The SaaS integration for Okta enables you to integrate your Okta SaaS software with your Oomnitza instance. Your synced Okta application can then be associated with Contracts and Users. By associating your SaaS applications with contracts and assigning users to contracts, you gain insights into SaaS costs and utilization. You can then surface the cost of your SaaS applications and the usage of your SaaS applications in list views and charts.
If you activate the advanced detection feature, you can detect SaaS users who have not logged in or SaaS users who bypass SSO by logging in with their username and password.
Generating your Okta API token
Before you integrate Okta with Oomnitza, you need your Okta API token. To create an API token, follow these steps:
- Sign in to your Okta organization as a user with administrator privileges.
- Access the API page: In the Admin Console, select API from the Security menu and then select the Tokens tab.
- Click Create Token.
- Name your token and click Create Token.
- Record the token value. This is the only opportunity to see it and record it.
For further information, refer to Okta Developer Documentation: Create an API token.
Configuring your SaaS management integration
- In Oomnitza, go to Configuration > Integrations, and then click Integrations List View .
- On the Integrations page, scroll down to the SaaS Management Integration section.
- Select Okta, and then click Next.
- Enter your Okta SSO URL.
- Enter the Authorization token that you created in Generating your Okta API token.
- Select your system's Look Back Synchronization. This is the lookback time period that the SaaS integration queries the data.
- Select the Default User Role. This is used when the SSO tries to reference a user that doesn't currently exist in Oomnitza. In this scenario, a new user will be created with the default role you have specified here.
- Select the Name Identifier used to identify the imported user.
- In the Detection Capabilities section, choose an option from the Select the field you want to sync your applications on dropdown. For detailed information on what option to choose, refer to Assigning a sync key field.
- Select Detect additional SaaS applications and users to sync updates from SaaS Applications and users detected via Okta. This feature enables you to detect SaaS applications that have no users assigned as well as new SaaS users that never logged into a SaaS application using SSO.
- Select Restrict Access to Oomnitza if you wish to restrict the created users from logging in to Oomnitza.
- Click Finish.
Assigning a sync key field
Select the field you want to sync your applications on:
- Display name.
- Application label (default).
Sync by display name
Regardless how many applications the SaaS system has, all the SaaS user information for all of the SaaS applications is loaded into a single SaaS software record in Oomnitza.
Sync by application label
When the SaaS system is synced with Oomnitza, you can split the SaaS system into separate SaaS software records for each SaaS application. To do this, you can select Application Label.
Your newly added SaaS integration can be viewed in the Software menu in Oomnitza.
If you selected Application Label, you need to follow the steps in Splitting Okta SaaS systems into separate instances to split the SaaS instance into its individual SaaS applications.
Follow the steps in Creating an extended integration for Okta users to create a user integration for Okta. If you have selected the sync by application label option above, you will have the facility to select separate SaaS integrations for each application label that is detected.