The SaaS integration for Okta enables you to integrate your Okta SaaS software within your Oomnitza instance. Once integrated, your synced Okta application can then be associated with Contracts, and further associated with Users. These relationships allow you to maximize the insight into your SaaS utilization, and help you identify which apps are being used the most, which apps are costing you the most, and stay informed when making software renewals.
Our new advanced detection capabilities now enable you to detect SaaS users who have not logged in or SaaS users who bypass SSO by logging in with their username and password. And, it allows you to completely mirror the organization of your SaaS applications in Oomnitza.
Generating your Okta API token
Before you integrate Okta with Oomnitza, you need your Okta API token. To create an API token, follow these steps:
- Sign in to your Okta organization as a user with administrator privileges.
- Access the API page: In the Admin Console, select API from the Security menu and then select the Tokens tab.
- Click Create Token.
- Name your token and click Create Token.
- Record the token value. This is the only opportunity to see it and record it.
For further information, refer to Okta Developer Documentation: Create an API token.
Configuring your SaaS management integration
- In Oomnitza, go to Configuration > Integrations, and then click Integrations List View .
- On the Integrations page, scroll down to the SaaS Management Integration section.
- Select Okta, and then click Next.
- Enter your Okta SSO URL.
- Enter the Authorization token that you created in Generating your Okta API token.
- Note your system's Look Back Synchronization. This is the lookback time period that the SaaS integration queries the data.
- Select the Default User Role. This is used when the SSO tries to reference a user that doesn't currently exist in Oomnitza. In this scenario, a new user will be created with the default role you have specified here.
- Select the Name Identifier used to identify the imported user.
- In the Detection Capabilities section, choose an option from the Select the field you want to sync your applications on dropdown. For detailed information on what option to choose, refer to Assigning a sync key field.
- Select Detect additional SaaS applications and users to sync updates from SaaS Applications and users detected via Okta. This feature enables you to detect SaaS applications that have no users assigned as well as new SaaS users that never logged into a SaaS application using SSO.
- Select Restrict Access to Oomnitza if you wish to restrict the created users from logging in to Oomnitza.
- Click Finish.
Assigning a sync key field
Select the field you want to sync your applications on:
- Display name.
- Application label (default).
Sync by display name
Regardless how many applications the SaaS system has, all the SaaS user information for all of the SaaS applications is loaded into a single SaaS software record in Oomnitza.
Sync by application label
When the SaaS system is synced with Oomnitza, you can split the SaaS system into separate SaaS software records for each SaaS application. To do this, you can select Application Label.
Follow the steps in Creating an extended integration for Okta users to create a user integration for Okta. If you have selected the sync by application label option above, you will have the facility to select separate SaaS integrations for each application label that is detected.