The purpose of a SaaS user role workflow is to validate the existence of a given user in a SaaS System and to pull User Role information from your SaaS Systems. The latter allows you to differentiate users by their level of access, and generate downstream automation based on role-specific details, often the price of a seat at that level. To gather this information, Oomnitza allows for individual connections to each service that gathers role information from each user using that system, provided we’ve retrieved details on that system from the SaaS SSO Sync or added that system manually.
Before you create a SaaS user workflow, you should have already run your extended user integration and selected User plus SaaS User to populate the software entry (such as Salesforce) in the Software > SaaS menu. Alternatively, can add the software entry manually by following the steps in Adding SaaS software manually.
Creating the SaaS user workflow
- Click Configuration > Workflows
- Click Add (+) and select Software SaaS Users from the list.
- Enter the name of the workflow.
Editing the begin block
The begin block is the workflow’s trigger. In the example below, you create a workflow that retrieves SaaS user information from Salesforce.
- Click Edit.
- Enter the name of the begin block.
- Configure the schedule so that the user information is streamed to Oomnitza when your system is least busy.
- The workflow should run for Active records by default.
- Click Add Rule and add this rule: SaaS name = Salesforce.
- Click Save.
Editing the SaaS User Role block
- Drag and drop the SaaS User Role retrieval block onto the Sandbox, and then click Edit.
- Search for your SaaS integration, such as Salesforce, and click the arrow (>).
- Supply the required information including your Credentials.
- By default, the Deactivate User checkbox is selected. This means that if the users listed in SaaS > [Software name] > Users do not exist in your SaaS application, they will be deactivated once the workflow is run.
Connecting the blocks
To complete the workflow, you connect the blocks.
- Link the boxes as shown in the diagram.
- Click Save, Validate, and Activate.
When saving a SaaS User Role block, the system verifies the credentials that have been selected for this block and will attempt a call to the REST API for this system. If this call fails you will receive an error. Most likely the error indicates that your credentials are not properly working but this could also be related to some networking or other issues.
Depending on the schedule that you configured in the Begin block, the SaaS user information, such as the user name, email, last login date, and role or license(s), is streamed to Oomnitza. The information is presented in the Users side pane, in the SaaS > [Software name] tab.
Did you know?
You can add additional features to your workflow. For example, you can add a Notify block to send messages. See Using the Notify block.