Applicable to the following Sastrify plans:


* Legacy includes all plans signed before February 29, 2024.

Managing a diverse set of SaaS tools is a common challenge for many of our customers. Typically, organizations use hundreds of different SaaS tools, and gaining complete visibility into the usage of each active tool to gain full transparency and combat shadow IT can be a daunting task.

This is where Sastrify's Discovery via SSO integrations come into play.


How Sastrify uses SSO to discover active subscriptions

Sastrify can seamlessly connect and build secure integrations with 4 major SSO providers (Google, Okta, Microsoft, and Jump) to enable what is called Tool Stack Discovery. This feature automatically discovers subscriptions as well as imports and continuously updates your entire tool stack by discovering all SaaS tools used and accessed through your organization's SSO logins.

We simply leverage the centralized nature of SSO tools to provide complete transparency and visibility into usage, allowing you to keep your stack up to date.

When discovering new tools or subscriptions, Sastrify will list them in your tool stack under the Discovered tab. Here you will be able to review them to make a decision if these tools are part of your active subscriptions or not, you will be able to decide if you want to mark them as tools "in use" or archive them if they are not applicable to your company tool stack.

Learn more about how to work with the Discovered page in this article.

Please note that the SSO integration discovery method does not collect spending data - because SSO by its nature does not handle spend information. It will only discover the newly discovered subscriptions and list them on the Discovered page without any specific details.

Which SSO providers do we integrate with?

Google Workspace

How to set up Tool Discovery via SSO (Single Sign-On) integrations

Tool Discovery via SSO (Single Sign-On) integrations can be accessed from Settings > Discovery.

To set up a new integration:

  1. Click the "Connect" button on any of the SSO provider options.

  2. If your company uses multiple providers supported by Sastify, you can connect to multiple providers and activate them simultaneously.

  3. It's important to note that users setting up the integration to Google, Microsoft, or Okta must have administrative permissions, as certain permissions must be granted for the integration to work properly.

  4. A specific provider page will open with specific information about each provider. Click the "Connect" button to continue.
  5. You can also opt to enable usage analytics tracking to monitor usage patterns for each tool associated with your chosen SSO provider. We highly recommend activating this feature. Simply toggle the switch to 'active'.

  6. Proceed with the technical steps to create the connection.
    1. Google Workspace & Microsoft SSO will direct you to the admin page;
    2. Okta asks for your API token & domain name;
    3. While JumpCloud will require an API key to connect.

Tool-Specific Requirements & Permissions

For Microsoft:

To set up and configure usage analytics integration for Microsoft, you need the following roles:

For Okta:

Sastrify will need read-only access to the following endpoints:

  • /api/v1/apps
  • /api/v1/apps/{appid}/users
  • /api/v1/users
  • /api/v1/logs

Frequently Asked Questions

Please refer to the Discovery via SSO Integration FAQ page for a complete list of frequently asked questions