FAQs
-
- Set up and populate your SaaS stack
- Integrate your ERP & Accounting software with Sastrify
- Tool Discovery via SSO (Single Sign-On) integrations
- Set Renewal Dates & Reminders
- Assign and modify Tool Owners
- Upload your SaaS documents into Sastrify
- Sastrify App Support: Assistance at your Fingertip
- Roll out Sastrify across your organization
- Sastrify's Commitment to Security and Privacy Standards
-
- Google Workspace SSO Integration for Tool Discovery
- Enhance organizational SaaS management with HRIS Integrations
- Summary Tab for storing your subscription details
- Use Discovered Page to detect active subscriptions
- Tools and Spend Importer: Easily upload and visualize data in Sastrify
- Align vendor names using the Tool Matching feature
- Add Sastrify App to your Slack workspace
- Manually add a new tool subscription
- Bulk upload of SaaS invoices
- Forward your SaaS documents via email
- Change notification preferences
- Maximizing the benefits of the Overview page
- Manage activities and collaborate using custom tasks
- Task Automation: Streamline the creation of routine tasks
- Archive or delete inactive subscriptions
-
- Get Expert Procurement Support for New Purchases and Renewals
- Create and Manage Procurement Support using Sastrify - Jira Integration
- Scope of Service: Custom Benchmarking & Contract Review
- Scope of Service: Negotiation & Renewal Support
- Scope of Service: Custom SaaS Optimization Advisory
- Purchase your SaaS through the SastriMarket
- Control your cloud costs with SastriCloud
-
- Utilize Usage Analytics for full usage visibility
- Integrate Pleo with Sastrify
- Validate and fine-tune spend data with the Spend feature
- How to connect Microsoft Dynamics
- How to connect Netsuite
- How to connect Quickbooks
- Import spend data from Candis to Sastrify
- Import spend data from Spendesk to Sastrify
- Import spend data from Pleo to Sastrify
- Import spend data from Moss to Sastrify
- Import spend data from DATEV to Sastrify
- Zoom Usage Analytics Integration Guide
-
- ERP & Accounting Integration FAQs
- Discovery via SSO Integration FAQs
- HRIS Integration FAQs
- Usage Analytics FAQs
- Tools and Spend Importer FAQs
- Invoices FAQs
- Achieved & Potential Savings FAQs
- What is SaaS and Sastrify's scope of work?
- Who can invite a new user?
- Who receives the renewal alerts or reminders?
- How does Sastrify work with currencies?
- Is the spend data from accounting export always up-to-date?
- How to work with benchmark prices
- When and how to involve Sastrify in a contract evaluation or negotiation?
- How does Sastrify interact with SaaS vendors?
- How do you handle confidentiality clauses in vendor contracts?
- Does Sastrify handle SaaS contract termination?
- Why is contract data essential for benchmarking and negotiation support?
-
- Connecting your accounting software with Sastrify
- How to assign Tool Owners
- What Sastrify can do for Tool Owners
- How to set renewal dates
- How to set up a company-wide renewal reminder
- How to keep your tool stack updated
- How to set up, activate, and use a Workflow
- How to invite new users to Sastrify
- How to use Procurement Initiatives for new purchase & renewal
- How to collaborate using custom tasks
- Report issues and track procurement involvements
- Best Practices on how to work with Procurement Initiatives
- How to set up direct usage analytics integration
- How to set up SSO usage analytics integrations
- How to work with the Discovered tab
- How to use subscription tags
- Walk-through of the subscription detail page
Discovery via SSO Integration FAQs Print
Modified on: Thu, 8 Aug, 2024 at 1:19 PM
IN THIS ARTICLE
- General FAQs
- Is there a difference in the quality of tool discovery between integration via SSO or ERP/Accounting, and can they be enabled simultaneously?
- Which SSO integration based discovery does Sastrify currently support?
- Which Sastrify user role do you need to set up the integration?
- When are new tools discovered?
- Can I connect to multiple SSO providers?
- Can I connect to the same SSO provider multiple times?
- Once an integration is established, does the connection need to be "refreshed"?
- As a customer, how will I be notified when new subscriptions are discovered through the SSO integration? Do I receive notifications or emails?
- What happens if a tool has not been used recently (e.g., in the last 60 days)?
- Google SSO Discovery FAQs
- What are the conditions for Google integration to detect or discover new tools?
- How often should the integration or connection be refreshed to make sure new subscriptions are always discovered and added to the platform?
- What happens if there is a tool that used to be accessed via Google SSO authentication, but has not been used in the last 30-60 days? Will the integration still pull it into Sastrify?
- Can the integration distinguish between tools that are actively used and those that are in a trial phase, and only pull the active ones?
- Why does Google SSO Discovery not detect a Google Cloud subscription even though it is an active IaaS hosting used by our company?
- Microsoft SSO Discovery FAQ
- Okta SSO Discovery FAQ
- JumpCloud SSO Discovery FAQ
General FAQs
Is there a difference in the quality of tool discovery between integration via SSO or ERP/Accounting, and can they be enabled simultaneously?
In terms of quality, both are advantageous and can be set up together. ERP/Accounting integration shows paid tools, while SSO integration includes other tools, such as tools registered for trial purposes. The former pulls spend information and invoices (if available), while the latter pulls only the tool or subscription name.
Which SSO integration based discovery does Sastrify currently support?
Sastrify currently offers an integration with 4 major SSO providers: Google Workspace, Microsoft, Okta, and JumpCloud.
Which Sastrify user role do you need to set up the integration?
You need to be an admin in both Sastrify and SSO tool you want to integrate with to be able to connect the integration.
When are new tools discovered?
SSO integrations detect new tools when a user from the company uses the SSO method to authenticate. If the identified tool is part of the recognized list of Sastrify SaaS providers and the company does not have a subscription for this tool before, a new subscription will be generated.
Can I connect to multiple SSO providers?
You have the ability to connect to multiple SSO providers for Tool Discovery. For example, you can enable 2 providers at the same time, such as Google and Microsoft Discoveries. And the results are displayed in the Discovered tab within the Tool Stack. Each discovery is tagged with its source, allowing you to identify the SSO integration provider that facilitated the tool discovery. This feature greatly enhances your understanding of the origin of each tool discovery.
Can I connect to the same SSO provider multiple times?
No, you cannot. Connecting to the same provider multiple times is not possible. While you can connect to Google, Microsoft, Okta, and JumpCloud individually, it is not possible to connect to these providers multiple times. For example, connecting to Google more than once (e.g. for different entities) is not an option.
Once an integration is established, does the connection need to be "refreshed"?
Customers only need to connect to a single sign-on (SSO) integration once. After that, we retain the "refresh token," which allows us to access the Google, Microsoft, Okta, or JumpCloud APIs on the user's behalf and attempt to retrieve new subscriptions on a weekly basis. However, it's important to note that certain events can cause the "refreshed_token" to expire.
As a customer, how will I be notified when new subscriptions are discovered through the SSO integration? Do I receive notifications or emails?
Currently, we do not send any notifications (via email or Slack) about the discovery of new subscriptions. In the Tool Stack, you will simply see the number of "Discovered" tools and how and when they are discovered.
What happens if a tool has not been used recently (e.g., in the last 60 days)?
Single sign-on (SSO) integrations, such as those for Google, Microsoft, Okta, or JumpCloud, do not specifically track user activity. Instead, they look at the number of users authorized to use each tool with their respective credentials (e.g., Google or Microsoft credentials).
Google SSO Discovery FAQs
What are the conditions for Google integration to detect or discover new tools?
Google Workspace SSO integration automatically discovers new tools when Google user accounts associated with the company (under the same domain) use the Google Workspace Single Sign-On (SSO) login method to authenticate to any SaaS products or services.
If a tool or vendor is listed in Sastrify's extensive SaaS vendor database and you do not have a subscription listed in the main subscription list, Sastrify will create the new tool and place it under the "Discovered" page.
How often should the integration or connection be refreshed to make sure new subscriptions are always discovered and added to the platform?
You only need to set up the connection for the Google Workspace integration once. After the initial setup, Sastrify stores the generated "refresh token," which allows us to check and fetch new subscriptions on a weekly basis.
What happens if there is a tool that used to be accessed via Google SSO authentication, but has not been used in the last 30-60 days? Will the integration still pull it into Sastrify?
Yes, the Google Workspace integration does not consider user activity or frequency of access when pulling tools into Sastrify. It will capture all successful logins.
Can the integration distinguish between tools that are actively used and those that are in a trial phase, and only pull the active ones?
No, it does not make such a distinction. The integration detects all tools, but only displays those that have matches in Sastrify's extensive database.
Why does Google SSO Discovery not detect a Google Cloud subscription even though it is an active IaaS hosting used by our company?
This is because Google treats GCP as an internal application since it is a Google product and not an external one. These external applications (i.e. your other SaaS tools), when accessed by the authentication method of your choice, in this case Microsoft, usually trigger an open standard protocol or an authorization protocol that governs SSO access. These same protocols are used by Sastrify's tool discovery integration to detect and discover tools. GCP has a different access framework and is therefore not detected by the integration.
Microsoft SSO Discovery FAQ
What roles do you need to set up and configure discovery integration for Microsoft?
Why does Microsoft SSO Discovery not detect a Microsoft Azure subscription even though it is an active IaaS hosting used by our company?
This is because Microsoft treats MS Azure as an internal application since it is a Microsoft product and not an external one. These external applications (i.e. your other SaaS tools), when accessed by the authentication method of your choice, in this case Microsoft, usually trigger an open standard protocol or an authorization protocol that governs SSO access. These same protocols are used by Sastrify's tool discovery integration to detect and discover tools. Azure has a different access framework and is therefore not detected by the integration.
Okta SSO Discovery FAQ
What permissions do I need to grant the API token for Okta integrations?
Sastrify will need read-only access to the following endpoints:
- /api/v1/apps
- /api/v1/apps/{appid}/users
- /api/v1/users
- /api/v1/logs
JumpCloud SSO Discovery FAQ
Where can I locate my API Key?
To locate your API Key:
- Log into the JumpCloud Admin Console.
- Go to the username drop down located in the top-right of the Console.
- Retrieve your API key from API Settings.
This API key is associated to the currently logged in administrator. Other admins will have different API keys.
Did you find it helpful? Yes No
Send feedback