The purpose of a SaaS user role workflow is to validate the existence of a given user in a SaaS System and to pull User Role information from your SaaS Systems. The latter allows you to differentiate users by their level of access, and generate downstream automations based on role-specific details, often the price of a seat at that level.
To gather this information, Oomnitza allows for individual connections to each service that gathers role information from each user using that system, provided we’ve retrieved details on that system from the SaaS SSO Sync or added that system manually.
When creating these workflows, you should create these as scheduled workflows to run daily or weekly and the Rule Criteria in the Begin block should be configured with the SaaS name as such:
SaaS User Workflows can be run for for both active and deactivated records. You want to only run these workflows for active records (users) and not overload the SaaS System as well as Oomnitza.
The SaaS User Role Retrieval block should immediately follow the begin Block, and should specify a given system and include credentials that you can pick from the vault to access that system. The block also contains a checkbox "Deactivate User" and if selected will validate the existence of the user in the SaaS System and if not found will deactivate this user in Oomnitza as well to keep the records in sync. Please see the individual articles that are available from within the SaaS User role block for each of the available presets for details on configuring each individual block.
The final step is to set success and failure steps to ensure that these connections are up-to-date and accurate. The “Success” spline can connect directly to the End Block. The “Failure” spline can be used to notify an admin if an SaaS User Role Retrieval has failed, allowing for troubleshooting.
A complete SaaS User Role workflow will look like this:
Oomnitza supports User Role Retrieval from various different systems, and we’re constantly adding new ones through our Software Catalog. The full list of supported Systems is available when you configure the SaaS User Role block. For questions on these blocks or to request a new integration, please contact email@example.com.