Skip to main content
Sign in

Creating a SaaS management integration for Okta users

  • May 31, 2023 15:23
  • Updated

With the SaaS management integration for Okta you integrate your Okta SaaS software with your Oomnitza instance. Your synced Okta application can then be associated with contracts and SaaS users. By associating your SaaS applications with contracts and assigning users to contracts, you gain insights into SaaS costs and utilization. You can then surface the cost of your SaaS applications and the usage of your SaaS applications in list views and charts. 

If you activate the advanced detection feature, you can detect SaaS users who have not logged in or SaaS users who bypass SSO by logging in with their username and password.  

Navigation

small_blue_link.svg Generating your Okta API token

small_blue_link.svg Configuring your SaaS management integration

small_blue_link.svg Assigning a sync key field

Generating your Okta API token

Best practice
For the integration with Oomnitza, instead of using an existing user account, create a dedicated user account with its own credential

Before you integrate Okta with Oomnitza, you need your Okta API token. To create an API token, follow these steps:

  1. Sign in to your Okta organization as an administrator. If you want to activate Detect additional SaaS applications and users, your Okta account requires read-only admin privileges.
  2. Access the API page. In the Admin Console, select API from the Security menu and then select the Tokens tab.
  3. Click Create Token.
  4. Name your token and click Create Token.
  5. Record the token value. This is the only opportunity to see it and record it.

For more information, see Okta Developer Documentation: Create an API token.

Configuring your SaaS management integration

  1. In Oomnitza, go to Configuration > Integrations, and then click Block view block_view.PNG
  2. On the Integrations page, scroll down to the SaaS Management Integration section.
  3. Select Okta, and then click Next.
  4. Enter your Okta SSO URL.
  5. Enter the Authorization token that you created in Generating your Okta API token.
  6. Select your system's Look Back Synchronization. This is the look-back time period that the SaaS integration queries the data. 
  7. Select the Default User Role. This is used when the SSO tries to reference a user that doesn't currently exist in Oomnitza. In this scenario, a new user will be created with the default role you have specified here.
  8. Select the Name Identifier used to identify the imported user. 
  9. In the Detection Capabilities section, choose an option from the Select the field you want to sync your applications on list. For detailed information on which option to choose, refer to Assigning a sync key field.
  10. Select Detect additional SaaS applications and users to sync updates from SaaS Applications and users detected by Okta. This feature enables you to detect SaaS applications that have no users assigned as well as new SaaS users that never logged into a SaaS application using SSO.
  11. Select Restrict Access to Oomnitza if you wish to restrict the created users from logging in to Oomnitza.
  12. Provide a dedicated Integration user to enhance the tracking of changes during synchronization. If an integration user isn’t specified, the integration user is set to saas_integration@oomnitza.com.
  13. Click Next.

Schedule

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Configure your schedule.
  2. Click FINISH.

What to do next

If you want to see the information that is collected now, click the tile on the Integrations page and click RUN NOW.

For information on deactivating a SaaS integration, refer to Deactivating an integration.

Result

Your newly added SaaS integration can be viewed in the Software > SaaS menu in Oomnitza.

Assigning a sync key field

Important
For existing customers who are using Okta, the Display Name is still the default option. However, existing customers should now have the ability to change to Application Label.
For new customers, the default option is Application Label. It is recommended that new customers select the Application Label default option to avail of the additional capabilities detailed below. 

Select the field you want to sync your applications on:

  • Display name.
  • Application label (default).

Sync by display name

split-sync-key-choice-display-name.svg

Regardless how many applications the SaaS system has, all the SaaS user information for all of the SaaS applications is loaded into a single SaaS software record in Oomnitza.  

Sync by application label

split-sync-key-choice-app-label.svg

When the SaaS system is synced with Oomnitza, you can split the SaaS system into separate SaaS software records for each SaaS application. To do this, you can select Application Label

Next steps

If you selected Application Label, you need to follow the steps in Splitting Okta SaaS systems into separate instances to split the SaaS instance into its individual SaaS applications.

Follow the steps in Creating an extended integration for Okta users to create a user integration for Okta. If you have selected the sync by application label option above, you can select separate SaaS integrations for each application label that is detected. 

Related articles

BlueLink.svg Splitting SaaS systems into separate instances

BlueLink.svg Adding and Managing Contracts

BlueLink.svg Creating an SSO integration for Okta

Related articles

Related articles

Comments

0 comments

Please sign in to leave a comment.