SaaS Discovery

SaaS Discovery identifies your organization's SaaS applications by integrating with SSO, SASE, and CASB solutions. It then updates and enriches Fact Sheets using the SaaS Catalog.

Overview

SaaS Discovery streamlines the process of identifying your organization's Software as a Service (SaaS) applications through seamless integrations with third-party systems like Single-Sign-on (SSO), Secure Access Simplified (SASE), and Cloud Access Security Broker (CASB) solutions. Once a new SaaS application is discovered, you can:

  • Automatically or manually link the discovered SaaS application to existing Application Fact Sheets or create new Fact Sheets and link them to the catalog item
  • Enrich existing or newly created Fact Sheets by automatically linking the discovered SaaS to the SaaS Catalog

Benefits

By leveraging SaaS Discovery, you get the following benefits:

  • Find all SaaS applications that are used in your organization.
  • Fully automate adding SaaS applications to LeanIX, ensuring your inventory stays up to date and complete.
  • Enrich existing Application Fact Sheets, including description, product category, SSO, and hosting information from the SaaS Catalog.
  • Eliminate shadow IT and business-managed IT.
  • Mitigate security and compliance risks.

📘

The SaaS Discovery feature in LeanIX Enterprise Architecture does not provide insight to cost, adoptions, utilization, contracts, and other SaaS specifics.

Role of the SaaS Catalog

When a discovered SaaS item is linked to an Application Fact Sheet, it also establishes a link between the Fact Sheet and the corresponding SaaS Catalog item. This occurs when:

  • An appropriate SaaS Catalog item exists for the Fact Sheet.
  • The Fact Sheet isn't already linked to the SaaS Catalog item.

Through this connection, information from the SaaS Catalog is automatically synced and updated on relevant Application Fact Sheets. To learn more, see SaaS Catalog.

Setting Up Integrations for SaaS Discovery

Continuous SaaS discovery relies on integrations with key SSO and CASB systems. These integrations allow LeanIX to identify and discover the SaaS applications used across your organization.

👍

Recommendation

Both integration categories, SSO and CASB, offer unique benefits. CASB systems can uncover shadow or business-managed IT, while SSO integrations provide more detailed information about discovered SaaS. Therefore, we recommend connecting at least one integration per category.

To set up integrations, follow these steps:

  1. From the settings, navigate to Administration > SaaS Discovery.
  2. Click Go to Saas Discovery. It opens Discovery Inbox page in a new tab.
  3. On the Discovery Inbox page, select the Integrations tab. The Integrations tab shows existing configured integrations.
  4. To add new integrations, click Add Integration, and choose from the available options by clicking Connect.
Adding SaaS Discovery Integration

Adding SaaS Discovery Integration

For setup details for the available integrations, see the following documents:

👍

Feel free to provide feedback on any integration you would like to see included. Visit the LeanIX Product Roadmap and click + Submit idea to share your suggestions.

Adding Discovered SaaS Applications to the Inventory

List of Discovered SaaS Applications

Once the integration is set up, SaaS applications are automatically discovered. Discovered Applications appear on the SaaS Discovery tab of the Discovery Inbox page. In the Discovery Inbox, you can link the discovered items to an existing Fact Sheet or create a new Fact Sheet to link to, edit linked connections, and perform other related actions.

List of Discovered SaaS Applications in the Discovery Inbox

List of Discovered SaaS Applications in the Discovery Inbox

You can find the following information in the Discovery Inbox:

  • Discovered Item: The name of the discovered SaaS application. Clicking the name provides additional details and actions to process the item.
  • Status: The status of linking a discovered application to a Fact Sheet.
    • Linked: The discovered application is already linked to a Fact Sheet. No further action is pending.
    • Not linked: The discovered application has not been linked yet and still needs to be processed.
    • Rejected: The discovered application was processed already but is not linked to a Fact Sheet.
  • Fact Sheet link:
    • For linked items: The name of the linked Fact Sheet.
    • For unlinked items: A recommendation of a matching Fact Sheet to link to, or a suggestion for creating a new Fact Sheet if no suitable matching Fact Sheet is found
  • Source: Indicates which integration discovered the application.
  • Discovery date: The date when the application was discovered.
  • Action by: Lists who acted on the discovered application, including when the action was done.

Filtering and Searching Discovered SaaS Applications

You can filter discovered SaaS applications using the following parameters:

  • Status: Filter the list based on discovered application status - Linked, Not linked, or Rejected.
  • Source: If you have multiple integrations configured, you can narrow down the discovered items based on one or multiple integrations.
  • Action by: Filter the list of applications based on particular users or the system who linked the discovered items to Fact Sheets.

You can also search for specific entries in the list in the search field below the filter.

Linking Discovered Applications to Fact Sheets

There are two ways to link discovered applications to Fact Sheets:

Automatic linking

Automatic linking takes place in the following cases:

  • The application’s name on the Fact Sheet identically matches with SaaS Discovery item (discovered SaaS application).
  • The Fact Sheet is already linked to a SaaS Catalog item corresponding to the SaaS Discovery item. To learn more on SaaS Catalog, see SaaS Catalog.

Manual linking

Discovered applications that are not automatically linked can be linked manually.
To manually link a discovered item, do the following:

  1. Click the name of the discovered item. This action opens an overlay where you can select the Fact Sheet you want to link to.

    Selecting the Fact Sheet To Link to the Discovered Item

    Selecting the Fact Sheet To Link to the Discovered Item

  2. In the Fact Sheet Link field, select or search the Fact Sheet you want to link to. While selecting, you can:

    1. Link to an existing Application Fact Sheet: The system suggests a matching Fact Sheet to link to when it identifies one in the workspace. Or, if there is a better alternative than the given suggestion, you can search/select the right application from the drop-down menu.

      Link to Existing Fact Sheet

      Linking a SaaS Discovery Item to an Existing Fact Sheet

    2. Create and Link: If no suitable matching Fact Sheet is found, you get a recommendation to create a new Fact Sheet of the Application type.

    3. Link to IT Component/Provider Fact Sheets: You can also link the discovered item to an existing IT Component or Provider Fact Sheet, by searching/selecting the right Fact Sheet from the drop-down menu.

  3. Click Link to finish establishing the link.

Modifying the Established Link

You can modify the link between the discovered item and the linked Fact Sheet if it was linked inadvertently or if a better alternative exists.

To modify the link, do the following:

  1. Click the name of the discovered item. This action opens an overlay where you can select the Fact Sheet you want to link to.
  2. In the Fact Sheet Link field, select or search for the Fact Sheet you want to relink to.
  3. Click Link to finish reestablishing the link.

When you modify the link between the Fact Sheet and the discovered SaaS item, the connected SaaS Catalog item also automatically updates to the appropriate one. You can view the details of the catalog link in the Catalog link section.

SaaS Catalog links are not editable here. To learn how to change the linked SaaS Catalog item, see Changing Fact Sheet link to a Different SaaS Catalog Item.