerate how we build and deploy integrations—all while keeping customer data securely isolated in tenant-specific instances.

Now, we’ve completed the heavy lifting to seamlessly link our integrations page with Workato behind the scenes. For our customers, the experience remains familiar: you’ll still enable and manage integrations just like before, but now, when you connect an app, ShiftControl automatically links that authorization to a set of managed automation recipes.

🔥What This Means for You

• More powerful integrations, faster – We can now build and roll out integrations at scale with deeper insights.

• Richer application data – Get metadata like subscription details, license usage, and user access to ensure your records match reality.

• Better user insights – Identify unused licenses, active admins, and unexpected access with enriched user data.

• Future-ready automation – The types of integrations we can create are virtually limitless, and we’re committed to delivering new ones frequently.

This is just the beginning—expect to see more integrations, more automation, and even better control over your SaaS stack in the coming weeks! 🎯

We’re excited to share that our API documentation is now fully available for you. This update brings several key improvements that simplify integration and enhance your experience:

• Complete API Specs: You can now download the OpenAPI spec file to use locally with tools like Postman. This makes testing and integrating with our API more straightforward than ever.

• Interactive Online Docs: Access our API docs online to explore and test various endpoints directly. This interactive approach helps you quickly understand how to leverage our API in your workflows.

• Enhanced Documentation: We’ve updated our documentation to include details on API specs and clear guidance on managing both User and Org API keys. You can view our ShiftControl documentation for managing API keys and using the API docs here.

• Easy Access to Full Specs: The complete API Documentation and Specs are available at this link.

We usually assume there’s a JumpCloud application that requires deleting when we delete an app in ShiftControl, but sometimes an admin may have deleted the app in JumpCloud and it hasn’t reflected yet in ShiftControl. Now, manually deleting the app will be successful even if there’s no underlying JumpCloud app. You can also just choose to wait for the app to be deleted automatically within 5 minutes.

Sometimes you may want to manage an app directly in JumpCloud, which is perfectly fine. While updating and creating app in JumpCloud was always supported, we now also detect when you’ve deleted an existing app in JumpCloud and remove the corresponding app in ShiftControl.

Note: It may take up to 5 minutes for the app to be deleted in ShiftControl.

We’ve always believed in the power of building our frontend on the same robust APIs that we expose to our customers. From the very start, we offered both user- and org-level API key management for straightforward integration. Now, we’re excited to announce that all of our APIs are fully compatible with both frontend access tokens and these API keys.

Important Permissions Considerations

• User API Keys inherit the same permissions as the user who created them. This means any actions the user can take, the API key can take as well.

• Org API Keys function as top-level administrative keys for an entire organization, granting full access to all available resources within that org.

Documentation for the /app Endpoint

An often requested feature is comprehensive API documentation. We’re thrilled to unveil our first set of docs at https://api.shiftcontrol.io/api-docs, currently focused on the /app endpoint. We prioritized this endpoint in response to our customers’ top requests, and we’re moving quickly to cover all remaining endpoints.

Multiple Formats Available

These new docs are published in OpenAPI, Redoc, Swagger, and more, giving you flexibility to choose the format that suits your workflow best.

What’s Next

We’re actively expanding the documentation to cover all remaining endpoints, so stay tuned for updates. As always, your feedback is invaluable to us—let us know how these enhancements help you build faster and more securely.

While most SaaS services default to SAML, OIDC is becoming increasingly popular as an option in more services. Software development companies, in particular, often rely on OIDC for testing apps or securing internal tools behind an OIDC login mechanism. To better support these scenarios, we’ve added the capability to manage OIDC apps within our platform.

This new feature allows full configuration of OIDC app parameters, including the attributes and claims you want to send to those apps.

This enhancement simplifies app testing and internal tool access, making it easier to tie everything to your employee identity for a unified and efficient workflow!

Start exploring OIDC app support today!

We’re excited to introduce a smoother, more personalized sign-in experience for all ShiftControl users!

🔐 Streamlined SSO Login

All sign-ons are exclusively via Single Sign-On (SSO), ensuring secure and consistent access for every organization.

💾 Remember Your Email

You can now choose to save your email for your next visit, making it even easier to start your day with ShiftControl.

🔄 Seamless Workflow Integration

Once you log in, you’ll be automatically redirected to JumpCloud for authentication and then sent straight back to your ShiftControl dashboard—no extra clicks needed!

This upgrade makes ShiftControl the perfect starting point for your daily workflow.

Try it out and enjoy a faster, smarter login experience!

We’re excited to announce a major update to ShiftControl—a brand-new Employee Portal designed to simplify and enhance how every employee accesses their essential tool

🔑 From Admin-Only to Everyone

ShiftControl is no longer just for admins. Now, every employee can log in and enjoy a streamlined, customizable experience that serves as the gateway to all their work applications.

📂 Your Apps, Your Way

• Reorganize app cards to prioritize your most-used tools. • Mark Favorites to quickly access what matters most. • Personalized Layouts that stay consistent across sessions and devices.

💡 Better Than Ever

This new experience is a major upgrade from the JumpCloud console. While both the ShiftControl Employee Portal and JumpCloud console will remain available, we believe most employees will find ShiftControl to be a more user-friendly and efficient hub for daily work.

🔮 More to Come!

We’re just getting started. Soon, you’ll see new features like:

• Org Charts for easier team visibility • App Access Requests for smoother onboarding

We’re excited to announce a significant security and management upgrade—Role-Based Access Control (RBAC) is now live in ShiftControl!

🛠️ Admin and Employee Portals

RBAC powers our newly launched Admin Portal and Employee Portal, giving users access tailored to their roles. Admins can manage users, apps, and settings, while employees enjoy a streamlined portal to access their essential tools.

👤 Easily Manage User Roles

Admins can now assign roles directly in the User Roles section, allowing seamless promotion of users to admin status or keeping them as standard users.

You can manager roles in your Org Settings → User Roles area.

🔑 API-Ready Permissions

We’ve already laid the groundwork for fine-grained permissions at the API level, ensuring future roles will have precise access controls.

🚀 What’s Available Now:

• Admin Role: Full access to manage users, groups, and settings.

• User Role: Access to the personalized Employee Portal.

🔮 Coming Soon:

• Read-Only Access

• Finance User Role

• Custom Roles for Flexible Permissions

This update ensures your organization has the flexibility and security needed to scale. Start managing roles today and experience more control with ShiftControl!

You can now use the “company” field in your dynamic group rules, making it easier than ever to create internal groups for your own employees. Whether you’re setting up groups specifically for internal use or want to exclude contractors and other external members, adding the company field to your rules gives you greater flexibility and control.

Give it a try and see how it can simplify your group management!

You can now add important notes directly to your subscriptions in the Apps tab! Whether it’s a quick reminder or critical details about a specific subscription, the new notes field makes it simple to keep track of everything in one place. No more scattered sticky notes or separate spreadsheets—just a clean, easy way to stay organized.

Give it a try and keep your subscription info at your fingertips!

ShiftControl is now available as a Progressive Web App (PWA), allowing you to experience it with the feel and convenience of a native app! PWAs are special web applications that you can install directly from your browser on supported devices, adding ShiftControl to your desktop or mobile home screen. This means faster access, offline functionality for certain features, and automatic updates—no app store required. Try installing ShiftControl as a PWA to streamline your access and enjoy a more responsive experience!

You can now view a consolidated summary of your SaaS spending right from your dashboard! This new card provides a clear, totalized cost of all your SaaS services, calculated based on cost type and the number of assigned users. We’ve taken care to normalize these values to your organization’s default currency (based on the latest currency exchange rates), ensuring a seamless and consistent overview of your monthly or annual expenses. Dive in to see exactly where your SaaS investments stand in real time!

You can now set your organization’s default currency in the settings, simplifying your SaaS cost tracking! This default currency will be used to automatically convert the cost of each app on your dashboard, ensuring all totals reflect your chosen currency. Additionally, it’s now easier to add new subscriptions—your default currency is pre-selected when you input cost details, making setup faster and more consistent. Update your settings to see it in action!

Effortless Google Workspace Sync

Now, with a simple setup in ShiftControl, you can sync groups and memberships directly to Google Workspace. Just update a group, designate its email address, and let the automatic sync take care of the rest. We’ll pull in the Group Name, Description, and members from Google, ensuring that your group information stays current and aligned across platforms without manual updates.

Get a clear overview of sync status in Group Management

To make things even easier, we’ve added a new status view in the Group Management area, showing which groups are actively synced to Google Workspace. This feature offers clear visibility and better control over which groups are integrated, so you can manage them effortlessly in one place.

Alongside the department improvements, we’ve introduced a location field to user profiles, allowing you to select locations from a dropdown menu for more consistent and reliable group creation. This feature ensures uniformity in location names across dynamic group rules, making it easier to create and manage groups based on geographical locations. You can even add new locations directly from the field, simplifying user management further.

We’ve added a new feature that shows a quick breakdown of your SaaS costs per app, giving you the monthly and yearly cost calculations based on the number of users and contract terms. It’s now easier than ever to understand how much you’re spending on each tool and make smarter decisions for your budget. This detailed view is a game-changer for keeping your SaaS spending under control.

No more second-guessing when deleting! We’ve enhanced the delete confirmation process to ensure it’s crystal clear what you’re deleting and its potential impact. For added security, we also ask you to type ‘delete’ to confirm before proceeding.

You can now manage departments more easily with our updated dropdown field. Previously a free text field, the department selection is now a pull-down menu available in the user edit areas and dynamic group rules. This change helps eliminate mistakes like typos or inconsistent capitalization, ensuring that dynamic rules work as expected when defining groups by department. You can also quickly add new departments directly from the dropdown, streamlining the process even further.

In both the group and app editing screens, you can now instantly see how many configurations are active in each tab. For example, in a group, you’ll know you’re using 3 Dynamic Rules and 1 Individual Assignment without digging into each section.

Take control of your departments and locations with our new centralized management areas. Accessible in the org settings menu, you can now easily add, rename, or remove departments and locations to maintain consistency across your organization. This ensures smooth user grouping and dynamic rules while giving you the flexibility to adjust as needed.

You can now input and save key details about your SaaS subscriptions, including contract lengths, billing frequencies, renewal dates, grace periods, and more. With this data, ShiftControl calculates your total SaaS costs, providing full visibility into where your budget is going. This is just the start! Soon, you’ll be able to access detailed cost reports, receive renewal notifications, and get insights on when to right-size your contracts before the lock-in period. We’re also working on integrations to automatically detect and update your subscription data, keeping everything accurate and up-to-date.

We’ve introduced powerful side panels in the user, group, and app editing areas to give you a comprehensive overview at a glance.

• User Info: See all the groups a user belongs to, including how they were assigned (dynamic rule, nested rule, or individual assignment). Also, check their app assignments and whether those assignments are via a group or direct.

• Group Info: Get a breakdown of how users are assigned to a group (dynamic rules, nested rules, or individual assignments) and see which apps are tied to that group.

• App Info: View a list of users assigned to an app and the groups responsible for assigning them.

App management just got more informative! We’ve updated the user sync status icons and added key details, like how many groups are assigning the app and how many users are assigned. Hovering over the group number will reveal which groups are in use. Additionally, we’ve introduced new fields for Estimated Total Cost and Currency (Available as an optional column) as part of our new SaaS Cost Management features.

We’ve made it easier to get a clear view of your groups. Now, you can see at a glance how many users and apps are tied to each group. This helps validate whether your group setups match your expectations. We’ve also combined group names and descriptions for a cleaner look and improved the quick-view area for easier access to key details.

User management just got a boost! You can now quickly see how many groups and apps each user is assigned to. Plus, we’ve added optional columns for departments and locations, giving you a more comprehensive view of your users. The Name and Email fields are now condensed for faster access to key info.

We’ve given the UI a fresh, intuitive makeover while exposing more detailed information across the board. Whether you’re in user management or editing apps and groups, you’ll find more helpful hints, tooltips, and contextual information at your fingertips. You can now easily see how many groups and apps each user is assigned to and navigate smoothly through frequently used configuration tabs. Even the sidebar is smarter, offering a clear overview of statuses and item counts for every section.

We’ve enhanced our app creation process! When you create a new app from our custom catalog, we now ensure the correct logo is always uploaded. Gone are the days of default logos—your apps will always display the correct branding, improving consistency and recognition.

We’ve simplified the process for managing group access to JumpCloud Password Manager. Previously, managing group assignments for the password manager required direct actions in JumpCloud. Now, it’s treated like any other app within ShiftControl, allowing you to manage group access directly from our platform without needing to switch back and forth.

Introducing Task Management, a powerful new feature designed to help you manage critical tasks across ShiftControl. We know that not everything in your SaaS ecosystem is fully automated—especially when it comes to user onboarding and offboarding. While we’re working to automate as much as possible, there will always be manual steps required.

With this first release, Task Management highlights the actions that need your attention, such as deciding what to do with newly discovered applications. The task view helps you easily identify tasks with clear statuses, descriptions, and assignment options, giving you full control over who handles each task. In this early version, you’ll be able to manage tasks like reviewing apps discovered through Google Workspace integration.

Looking ahead, Task Management will continue to evolve to include essential tasks such as onboarding/offboarding users from apps that require manual user management, handling approval requests for app assignments, and much more. This feature ensures you stay in the loop and never miss important steps, giving you visibility and control over all manual tasks needed to keep your operations running smoothly.

Our new App Discovery feature gives you the power to see all the apps your users have connected to through integrations like Google Workspace. This feature helps you discover which apps your users are using, how they were authorized, and what actions have been taken—such as authorizations or revocations.

With detailed insights, such as the number of users interacting with each app, and how they were discovered, App Discovery helps you take immediate action. You can easily add newly discovered apps to ShiftControl with just one click.

Key capabilities include:

• App Visibility: See which apps users have authorized and manage them directly from ShiftControl.
• User Activity Tracking: Review important details, including the number of users, authorizations, and revocations for each app.
• Detailed Event Logs: Access activity logs that show specific user actions, such as authorization and revocation events, including timestamps and user email addresses.

This is just the beginning—our App Discovery feature is the first mechanism to help you gain control of your SaaS environment. We are actively working on more integrations to help you discover apps even more efficiently. Soon, you’ll be able to leverage tools like accounting systems, mailbox invoice discovery, and more to uncover every corner of your app ecosystem.

With our new Google Workspace integration, administrators can now gain deep insights into how their users are interacting with external apps and services. Once connected via an admin account, ShiftControl will automatically start pulling event logs, including details on when users authorize third-party services—such as using the “Sign in with Google” (Google SSO) feature—and when access is revoked by users or apps. This data is refreshed periodically to ensure you always have up-to-date visibility into the apps your users are authenticating with their Google identity.

This enhancement to our App Discovery feature empowers you to better manage SaaS services by helping you identify and add new applications to ShiftControl while also detecting unexpected uses of Google accounts and potential shadow IT. It’s an essential tool for maintaining control and ensuring secure use of your organization’s digital footprint.

We’ve introduced a dedicated area for discovering and managing integrations, providing you with full control over how ShiftControl interacts with your applications. Each integration requires secure credentials—whether API keys or OAuth tokens—which we support and store securely. This feature allows you to monitor critical data points like integration health, service health, and authentication status, giving you real-time insights into the connections your business depends on.

Our first available integration is with Google Workspace, part of the new App Discovery feature, with many more integrations on the way. These will enable powerful features such as synchronizing users across applications, ensuring secure configurations, and even pulling invoicing and usage data from SaaS services to streamline management.

We’ve grown our app catalog to include over 950 apps, allowing you to quickly configure and manage Single Sign-on (SSO) . However, we recognize that many users might not have licenses on the tier that supports SSO. To address this, we’ve enhanced the experience by fully managing our own app catalog. You can now easily add apps as bookmarks, with pre-filled login URLs and descriptions for apps—no more manually entering URLs or descriptions! Each bookmark will take you directly to the app’s login page, helping you stay productive and avoid unnecessary marketing pages.

We’re excited to introduce a powerful new feature to our platform: App Assignment Reporting. This update empowers you with the data and control needed to manage your entire IT and SaaS ecosystem seamlessly. Now, you can easily view and manage app assignments by both app and user, all in one convenient location within our new reports section.

To make your workflow even more efficient, we’ve added multiple export options, including CSV, TSV, JSON (both flattened and nested), and Google Sheets. The Google Sheets export comes with built-in pivots, giving you the flexibility to analyze and visualize your data exactly how you want. With this update, managing who has access to what apps has never been easier!

Effortlessly navigate ShiftControl with our new Command Bar! You can now quickly access the dashboard, users, groups, and apps—all in one convenient place. Use intuitive hotkeys to speed up your workflow and streamline your experience. Searching and managing your ShiftControl environment has never been easier!

Check it out in action! 🔥

Our menus were a bit boring! Humans are visual beings, so we wanted it easier to navigate menus with icons that map clearly to the actions. It also just looks better!

We noticed that the bulk actions menu was getting a bit too busy, so we organized the actions to make them easier to find and use! We also now disable actions that don’t apply for the selected users to make it clearer what actions can be taken.

There are many cases where you might need to set a user’s password for them, especially if they lost access to their email and have forgotten their passwords. You can now set a user’s password for them using the ”Set Password” menu for each user. By default, we also expire the existing password and force the user to change it on next login.

We generate a password for you, or you can use your own! The generated passwords are designed to be secure enough for temporary use and easy to relay over a voice call or type in manually from another device.

⚠️ We always recommend forcing the user to reset the password on the next login to avoid the chance of them using a temporary password permanently.

We updated the icon to make it clearer which apps don’t have user sync configured or enabled yet.

We’ve improved the way validation errors are communicated when saving changes across multiple tabs. Now, clear visual indicators will notify you if there’s an error on any tab, helping you to quickly identify and address issues.

We’ve improved the interface to make configuring and customizing group memberships more intuitive. Now, it’s easier to see how different rule types interact. You can combine dynamic rules, nest existing groups, and add individual members to create powerful, customized group memberships. This change also includes updating the “Save” button to “Save All,” ensuring it’s clear that all settings across tabs are saved together.

The Group management page now defaults to 10 items for pagination like other screens.

We’ve added a spinner to keep things clear while your forms are loading. Now, all the data will be fully loaded before the form appears, eliminating any confusion and making your experience smoother and more intuitive.

We’ve sprinkled some extra magic on our group management! Now, instead of showing all the behind-the-scenes groups, your dashboard will only display the ones you care about. Managing and understanding your groups just got a whole lot simpler—and more accurate!

Keeping track of scheduled user events is now even easier! Previously, we indicated upcoming activations or deactivations in the dashboard and user management areas. Now, you’ll also see a handy calendar icon. Simply hover over it to reveal the exact date and time of the event in a clear, easy-to-read format.

Change of plans? You can now cancel scheduled activations or deactivations for one or more users with ease. Whether you need to adjust timing or reverse a decision, managing your user schedule just got more flexible.

Planning ahead? Now, you can easily schedule user offboarding for one or multiple users at once! Simply set the date, and we’ll automatically disable the users, revoke their access, and remove them from any synced applications. Offboarding has never been simpler or more streamlined.

We’ve made it easier to navigate and take action with some key updates:

App Management/Add New Apps:

The ‘+ Custom Bookmark’ and ‘+ Custom SSO Integration’ buttons have received a makeover! They now match the style of our other action buttons, making them more prominent and easier to spot.

User Management:

The ‘Bulk Actions’ button is now always visible, even when no users are selected. While it’s disabled until needed, this tweak ensures you know bulk actions are just a click away when you need them.

We’ve fine-tuned our interface to make things more intuitive. The ‘Suspend’ action is now called ‘Disable,’ and the ‘Deactivated’ badge has been updated to ‘Disabled.’ This update ties the actions and statuses together more clearly, ensuring you’re always in the know.

Now, you can effortlessly update your organization’s name and domain in the settings section. Just click the gear icon at the top of your dashboard and select ‘Settings’ under the Org Settings area.

Pro Tip: The domain helps identify your organization during login. Change it only when you update your primary email domain. And don’t worry, logging in via the ShiftControl app in the App Dashboard will always work seamlessly, no matter what!

Unlock the power of seamless interaction with ShiftControl! You can now manage your organization’s and individual user’s API keys with ease. View, create, and manage key names, purposes, and expiry dates—all in one place.

You can find them under the gear menu at the top of your dashboard.

Now, keeping tabs on password health is a breeze! Our dashboard and user management areas feature new icons that instantly show if a user’s password status needs attention (e.g., not set or expired). Stay on top of security with these handy visual cues!

Forgotten passwords are a thing of the past! You can now send a password reset email to one or more users without logging them out. Help your team members get back into their accounts smoothly and effortlessly. Password woes, be gone!

These options are available in the ‘…’ menu for users and under the ‘Bulk actions’ button.

We get it, life gets busy! Sometimes those welcome emails slip through the cracks. But worry not—now you can effortlessly resend the activation email to one or more users who haven’t logged in and created their accounts yet. Ensure no one misses out on joining your organization with just a few clicks. Keeping your team connected has never been easier!

These options are available in the ‘…’ menu for users and under the ‘Bulk actions’ button.

You can now force a password reset for one or more users in just a few clicks. Say goodbye to the hassle of manually managing password updates and hello to streamlined security management.

These options are available in the ‘…’ menu for users and under the ‘Bulk actions’ button.

Some things to keep in mind:

• Forcing a password reset doesn’t send an email to the user.
• The user will be asked to change their password the next time they log in
• They will immediately be logged out of their JumpCloud console

We have resolved an issue where clicking the ‘View Members’ button for groups did not return any results.

We’ve heard your feedback: the button next to the user state badge for activating a user wasn’t clearly identifiable. We agree, so we’ve enhanced it by adding a mouse click icon to make it more obvious.

Don’t forget, you can also activate users from the user-specific action menu and the bulk action menu!

We understand that activating users one at a time during onboarding was tedious and time-consuming. To streamline this process, we’ve introduced a new feature that allows you to activate or suspend multiple users at once in the User Management section. Now, managing user statuses is more efficient and hassle-free!

Not all apps use all fields, and sometimes we were displaying a field that wasn’t actually configurable! We’ve now updated the logic to detect which fields are available for which apps and only show those, making like just a little bit easier.

We’re working hard to think through ways to make configuring SSO much easier. The nature of SSO configuration means a lot of copying and pasting and flipping between tabs, stay tuned to see how we are solving those issues and making this accessible for everyone!

We’re on a mission to simplify IT and SaaS management for everyone. To make this journey easier, we are proud to launch our new documentation site: docs.shiftcontrol.io. This resource is packed with helpful guides, complete with screenshots to walk you through even the most complex configuration tasks and information. Whether you’re setting up for the first time or looking to optimize your current setup, our documentation is designed to provide the support you need, step by step.

Ever looked at the dashboard and see the tiles and try to click on them? Well, before today, you might have been disappointed and nothing would have happned. Fear not, we like keeping things as intuitive as possible. You can now click on the each tile to go to the respective areas in our app!

When you have group names, group descriptions, or user names that don’t quite fit into the tables on the dashboard, we now truncate those names with a … to keep things looking nice and tidy! Curious what the full name is? Simply hover over the name and you’ll to view the full text.

It can be tedious to copy and paste all information required to configure SSO. While we’re striving to make this even easier than the “traditional” ways, for now we’ve added the ability to generate and download a metadata xml file that some providers accept to automatically configure SSO on their end.

What does this do? In the SSO section of an application, you can now simply click the “Download SSO Config Metadata” button to grab that file and provide it to the third-party application! Easy peasy!

What’s New?

Ever find that things are created in the JumpCloud UI rather than through the ShiftControl Interface? We’ve got you covered! With our latest enhancement, any changes made in JumpCloud are automatically discovered and adopted by ShiftControl. Now, you can manage everything through our platform without missing a beat.

Benefits for New Customers

For new customers, this feature is a game-changer. If you already have a pre-configured JumpCloud instance, our enhanced integration allows for a seamless onboarding experience. We’ll discover and adopt everything into ShiftControl, so you can immediately benefit from our intuitive and user-friendly interface.

JumpCloud has a hard limit of 90 days on retention of their audit logs. Often, a longer history of audit logs is needed for compliance and security reasons. We now store audit logs from JumpCloud to enhance the history of captured logs past the JumpCloud limit.

We wanted to turn this feature on as soon as possible so our customers can enjoy long retention from day one. We’ll be making these logs available in the UI soon, as well as ways to export them for your own use.

• The IdP Url now allows hyphens in the url.
• We added some missing form validation messages to make it clearer when an item doesn’t meet the requirements.
• App names now check for additional invalid characters. < > ‘ “ & and / are not allowed.
• When selecting a user in individual assignments, if you change your selection the original user is now available to select again.

When a user becomes locked due to multiple failed login attempts, admins receive an email to notify them, and they can now unlock that user in the ShiftControl interface.

Locked users will have a lock next to their account state indicating the account is locked. If you believe the person was simply mistyping their password, you can unlock them through the … menu for the user.

Note: Users become locked because of failed login attempts! If an account locks out multiple times, you should contact the person to make sure they are actually failing to log in and that someone isn’t trying to test their credentials/break in.

We heard the feedback! You didn’t want to waste time switching between screens to configure Single Sign On. We’ve enabled the ability to configure key SSO configurations in our app!

SSO Configurations can be daunting and confusing, so we’re working on even more improvments to make it easier for you to configure SSO for your organization. Currently, we only expose the most common configuration elements to keep things simple. We’re working to analyze the most popular apps our customers use so we can make sure we only ask for the info we need, and provide you exactly what the app wants too. Stay tuned for more updates!

It’s now a real .ico file 🥳

We’ve fixed an issue where adding an app that had a space in the name caused an unknown error due to a mismatch between the SSOUrl and app internal name fields.

After months of hard work and dedication, we’re ready to take on our first batch of customers for our closed beta. We’ve made significant progress on our feature roadmap, believe we can already deliver significant value and are eager to get real customer feedback.

We’re incredibly excited to work closely with our beta users and shape the future of SaaS management together. If you think you should be part of this first batch, drop us a message/email with your reasons, and we’ll definitely consider it.

Thank you for your continued support – we can’t wait to show you what we’ve built!