Choosing a Data Source

This section describes the integration data sources for SaaS Management and lists the pros and cons of using each integration data source. Before using SaaS Management, you should understand the differences between each integration data source and determine how you would like to pull data for your organization.

SaaS Management pulls roster and activity data using the following sources.

Single Sign-On (SSO) Provider
Direct Integration With SaaS Vendor

Best Practice:When choosing an integration data source, Flexera recommends the following best practices.

Manage your SaaS applications using Direct Integrations when available. They retrieve data directly from the SaaS vendor, and at times, may provide deeper insights, versus data from a third-party SSO.
Do not manage your SaaS applications using both, Direct and SSO integrations, simultaneously. The data is sourced from different endpoints and may show minor discrepancies.

For more information on the differences between SSO and direct integrations, see Single Sign-On (SSO) vs. Direct Integrations.

Single Sign-On (SSO) Provider

After you authorize your single sign-on integration and have the Application Discovery integration task enabled, SaaS Management discovers applications managed in your SSO. After 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For more information, see Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.

With the SSO Application Access and SSO Application Roster tasks enabled, you can integrate with these applications using the previously established SSO integration. This method of data extraction is managed entirely by your Single Sign-On provider. The rosters and the activities are only the rosters and activities as seen within your SSO. For a description of each integration task, see SaaS Integration Task Terminology.

Direct Integration With SaaS Vendor

Integration data pulled via direct integrations comes directly from SaaS providers. Each direct integration must be authenticated individually to pull data from the application.

Single Sign-On (SSO) vs. Direct Integrations

The following table provides the pros and cons of SSO vs Direct Integrations.

Single Sign-On (SSO)

Direct Integrations

Pros: 

Speed and Efficiency—Data pulled from the SSO can be gathered and displayed very quickly. A user only needs to authenticate or authorize one (1) application to pull data from multiple connected applications.
Number of Applications—Pulling login data from SSOs enables SaaS Management to access user data that it may not otherwise be able to access. SSO connections fill the data gaps in cases where a direct integration does not exist.
Access to On-Premises Data—SSO connections can pull data from any and every system you have connected to your Single Sign-On. If there are on-premises applications connected, SaaS Management will monitor these rosters and login activities.

Note:An SSO integration is the only way for SaaS Management to access on-premises software.

Pros: 

Direct Connection—Direct connections pull data via the application’s available APIs. If one integration malfunctions or requires an update, it does not affect the remainder of the system.
Accuracy—Direct integrations pull rosters and usage information directly from the application itself, providing a more accurate look at license consumption and usage.
Depth of Data—Direct integrations track direct actions within the application. Example actions are logins, creating records, and editing records. Tracked direct actions range from logins to robust utilization logs.

Cons: 

Reliance on SSO Provider—All SSO integrations are pulled from a single source. If the source goes down or requires updates, the whole system is affected by the downtime. For a list of SSO providers that are supported by SaaS Management, see the Single Sign-On (SSO) column in Instructions.
Accuracy—SSO integrations only track what is recorded in the SSO. If the SSO is not maintained, data displayed could be incorrect or skewed.
Depth of Data—SSO integrations only track login activities that occur within the SSO. They cannot track any usage data outside of or beyond SSO login events.

Cons: 

Speed and Efficiency—All direct applications must be authenticated individually. This process requires additional time and collaboration across various product administrators.
Access to Data—Direct integration data is limited to what is provided or available via the application’s available APIs. There are cases where an API is not available or is not a viable option for gathering data. Therefore, integrations are limited or not possible.
No On-Premises Services—Direct connections to on-premises software are not supported.