FAQs
-
- Set up and populate your SaaS stack
- Integrate your ERP & accounting software with Sastrify
- Tool Discovery via SSO (Single Sign-On) discovery integrations
- Admin Setup Guide: Sastrify for Chrome Browser Extension
- End User Guide: Add & activate Sastrify for Chrome Browser Extension
- Set renewal dates & reminders
- Assign and modify tool owners
- Upload your SaaS documents into Sastrify
- Sastrify App Support: Assistance at your fingertip
- Sastrify's commitment to security and privacy standards
-
- Google Workspace SSO integration for subscription discovery
- Enhance organizational SaaS management with HRIS Integrations
- Summary tab for storing your subscription details
- Use discovered page to detect new subscriptions
- Tools and Spend Importer: Easily upload and visualize data in Sastrify
- Align vendor names using the Tool Matching feature
- Add Sastrify App to your Slack workspace
- Manually add a new subscription on the go
- How to bulk upload your invoices
- Forward your SaaS documents via email
- Change notification preferences
- A quick glance at your stack using the overview page
- Manage activities and collaborate using custom tasks
- Task Automation: Streamline the creation of routine tasks
- Sunset or delete inactive subscriptions
-
- Get expert procurement support for new purchases and renewals
- Create procurement support using Sastrify - Jira Integration
- Scope of service: Custom benchmarking & contract eview
- Scope of service: Negotiation & renewal support
- Scope of service: Custom SaaS Optimization Advisory
- Purchase your SaaS through the SastriMarket
- Control your cloud costs with SastriCloud
-
- Usage Analytics: Full visibility into usage and cost optimization
- How to integrate Pleo with Sastrify
- Spend Import: Validate and fine-tune your imported spend data
- How to connect Microsoft Dynamics 365
- How to connect Netsuite
- How to connect Quickbooks
- Export spend data from Candis to Sastrify
- Export spend data from Spendesk to Sastrify
- Export spend data from Pleo to Sastrify
- Export spend data from Moss to Sastrify
- Export spend data from DATEV to Sastrify
- Export spend data from Ramp to Sastrify
- Zoom usage integration guide
-
- ERP & Accounting Integration FAQs
- Discovery via SSO Integration FAQs
- HRIS Integration FAQs
- Usage Analytics FAQs
- Tools and Spend Importer FAQs
- Invoices FAQs
- Achieved & Potential Savings FAQs
- Form component guide for Sastrify form builder
- What is SaaS and Sastrify's scope of work?
- Who can invite a new user?
- Who receives the renewal alerts or reminders?
- How does Sastrify work with currencies?
- Is the spend data from accounting export always up-to-date?
- How to work with benchmark prices
- When and how to involve Sastrify in a contract evaluation or negotiation?
- How does Sastrify interact with SaaS vendors?
- How do you handle confidentiality clauses in vendor contracts?
- Does Sastrify handle SaaS contract termination?
- Why is contract data essential for benchmarking and negotiation support?
Discovery via SSO Integration FAQs Print
Modified on: Thu, 8 Aug, 2024 at 1:19 PM
IN THIS ARTICLE
- General FAQs
- Is there a difference in the quality of tool discovery between integration via SSO or ERP/Accounting, and can they be enabled simultaneously?
- Which SSO integration based discovery does Sastrify currently support?
- Which Sastrify user role do you need to set up the integration?
- When are new tools discovered?
- Can I connect to multiple SSO providers?
- Can I connect to the same SSO provider multiple times?
- Once an integration is established, does the connection need to be "refreshed"?
- As a customer, how will I be notified when new subscriptions are discovered through the SSO integration? Do I receive notifications or emails?
- What happens if a tool has not been used recently (e.g., in the last 60 days)?
- Google SSO Discovery FAQs
- What are the conditions for Google integration to detect or discover new tools?
- How often should the integration or connection be refreshed to make sure new subscriptions are always discovered and added to the platform?
- What happens if there is a tool that used to be accessed via Google SSO authentication, but has not been used in the last 30-60 days? Will the integration still pull it into Sastrify?
- Can the integration distinguish between tools that are actively used and those that are in a trial phase, and only pull the active ones?
- Why does Google SSO Discovery not detect a Google Cloud subscription even though it is an active IaaS hosting used by our company?
- Microsoft SSO Discovery FAQ
- Okta SSO Discovery FAQ
- JumpCloud SSO Discovery FAQ
General FAQs
Is there a difference in the quality of tool discovery between integration via SSO or ERP/Accounting, and can they be enabled simultaneously?
In terms of quality, both are advantageous and can be set up together. ERP/Accounting integration shows paid tools, while SSO integration includes other tools, such as tools registered for trial purposes. The former pulls spend information and invoices (if available), while the latter pulls only the tool or subscription name.
Which SSO integration based discovery does Sastrify currently support?
Sastrify currently offers an integration with 4 major SSO providers: Google Workspace, Microsoft, Okta, and JumpCloud.
Which Sastrify user role do you need to set up the integration?
You need to be an admin in both Sastrify and SSO tool you want to integrate with to be able to connect the integration.
When are new tools discovered?
SSO integrations detect new tools when a user from the company uses the SSO method to authenticate. If the identified tool is part of the recognized list of Sastrify SaaS providers and the company does not have a subscription for this tool before, a new subscription will be generated.
Can I connect to multiple SSO providers?
You have the ability to connect to multiple SSO providers for Tool Discovery. For example, you can enable 2 providers at the same time, such as Google and Microsoft Discoveries. And the results are displayed in the Discovered tab within the Tool Stack. Each discovery is tagged with its source, allowing you to identify the SSO integration provider that facilitated the tool discovery. This feature greatly enhances your understanding of the origin of each tool discovery.
Can I connect to the same SSO provider multiple times?
No, you cannot. Connecting to the same provider multiple times is not possible. While you can connect to Google, Microsoft, Okta, and JumpCloud individually, it is not possible to connect to these providers multiple times. For example, connecting to Google more than once (e.g. for different entities) is not an option.
Once an integration is established, does the connection need to be "refreshed"?
Customers only need to connect to a single sign-on (SSO) integration once. After that, we retain the "refresh token," which allows us to access the Google, Microsoft, Okta, or JumpCloud APIs on the user's behalf and attempt to retrieve new subscriptions on a weekly basis. However, it's important to note that certain events can cause the "refreshed_token" to expire.
As a customer, how will I be notified when new subscriptions are discovered through the SSO integration? Do I receive notifications or emails?
Currently, we do not send any notifications (via email or Slack) about the discovery of new subscriptions. In the Tool Stack, you will simply see the number of "Discovered" tools and how and when they are discovered.
What happens if a tool has not been used recently (e.g., in the last 60 days)?
Single sign-on (SSO) integrations, such as those for Google, Microsoft, Okta, or JumpCloud, do not specifically track user activity. Instead, they look at the number of users authorized to use each tool with their respective credentials (e.g., Google or Microsoft credentials).
Google SSO Discovery FAQs
What are the conditions for Google integration to detect or discover new tools?
Google Workspace SSO integration automatically discovers new tools when Google user accounts associated with the company (under the same domain) use the Google Workspace Single Sign-On (SSO) login method to authenticate to any SaaS products or services.
If a tool or vendor is listed in Sastrify's extensive SaaS vendor database and you do not have a subscription listed in the main subscription list, Sastrify will create the new tool and place it under the "Discovered" page.
How often should the integration or connection be refreshed to make sure new subscriptions are always discovered and added to the platform?
You only need to set up the connection for the Google Workspace integration once. After the initial setup, Sastrify stores the generated "refresh token," which allows us to check and fetch new subscriptions on a weekly basis.
What happens if there is a tool that used to be accessed via Google SSO authentication, but has not been used in the last 30-60 days? Will the integration still pull it into Sastrify?
Yes, the Google Workspace integration does not consider user activity or frequency of access when pulling tools into Sastrify. It will capture all successful logins.
Can the integration distinguish between tools that are actively used and those that are in a trial phase, and only pull the active ones?
No, it does not make such a distinction. The integration detects all tools, but only displays those that have matches in Sastrify's extensive database.
Why does Google SSO Discovery not detect a Google Cloud subscription even though it is an active IaaS hosting used by our company?
This is because Google treats GCP as an internal application since it is a Google product and not an external one. These external applications (i.e. your other SaaS tools), when accessed by the authentication method of your choice, in this case Microsoft, usually trigger an open standard protocol or an authorization protocol that governs SSO access. These same protocols are used by Sastrify's tool discovery integration to detect and discover tools. GCP has a different access framework and is therefore not detected by the integration.
Microsoft SSO Discovery FAQ
What roles do you need to set up and configure discovery integration for Microsoft?
Why does Microsoft SSO Discovery not detect a Microsoft Azure subscription even though it is an active IaaS hosting used by our company?
This is because Microsoft treats MS Azure as an internal application since it is a Microsoft product and not an external one. These external applications (i.e. your other SaaS tools), when accessed by the authentication method of your choice, in this case Microsoft, usually trigger an open standard protocol or an authorization protocol that governs SSO access. These same protocols are used by Sastrify's tool discovery integration to detect and discover tools. Azure has a different access framework and is therefore not detected by the integration.
Okta SSO Discovery FAQ
What permissions do I need to grant the API token for Okta integrations?
Sastrify will need read-only access to the following endpoints:
- /api/v1/apps
- /api/v1/apps/{appid}/users
- /api/v1/users
- /api/v1/logs
JumpCloud SSO Discovery FAQ
Where can I locate my API Key?
To locate your API Key:
- Log into the JumpCloud Admin Console.
- Go to the username drop down located in the top-right of the Console.
- Retrieve your API key from API Settings.
This API key is associated to the currently logged in administrator. Other admins will have different API keys.
Did you find it helpful? Yes No
Send feedback