Integrate Google Workspace with Oomnitza to detect and analyze SaaS activity and usage when users log in using SSO. For complete coverage of SaaS activity and usage, add the Google Workspace user integration to capture the SaaS activity and usage of users who bypass SSO. Reduce costs by cancelling subscriptions of under-utilized SaaS applications. Create onboarding and offboarding workflows to automate the provisioning and deprovisioning of SaaS applications. You can add contracts for SaaS applications to budget the cost and total budgeted cost of SaaS applications and surface costs and SaaS activity in dashboards.
Before you start
To easily find the records that are uploaded to Oomnitza, it is best practice to create a dedicated user account for each integration. This will make it easier for you to retrieve and the records that are uploaded to Oomnitza from the vendor application. See Creating integration users.
Google Identity Service uses OAuth authentication. Instructions on setting up a Google Workspace OAuth2 App and add your credentials to the Oomnitza vault can be found here: Adding Google (OAuth 2.0) credentials.
G Suite SaaS management user integration
Oomnitza supports retrieving SaaS User information from Google SSO, for use in Oomnitza SaaS management user integration.
Scopes
Select the following scopes when using the SaaS management user integration:
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.reports.audit.readonly
https://www.googleapis.com/auth/admin.reports.usage.readonly
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/userinfo.email
openid
See OAuth 2.0 Scopes for Google APIs.
Creating the integration
- In Oomnitza, go to Configuration > Integrations, and then click Block view .
- On the Integrations page, scroll down to the SaaS Management Integration section.
- Click G Suite and click Next.
- Enter the domain of your Google Account, and select your Google OAuth 2 credentials.
- Type the first few letters of the name of the integration user that you created and then select the user from the list. If an integration user isn’t specified, the integration user is set to saas_integration@oomnitza.com.
- Select an Oomnitza role such as Employee. All user records that are uploaded from Netskope will be assigned the role that you select. A record for each user will be added to the People page.
- Select the lookback synchronization period for the initial load of records from Savvy.
- Select the format that you want to use for the username.
- If you don’t want users to log in to Oomnitza, select Restrict access to Oomnitza.
- Click NEXT.
- Create a schedule to sync with Oomnitza.
- Click Finish.
Test
To test the integration, click the tile in the Saas Management Integration section and click RUN NOW. To check for errors, click Sync Sessions.
Monitor
To monitor the SaaS application records that are uploaded to Oomnitza, create a search.
When you use the search that you created to review the records that were uploaded to Oomnitza on the Software page, the name of the SaaS application that was accessed is displayed, and the name of the user who created the integration.
To review the users who accessed the SaaS apps, click a record, click an app, and then click the Users tab. Hover the mouse over the last activity info icon to get more details. To view the user’s Oomnitza record, hover the mouse over the user’s name and click the link.
Next steps
- Run the Google Workspace user integration. User integrations allow Oomnitza to fetch a list of all users from your managed SaaS system. By combining this with the list of active users retrieved from your SSO Integration, you can identify users who have accounts in your SaaS system but who didn't log in using SSO.
- Create a SaaS user workflow to update the SaaS system with the required role information.
Related articles
Creating an extended integration for Google Workspace users.
Comments
0 comments
Please sign in to leave a comment.