Creating a SaaS management integration for OneLogin users

Integrate OneLogin with Oomnitza to detect and analyze SaaS activity and usage when users log in using SSO. For complete coverage of SaaS activity and usage, add the OneLogin user integration to capture the SaaS activity and usage of users who bypass SSO. Reduce costs by cancelling subscriptions of under- utilized SaaS applications. Create onboarding and offboarding workflows to automate the provisioning and deprovisioning of SaaS applications. You can add contracts for SaaS applications to budget the cost and total cost of SaaS applications and surface costs and SaaS activity in dashboards.

Before you start

To integrate with Oomnitza, you must create a new credential in OneLogin and retrieve your client ID and secret. When you create the new credential you select the option Manage All or Manage Users. See OneLogin: Working with API credentials.

To easily find the records that are uploaded to Oomnitza, it's best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve the records that are uploaded to Oomnitza from the vendor application. 

Creating integration users 

Creating the integration

1. In Oomnitza, go to Configuration > Integrations, and then click Block view .
2. On the Integrations page, scroll down to the SaaS Management Integration section.
3. Click OneLogin and click Next.
4. Enter the client ID and secret that you created in OneLogin.
5. Type the first few letters of the name of the integration user that you created and then select the user from the list. If an integration user isn’t specified, the integration user is set to saas_integration@oomnitza.com.
6. Add one or more integration contacts. The persons you add will receive and in-app notification and an email when an integration fails, starts processing but fails to complete processing within 24 hours, or fails to run when scheduled.
7. Select an Oomnitza role such as Employee. All user records that are uploaded from Netskope will be assigned the role that you select. A record for each user will be added to the People page.
8. Select the lookback synchronization period for the initial load of records from Savvy.
9. Select the format that you want to use for the username.
10. If you don’t want users to log in to Oomnitza, select Restrict access to Oomnitza.
11. Click NEXT.
12. Create a schedule to sync with Oomnitza.
13. Click Finish.

Test

To test the integration, click the tile in the Saas Management Integration section and click RUN NOW. To check for errors, click Sync Sessions.

Monitor

To monitor the SaaS application records that are uploaded to Oomnitza, create a search. 

When you use the search that you created to review the records that were uploaded to Oomnitza on the Software page, the name of the SaaS application that was accessed is displayed, and the name of the user who created the integration. 

To review the users who accessed the SaaS apps, click a record, click an app, and then click the Users tab. Hover the mouse over the last activity info icon to get more details. To view the user’s Oomnitza record, hover the mouse over the user’s name and click the link.

Next steps

1. Run the 

   OneLogin

    user integration. User integrations allow Oomnitza to fetch a list of all users from your managed SaaS system. By combining this with the list of active users retrieved from your SaaS Integration, you can identify users who have accounts in your SaaS system but who didn't log in using SSO.

2. Create a 

   SaaS user workflow 

   to update the SaaS system with the required role information.

Related articles

Creating an extended integration for OneLogin users. Capture SaaS activity and usage of users who bypass SSO.

Creating workflows for OneLogin users