With the SaaS management integration for Okta you integrate your Okta SaaS software with your Oomnitza instance. Your synced Okta application can then be associated with contracts and SaaS users. By associating your SaaS applications with contracts and assigning users to contracts, you gain insights into SaaS costs and utilization. You can then surface the cost of your SaaS applications and the usage of your SaaS applications in list views and charts.
If you activate the advanced detection feature, you can detect SaaS users who have not logged in or SaaS users who bypass SSO by logging in with their username and password.
Generating your Okta API token
Before you integrate Okta with Oomnitza, you need your Okta API token. To create an API token, follow these steps:
- Sign in to your Okta organization as an administrator. If you want to activate Detect additional SaaS applications and users, your Okta account requires read-only admin privileges.
- Access the API page. In the Admin Console, select API from the Security menu and then select the Tokens tab.
- Click Create Token.
- Name your token and click Create Token.
- Record the token value. This is the only opportunity to see it and record it.
For more information, see Okta Developer Documentation: Create an API token.
Configuring your SaaS management integration
- In Oomnitza, go to Configuration > Integrations, and then click Block view
- On the Integrations page, scroll down to the SaaS Management Integration section.
- Select Okta, and then click Next.
- Enter your Okta SSO URL.
- Enter the Authorization token that you created in Generating your Okta API token.
- Select your system's Look Back Synchronization. This is the look-back time period that the SaaS integration queries the data.
- Select the Default User Role. This is used when the SSO tries to reference a user that doesn't currently exist in Oomnitza. In this scenario, a new user will be created with the default role you have specified here.
- Select the Name Identifier used to identify the imported user.
- In the Detection Capabilities section, choose an option from the Select the field you want to sync your applications on list. For detailed information on which option to choose, refer to Assigning a sync key field.
- Select Detect additional SaaS applications and users to sync updates from SaaS Applications and users detected by Okta. This feature enables you to detect SaaS applications that have no users assigned as well as new SaaS users that never logged into a SaaS application using SSO.
- Select Restrict Access to Oomnitza if you wish to restrict the created users from logging in to Oomnitza.
- Provide a dedicated Integration user to enhance the tracking of changes during synchronization. If an integration user isn’t specified, the integration user is set to email@example.com.
- Click Next.
You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.
- Configure your schedule.
- Click FINISH.
What to do next
If you want to see the information that is collected now, click the tile on the Integrations page and click RUN NOW.
For information on deactivating a SaaS integration, refer to Deactivating an integration.
Your newly added SaaS integration can be viewed in the Software > SaaS menu in Oomnitza.
Assigning a sync key field
Select the field you want to sync your applications on:
- Display name.
- Application label (default).
Sync by display name
Regardless how many applications the SaaS system has, all the SaaS user information for all of the SaaS applications is loaded into a single SaaS software record in Oomnitza.
Sync by application label
When the SaaS system is synced with Oomnitza, you can split the SaaS system into separate SaaS software records for each SaaS application. To do this, you can select Application Label.
If you selected Application Label, you need to follow the steps in Splitting Okta SaaS systems into separate instances to split the SaaS instance into its individual SaaS applications.
Follow the steps in Creating an extended integration for Okta users to create a user integration for Okta. If you have selected the sync by application label option above, you can select separate SaaS integrations for each application label that is detected.