The purpose of a SaaS user role workflow is to validate the existence of a given user in a SaaS System and to pull User Role information from your SaaS Systems. The latter allows you to differentiate users by their level of access, and generate downstream automations based on role-specific details, often the price of a seat at that level. To gather this information, Oomnitza allows for individual connections to each service that gathers role information from each user using that system, provided we’ve retrieved details on that system from the SaaS SSO Sync or added that system manually.
Creating a SaaS user workflow
To create a SaaS user workflow, complete the following steps:
- In the menu, go to Configuration>Workflows> Saas Users.
- Click Add (+). The Begin and End blocks are automatically added to the sandbox.
- Enter the name and a description of the workflow.
- Edit the Begin block by adding the rules that will trigger the workflow. See Configuring the Begin block criteria for more information.
- Click the Blocks tab, and drag and drop the SaaS User Role retrieval block onto the canvas. See Adding the SaaS User Role Retrieval block for more information.
- Click the Edit icon.
- Enter the name of your integration in the Select Preset search field and choose from the available presets.
- Click the right arrow > to select your preset.
- Populate the required information in the Configure section .
- Select the Deactivate User checkbox to deactivate the SaaS user in the Oomnitza system if they are not found in your SaaS application instance.
- Click SAVE.
- Connect the blocks.
- Validate, launch, and save your workflow.
Configuring the Begin block criteria
SaaS User Workflows can be run for for both active and deactivated records. You want to only run these workflows for active records (users) and not overload the SaaS System as well as Oomnitza.
Adding the SaaS User Role Retrieval block
The SaaS User Role Retrieval block should immediately follow the begin Block, and should specify a given system and include credentials that you can pick from the vault to access that system. Please see the individual articles that are available from within the SaaS User role block for each of the available presets for details on configuring each individual block.
When saving a SaaS User Role block, the system verifies the credentials that have been selected for this block and will attempt a call to the REST API for this system. If this call fails you will receive an error. Most likely the error would indicate that your credentials are not properly working but this could also be related to some networking or other issues.
The final step is to set success and failure steps to ensure that these connections are up-to-date and accurate. The “Success” spline can connect directly to the End Block. The “Failure” spline can be used to notify an admin if an SaaS User Role Retrieval has failed, allowing for troubleshooting.
A complete SaaS User Role workflow will look like this: