Sastrify’s SSO Discovery feature helps you gain full visibility into all SaaS tools used or accessed across your organization—whether officially adopted or accessed independently by employees.


By integrating with major SSO providers, Sastrify passively monitors sign-in activity to detect any SaaS tool accessed through your company’s SSO. This allows you to uncover not only officially sanctioned tools but also those that may be flying under the radar—offering a comprehensive view of your organization’s software landscape.


Once detected, new tools appear under the Discovered tab in your Tool Stack. From there, you can easily review and categorize each one—either confirming them as “in use” or archiving them if they’re not relevant to your current subscriptions. This continuous detection ensures your stack stays accurate and up-to-date, empowering IT and compliance teams with real-time insights into tool usage and potential shadow IT.


IN THIS ARTICLE


How to set up Tool Discovery via SSO (Single Sign-On) integrations


Note: To set up the usage analytics integration, users must have admin-level permissions in both the selected SSO provider and in Sastrify, as specific access rights are required for the integration to function correctly.




Tool Discovery via SSO (Single Sign-On) integrations can be accessed from Integrations > Discovery.


To set up a new integration:

  1. Click the Connect button next to your preferred SSO provider.

  2. A setup page will open with configuration details specific to that provider.

  3. For Google Workspace, Microsoft, and Okta: Toggle the Usage Analytics switch to Active to enable tracking of usage patterns for tools accessed via your SSO.

  4. Follow the technical instructions provided to complete the connection:

    • Google Workspace and Microsoft: You'll be prompted to sign in and redirected to the respective admin setup page. During setup, the admin simply needs to accept the authorization prompt. Once this is done, the integration setup is complete.

    • Okta: Enter your OAuth 2.0 app credentials. Refer to this guide for a step-by-step walkthrough.

    • JumpCloud: Provide your API key, which can be retrieved from your JumpCloud API Settings, to complete the connection.


Please note that the SSO integration discovery method does not collect spend data because SSO by its nature does not handle spend information. It will only discover the newly discovered subscriptions and list them on the Discovered page without any specific details.



Which SSO providers do we integrate with?



Data Retrieved by SSO Discovery Integration


The integration will track only the following data points:

  • User ID and email
  • Login activity
  • Activity date (login date)
  • App used or accessed


While all supported SSO providers track the same core data, the way this information is retrieved may vary depending on the provider.

For example:

  • Google Workspace uses Activity Reports and Customer Usage Reports to capture login activity across apps.

  • Microsoft pulls sign-in data for two types of logins from Microsoft Entra: interactive sign-ins and federated sign-ins.


Despite differences in implementation, the outcome is the same: Sastrify identifies SaaS products used or accessed by employees by analyzing login activity through your company’s SSO provider.


Frequently Asked Questions


Please refer to the SSO Discovery Integration FAQ page for a complete list of frequently asked questions