Okta Integration for SaaS Discovery
Configure the SAP LeanIX-Okta integration to automatically discover and manage SaaS applications.
Introduction
Okta enables organizations to securely manage user authentication and access to applications and for developers to build identity controls into applications, website web services, and devices.
Okta is a valuable source for discovery as it allows for the discovery of services and users, but also to discover employee and department data.
Note
If you intend to manually review and link each discovered application to fact sheets, deactivate automatic linking in the SaaS discovery inbox settings before configuring the integration. For details, see Automatic Linking.
Implementation Details
SAP LeanIX uses the Okta SDK for Go version 2 to interact with Okta's Core API. This SDK allows SAP LeanIX to manage various Okta resources, such as users, groups, and applications. To learn more about Okta SDK, see Okta SDK Golang.
API reference: The SDK leverages endpoints provided by Okta's Core API. You can find detailed information about these endpoints, including request and response formats, in their documentation Okta Core API.
Rate limits: To ensure smooth operation and avoid disruptions, be mindful of the rate limits imposed by Okta's API. The specific rate limits for different operations are detailed in their documentation Okta API Rate Limits.
Listing Applications: A common use case is listing all applications within an Okta organization. You can find the relevant endpoint for this operation in their documentation Applications API.
To cross-check the discovered services, go to the Okta administrator console and select Applications under the Applications section on the left-side pane.
| Integration Categories | Authentication Mechanism | API Endpoints Used | Okta Resource |
|---|---|---|---|
| Single Sign-On Systems (SSO) | API - OAuth | For API authentication: /oauth2/v1/tokenFor SaaS discovery: /api/v1/apps | Apps |
Discovery Capabilities
Okta integration offers the following capabilities:
| Available Capabilities | Description | Okta Resource |
|---|---|---|
| SaaS Discovery (Standard) | SaaS discovery automatically identifies your organization's SaaS applications. | Discovered apps |
Note
Currently, the Okta integration does not provide usage indication.
You get the following information about the discovered SaaS:
| Field | Description |
|---|---|
| Status | States whether an application in Okta is set to active or inactive. |
| Sign-on Mode | Indicates the authentication protocol used by users to sign in. |
| Creation Timestamp | Indicates when the application was created in Okta. |
| Last Modified | Indicates the last time the application's information was updated in the Okta system. This attribute provides information about the timeliness of the application's configuration data. |
Setting up Okta Integration
Enable API Service Integration in Okta
To integrate Okta, you need to enable SAP LeanIX API service integration in the Okta admin panel.
To do so, follow these steps:
-
Open Okta admin panel and go to Applications > API Service Integrations and click Add Integration
Enabling API Sevice Integration
-
Select LeanIX - SaaS Discovery application and click Next. Note that it requires
okta.app.readscope. -
Okta automatically selects and presents the required permission. You can review them and click on Install & Authorize.
Authorizing LeanIX - SaaS Discovery
-
Copy the Client Secret and click Done.
Copy Client Secret
-
Copy Okta Domain and Client ID.
Copy Okta Domain and Client ID
Enter the Copied Credentials in SAP LeanIX
-
Add the Okta integration in SAP LeanIX. For more, see Setting-up Out-of-the-Box Integrations.
-
In the configuration, choose a name for the integration and the type of capabilities or data you want to get from Okta.
-
Enter the credentials from the Okta admin portal that you have generated into the corresponding fields
Entering the Necessary Credentials in SAP LeanIX
-
Click Finish and wait for the connection to be established.
Updated 11 days ago